★ Ldap User Management with Spring LDAP

JavaChap — Fri, 25 Dec 2009 16:23:16 +0000

Java Naming and Directory Interface (JDNI) is the API used for LDAP programming on the Java platform. JNDI makes far too much work of simple procedures, such as ensuring that resources have been properly opened and closed. In addition, most JNDI methods throw checked exceptions, which are time-consuming to handle.

Spring LDAP provides a sophisticated wrapper API on top of JNDI to make LDAP Programming easier. Here i will show you on how to write, update and delete entries on ldap server using Spring LDAP.

Download Spring Ldap from http://www.springsource.com/download/community

Spring Configuration

Create an LdapContextSource and an LdapTemplate object. Configure the ldapServer url, baseDn and optionally userDn, password if anonymous access is not allowed. Also inject the LdapTemplate into DAO.

Domain

Create a simple user domain interface and implementation which holds the basic information about the user. The information with in this user object will be persisted to the Ldap.

package com.javachap.domain;

public interface User {

    String getUserName();

    void setUserName(String userName);

    String getFirstName();

    void setFirstName(String firstName);

    String getLastName();

    void setLastName(String lastName);

    String getEmail();

    void setEmail(String email);

    String getPassword();

    void setPassword(String password);

    String getDepartment();

    void setDepartment(String departement);

    String[] getGroups();

    void setGroups(String[] groups);
}

package com.javachap.domain.impl;

import com.javachap.domain.User;

public class UserImpl implements User {

    private static final long serialVersionUID = 7487133273442955818L;

    private String userName;
    private String firstName;
    private String lastName;
    private String email;
    private String password;
    private String department;
    private String groups[];

    public String getUserName() {
        return userName;
    }

    public void setUserName(String userName) {
        this.userName = userName;
    }

    public String getFirstName() {
        return firstName;
    }

    public void setFirstName(String firstName) {
        this.firstName = firstName;
    }

    public String getLastName() {
        return lastName;
    }

    public void setLastName(String lastName) {
        this.lastName = lastName;
    }

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getDepartment() {
        return department;
    }

    public void setDepartment(String department) {
        this.department = department;
    }

    public String[] getGroups() {
        return groups;
    }

    public void setGroups(String[] groups) {
        this.groups = groups;
    }

    public String toString() {
        StringBuffer buffer = new StringBuffer();
        buffer.append("UserImpl[");
        buffer.append("id = ").append(id);
        buffer.append(" userName = ").append(userName);
        buffer.append(" email = ").append(email);
        buffer.append(" firstName = ").append(firstName);
        buffer.append(" lastName = ").append(lastName);
        buffer.append(" password = ").append(password);
        buffer.append("]");
        return buffer.toString();
    }
}

User DAO

LdapTemplate is built on the same principles as the JdbcTemplate in Spring JDBC. It completely eliminates the need to worry about creating and closing DirContext and looping through NamingEnumeration. It also provides a more comprehensive unchecked exception hierarchy, built on Spring's DataAccessException.

package com.javachap.service;

import java.util.List;

/**
 * UserService
 *
 * @author JavaChap
 */

public interface UserService {

    User getUser(final String email);

    User save(final User user);

    boolean authenticate(final String userName, final String password);

    List getUsers(final String pattern);

    void delete(final User user);
}

package com.javachap.service.impl;

import java.io.UnsupportedEncodingException;

/**
 * UserService Implementation
 *
 * @author JavaChap
 */

public class UserServiceImpl implements UserService {

    private static final long serialVersionUID = 4889152297004460837L;

    public static final String BASE_DN = "dc=javachap,dc=com";

    private static class UserAttributesMapper implements AttributesMapper {

        public Object mapFromAttributes(Attributes attrs)
                throws NamingException {
            User user = (User) AppUtils.getBean("user");
            if (attrs.get("uid") != null) {
                user.setUserName((String) attrs.get("uid").get());
            }
            if (attrs.get("cn") != null) {
                user.setFirstName((String) attrs.get("cn").get());
            }
            if (attrs.get("sn") != null) {
                user.setLastName((String) attrs.get("sn").get());
            }
            if (attrs.get("mail") != null) {
                user.setEmail((String) attrs.get("mail").get());
            }
            return user;
        }
    }

    private LdapTemplate ldapTemplate;

    public void setLdapTemplate(final LdapTemplate ldapTemplate) {
        this.ldapTemplate = ldapTemplate;
    }

    public boolean authenticate(String userName, String password) {
        AndFilter filter = new AndFilter();
        filter.and(new EqualsFilter("objectclass", "person")).and(
                new EqualsFilter("uid", userName));
        return ldapTemplate.authenticate(DistinguishedName.EMPTY_PATH, filter
                .toString(), password);
    }

    public User getUser(final String userName) {
        AndFilter filter = new AndFilter();
        filter.and(new EqualsFilter("objectclass", "person")).and(
                new EqualsFilter("uid", userName));
        List users = ldapTemplate.search(DistinguishedName.EMPTY_PATH,
                filter.encode(), new UserAttributesMapper());
        if (!users.isEmpty()) {
            return users.get(0);
        }
        return null;
    }

    public List getUsers(final String pattern) {
        AndFilter filter = new AndFilter();
        filter.and(new EqualsFilter("objectclass", "person"));
        if (pattern != null) {
            filter.and(new LikeFilter("uid", pattern));
        }
        List users = ldapTemplate.search(DistinguishedName.EMPTY_PATH,
                filter.encode(), new UserAttributesMapper());
        return users;
    }

    public User save(final User user) {
        Name dn = buildDn(user);
        ldapTemplate.bind(dn, null, buildAttributes(user));

        // Update Groups
        for (String group : user.getGroups()) {
            try {
                DistinguishedName groupDn = new DistinguishedName();
                groupDn.add("ou", "Groups");
                groupDn.add("cn", group);
                DirContextOperations context = ldapTemplate
                        .lookupContext(groupDn);
                context.addAttributeValue("memberUid", user.getUserName());
                ldapTemplate.modifyAttributes(context);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return user;
    }

    public User update(final User user) {
        Name dn = buildDn(user);
        ldapTemplate.rebind(dn, null, buildAttributes(user));
        return user;
    }

    public void delete(User user) {
        Name dn = buildDn(user);
        ldapTemplate.unbind(dn);
    }

    private Name buildDn(final User user) {
        DistinguishedName dn = new DistinguishedName();
        dn.add("ou", "People");
        if (user.getDepartment() != null) {
            dn.add("ou", user.getDepartment());
        }
        dn.add("uid", user.getUserName());
        return dn;
    }

    private Attributes buildAttributes(final User user) {
        Attributes attrs = new BasicAttributes();
        BasicAttribute ocattr = new BasicAttribute("objectclass");
        ocattr.add("person");
        ocattr.add("inetOrgPerson");
        attrs.put(ocattr);
        attrs.put("cn", user.getFirstName());
        attrs.put("sn", user.getLastName());
        attrs.put("userPassword", "{SHA}" + this.encrypt(user.getPassword()));
        attrs.put("mail", user.getEmail());

        return attrs;
    }

    private String encrypt(final String plaintext) {
        MessageDigest md = null;
        try {
            md = MessageDigest.getInstance("SHA");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e.getMessage());
        }
        try {
            md.update(plaintext.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e.getMessage());
        }
        byte raw[] = md.digest();
        String hash = (new BASE64Encoder()).encode(raw);
        return hash;
    }
}

Util Classes

package com.javachap.utils;
import org.springframework.context.ApplicationContext;

/**
 * The Application Utils
 *
 * @author Vijay Dendukuri
 */

public class AppUtils {

	private static ApplicationContext applicationContext;

    /**
     * Return the application context.
     *
     * @return the application context
     */
    public static ApplicationContext getApplicationContext() {
    	return (applicationContext);
    }

    /**
     * Set the application context.
     *
     * @param context the application context to set.
     */
    public static void setApplicationContext(final ApplicationContext context) {
    	applicationContext = context;
    }

    /**
     * Returns the Bean given the bean name
     * @param name bean name
     * @return bean instance
     */
    public static Object getBean(final String name) {
    	if(applicationContext == null) {
    		throw new IllegalArgumentException(
    				"ApplicationContext is not initialized");
    	}
    	return applicationContext.getBean(name);
    }
}

package com.javachap.service;

import static com.javachap.utils.AppUtils.getBean;

/**
 * Service Utilities, exposes the method to get the services
 * @author Vijay Dendukuri
 */

public class ServiceUtils {

	/**
	 * Gets Instance of UserService
	 * @return UserService Instance
	 */
	public static UserService getUserService(){
		return (UserService)getBean("userService");
	}
}

Test class

package com.javachap.service.impl;

import org.apache.log4j.BasicConfigurator;
import org.springframework.beans.factory.xml.XmlBeanDefinitionReader;
import org.springframework.context.support.GenericApplicationContext;
import org.springframework.core.io.ClassPathResource;

import com.javachap.domain.User;
import com.javachap.domain.impl.UserImpl;
import com.javachap.service.ServiceUtils;
import com.javachap.service.UserService;
import com.javachap.utils.AppUtils;

public class Test {

    public static void main(String args[]) {
        BasicConfigurator.configure();
        GenericApplicationContext appContext = new GenericApplicationContext();
        XmlBeanDefinitionReader xmlReader = new XmlBeanDefinitionReader(
                appContext);
        xmlReader.loadBeanDefinitions(new ClassPathResource(
                "applicationContext.xml"));
        appContext.refresh();
        AppUtils.setApplicationContext(appContext);

        UserService userService = ServiceUtils.getUserService();
        // User Authenticate
        boolean authenticated = userService.authenticate("user@javachap.com",
                "javachap");
        System.out.println("Authenticated: " + authenticated);

        // User Save
        User user = new UserImpl();
        user.setUserName("javachap2");
        user.setFirstName("java");
        user.setLastName("chap");
        user.setEmail("user2@javachap.com");
        user.setPassword("chapjava");
        user.setDepartment("Engineering");
        user.setGroups(new String[] { "Admin", "HudsonAdmin", "WikiAdmin" });
        userService.save(user);

        // User Get
        user = userService.getUser("javachap2");
        System.out.println("User:" + user);
    }
}

References

http://today.java.net/article/2006/04/14/ldaptemplate-ldap-programming-java-made-simple