Tuesday, September 20, 2011

LDAP/AD user password check

Simple algorithm.


  1. connect to ldap;
  2. auth with "super"-user (user1): special user with known DN and password;
  3. search another user (user2): user who must be tested, search him with some attribute (for example sAMAccountName);
  4. determine DN of user;
  5. open one more connection to ldap with just found DN and password of user2;
  6. no exception - ok, otherwise user2 has entered wrong password.
My code:

/**
 * Returns {@link Item} with addition information in case of user exists and authicated correctly, otherwise null
 * @param username username
 * @param password password
 * @return Item or null
 */
private Item checkWithLdap(String username, String password) {
    String ldap = CXConfiguration.getParameterAsString("LDAP_SERVER");
    if ((ldap != null) && !ldap.isEmpty()) {
        DirContext ctx = null;
        try {
            int port = CXConfiguration.getParameterAsInt("LDAP_SERVER");
            String ldapUrl = "ldap://" + ldap + ":" + port;
            Logger.info("checking with ldap [username: " +
                    username + ", password: ******, ldap: " +
                    ldapUrl + "]");
            Properties env = new Properties();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, ldapUrl);
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(
                    Context.SECURITY_PRINCIPAL,
                    CXConfiguration.getParameterAsString("LDAP_AUTH_DN")
            );
            env.put(
                    Context.SECURITY_CREDENTIALS,
                    CXConfiguration.getParameterAsString("LDAP_AUTH_PASSWORD")
            );
            ctx = new InitialDirContext(env);
            String base = CXConfiguration.getParameterAsString("LDAP_BASE_DN");
            String[] attributeFilter = {
                    CXConfiguration.getParameterAsString("LDAP_USER_SEARCH_ATTR"),
                    "distinguishedName",
                    CXConfiguration.getParameterAsString("LDAP_EMAIL_ATTR")
            };
            SearchControls sc = new SearchControls();
            sc.setReturningAttributes(attributeFilter);
            sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
            String filter = "(" +
                    CXConfiguration.getParameterAsString("LDAP_USER_SEARCH_ATTR") +
                    "=" + username + ")";
            NamingEnumeration<SearchResult> results = ctx.search(base, filter, sc);
            if (results.hasMore()) {
                Properties env1 = new Properties();
                env1.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                env1.put(Context.PROVIDER_URL, ldapUrl);
                SearchResult result = (SearchResult) results.next();
                Attributes attrs = result.getAttributes();
                Attribute dnAttr = attrs.get("distinguishedName");
                String dn = (String) dnAttr.get();
                Attribute emailAttr =
                        attrs.get(CXConfiguration.getParameterAsString("LDAP_EMAIL_ATTR"));
                String email = (emailAttr.get() != null) ? (String) emailAttr.get() : "";
                env1.put(Context.SECURITY_PRINCIPAL, dn);
                env1.put(Context.SECURITY_CREDENTIALS, password);
                new InitialDirContext(env1); // in case of problem exception will be threw
                Item i = new Item();
                i.setValue("email", email);
                Logger.info("checking with ldap - ok");
                return i;
            } else return null;
        } catch (Exception e) {
            Logger.error("checking with ldap - ldap error", e);
            return null;
        } finally {
            if (ctx != null)
                try {
                    ctx.close();
                } catch (NamingException e) {
                }
        }
    } else return null;
}

highlighted with: http://tohtml.com/
Posted by at 2 comments:
Labels: , , , ,

Хорошая статья "Безопастность в Java"

Хорошая статья на русском языке о безопастности в Java. В двух словах, доступно, просто и понятно. Отличная статья для старта обзора этой области.

 http://voituk.kiev.ua/2008/08/18/bezopastnost-v-java/

Posted by at No comments:

Tuesday, September 6, 2011

GSM 7bit (part of PDU) pack/encoding algorithm in Java

GSM 7bit (part of PDU) pack/encoding algorithm in Java. This can be used for SMS/USSD writing.


public static String stringTo7bit(String string) {
        String hex = "";
        byte[] bytes = string.getBytes();
        int f = 0;
        while (f < bytes.length - 1) {
            int t = (f % 8) + 1;
            if (t < 8) {
                byte b = (byte) (((bytes[f] >>> (t - 1)) |
                    (bytes[f + 1] << (8 - t))) & 0x000000FF);
                hex += intToHex(b & 0x000000FF).toUpperCase();
            }
            f++;
        }
        if ((f % 8) + 1 < 8)
            hex += intToHex((bytes[f] >>> (f % 8)) & 0x000000FF).toUpperCase();
        return hex;
    }

public static String intToHex(int i) {
        String hex = Integer.toHexString(i);
        if (hex.length() % 2 != 0) hex = 0 + hex;
        return hex;
    }

highlighted with: http://tohtml.com/
Posted by at 4 comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)