0.0.1

Chris Gray · Chris Gray · commit e95d923efb07 · 2012-07-10T17:04:56.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+*.iml
+.idea/*
+*.swp
+target/*
diff --git a/keystore b/keystore
diff --git a/pom.xml b/pom.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.yammer</groupId>
+    <artifactId>dropwizard-authenticator-ldap</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+
+    <scm>
+        <connection>scm:git:git://github.com/yammer/dropwizard-authenticator-ldap.git</connection>
+        <developerConnection>scm:git:git@github.com:yammer/dropwizard-authenticator-ldap.git</developerConnection>
+        <url>http://github.com/yammer/dropwizard-authenticator-ldap/</url>
+    </scm>
+
+    <issueManagement>
+        <system>github</system>
+        <url>http://github.com/yammer/dropwizard-authenticator-ldap/issues</url>
+    </issueManagement>
+
+    <properties>
+        <dropwizard.version>0.4.3</dropwizard.version>
+    </properties>
+
+    <developers>
+        <developer>
+            <name>Chris Gray</name>
+            <email>cgray@yammer-inc.com</email>
+        </developer>
+    </developers>
+
+    <distributionManagement>
+        <repository>
+            <id>maven.int.yammer.com-releases</id>
+            <url>http://maven.int.yammer.com/nexus/content/repositories/releases/</url>
+        </repository>
+        <snapshotRepository>
+            <id>maven.int.yammer.com-snapshots</id>
+            <url>http://maven.int.yammer.com/nexus/content/repositories/snapshots/</url>
+        </snapshotRepository>
+    </distributionManagement>
+
+    <repositories>
+        <repository>
+            <id>sonatype-nexus-snapshots</id>
+            <name>Sonatype Nexus Snapshots</name>
+            <url>http://oss.sonatype.org/content/repositories/snapshots</url>
+        </repository>
+    </repositories>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.yammer.dropwizard</groupId>
+            <artifactId>dropwizard-auth</artifactId>
+            <version>${dropwizard.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.yammer.dropwizard</groupId>
+            <artifactId>dropwizard-testing</artifactId>
+            <version>${dropwizard.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.3.2</version>
+                <configuration>
+                    <source>1.7</source>
+                    <target>1.7</target>
+                    <encoding>UTF-8</encoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.1.2</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.5</version>
+                <configuration>
+                    <outputDirectory />
+                    <encoding>UTF-8</encoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-release-plugin</artifactId>
+                <version>2.3.1</version>
+                <configuration>
+                    <autoVersionSubmodules>true</autoVersionSubmodules>
+                    <mavenExecutorId>forked-path</mavenExecutorId>
+                    <tagNameFormat>v@{project.version}</tagNameFormat>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.12</version>
+                <configuration>
+                    <argLine>
+                        -Djavax.net.ssl.keyStore=keystore
+                        -Djavax.net.ssl.keyStorePassword=deploymacy
+                        -Djavax.net.ssl.trustStore=keystore
+                        -Djavax.net.ssl.trustStorePassword=deploymacy
+                    </argLine>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/src/main/java/com/yammer/dropwizard/authenticator/LdapAuthenticator.java b/src/main/java/com/yammer/dropwizard/authenticator/LdapAuthenticator.java
@@ -0,0 +1,108 @@
+package com.yammer.dropwizard.authenticator;
+
+import com.google.common.base.Optional;
+import com.google.common.net.HostAndPort;
+import com.yammer.dropwizard.auth.basic.BasicCredentials;
+import com.yammer.dropwizard.logging.Log;
+import com.yammer.metrics.Metrics;
+import com.yammer.metrics.core.Timer;
+import com.yammer.metrics.core.TimerContext;
+
+import javax.naming.*;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import java.util.Hashtable;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+public class LdapAuthenticator {
+    private final HostAndPort hostAndPort;
+    private static final int DEFAULT_LDAP_SSL_PORT = 636;
+    private static final Log LOG = Log.forClass(LdapAuthenticator.class);
+    private static final Timer LDAP_AUTHENTICATION_TIMER = Metrics.newTimer(LdapAuthenticator.class, "authenticate");
+
+    public LdapAuthenticator(HostAndPort hostAndPort) {
+        this.hostAndPort = checkNotNull(hostAndPort, "hostAndPort cannot be null");
+    }
+
+    private String providerUrl() {
+        return String.format("ldaps://%s:%d/",
+            hostAndPort.getHostText(),
+            hostAndPort.getPortOrDefault(DEFAULT_LDAP_SSL_PORT));
+    }
+
+    public boolean canAuthenticate() {
+        final Hashtable<String, String> env = new Hashtable<>();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+        env.put(Context.PROVIDER_URL, providerUrl());
+
+        try {
+            new InitialDirContext(env).close();
+            return true;
+        } catch (CommunicationException err) {
+            //can't authenticate
+        } catch (NamingException err) {
+            //anything else is bad
+        }
+        return false;
+    }
+
+    //Under ou=people the entries are either
+    //1.cn=cgray
+    //2.uid=cgray
+    //This determines which by searching for that person and then returns a formatted string
+    //cn=username,ou=people,dc=yammer,dc=com (replace cn with uid if necessary)
+    protected Optional<String> getBindDN(String username) {
+        final Hashtable<String, String> env = new Hashtable<String, String>();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+        env.put(Context.PROVIDER_URL, providerUrl());
+
+        try {
+            final DirContext ctx = new InitialDirContext(env);
+            final SearchControls controls = new SearchControls();
+            controls.setReturningAttributes(new String[] {"givenName", "sn"});
+            controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+            final NamingEnumeration<SearchResult> answers = ctx.search("dc=yammer,dc=com",
+                    String.format("(uid=%s)", username), controls);
+            ctx.close();
+            if (answers.hasMore()) {
+                final String result = answers.next().getNameInNamespace();
+                return result.isEmpty() ? Optional.<String>absent() : Optional.of(result);
+            }
+        } catch (AuthenticationException err) {
+            LOG.debug(username + " failed to authenticate", err);
+        } catch (NamingException err) {
+            LOG.warn("Authentication failure", err);
+        }
+
+        return Optional.absent();
+    }
+
+    public boolean authenticate(BasicCredentials basicCredentials) {
+        final TimerContext ldapAuthenticationTimer = LDAP_AUTHENTICATION_TIMER.time();
+        try {
+            final Optional<String> bindDN = getBindDN(basicCredentials.getUsername());
+            if (bindDN.isPresent()) {
+                final Hashtable<String, String> env = new Hashtable<String, String>();
+                env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+                env.put(Context.PROVIDER_URL, providerUrl());
+                env.put(Context.SECURITY_PRINCIPAL, bindDN.get());
+                env.put(Context.SECURITY_CREDENTIALS, basicCredentials.getPassword());
+
+                try {
+                    new InitialDirContext(env).close();
+                    return true;
+                } catch (AuthenticationException err) {
+                    LOG.debug(basicCredentials.getUsername() + " failed to authenticate", err);
+                } catch (NamingException err) {
+                    LOG.warn("Authentication failure", err);
+                }
+            }
+            return false;
+        } finally {
+            ldapAuthenticationTimer.stop();
+        }
+    }
+}
diff --git a/src/main/java/com/yammer/dropwizard/authenticator/healthchecks/LdapHealthCheck.java b/src/main/java/com/yammer/dropwizard/authenticator/healthchecks/LdapHealthCheck.java
@@ -0,0 +1,24 @@
+package com.yammer.dropwizard.authenticator.healthchecks;
+
+import com.yammer.dropwizard.authenticator.LdapAuthenticator;
+import com.yammer.metrics.core.HealthCheck;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+public class LdapHealthCheck extends HealthCheck {
+    private final LdapAuthenticator ldapAuthenticator;
+
+    public LdapHealthCheck(LdapAuthenticator ldapAuthenticator) {
+        super("ldap");
+        this.ldapAuthenticator = checkNotNull(ldapAuthenticator, "ldapAuthenticator cannot be null");
+    }
+
+    @Override
+    public Result check() {
+        if (ldapAuthenticator.canAuthenticate()) {
+            return Result.healthy();
+        } else {
+            return Result.unhealthy("Cannot contact authentication service");
+        }
+    }
+}
diff --git a/src/test/java/com/yammer/dropwizard/authenticator/healthchecks/tests/LdapHealthCheckTest.java b/src/test/java/com/yammer/dropwizard/authenticator/healthchecks/tests/LdapHealthCheckTest.java
@@ -0,0 +1,28 @@
+package com.yammer.dropwizard.authenticator.healthchecks.tests;
+
+import com.google.common.net.HostAndPort;
+import com.yammer.dropwizard.authenticator.LdapAuthenticator;
+import com.yammer.dropwizard.authenticator.healthchecks.LdapHealthCheck;
+import com.yammer.metrics.core.HealthCheck;
+import org.junit.Test;
+
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.not;
+import static org.junit.Assert.assertThat;
+
+public class LdapHealthCheckTest {
+    private final LdapHealthCheck ldapHealthCheck = new LdapHealthCheck(
+            new LdapAuthenticator(HostAndPort.fromParts("ns-001.sjc1.yammer.com", 636)));
+
+    @Test
+    public void healthy() throws Exception {
+        assertThat(ldapHealthCheck.check(), is(HealthCheck.Result.healthy()));
+    }
+
+    @Test
+    public void unhealthy() throws Exception {
+        final LdapAuthenticator badLdapAuthenticator = new LdapAuthenticator(HostAndPort.fromParts("badHost", 1234));
+        final LdapHealthCheck badHealthCheck = new LdapHealthCheck(badLdapAuthenticator);
+        assertThat(badHealthCheck.check(), not(HealthCheck.Result.healthy()));
+    }
+}
diff --git a/src/test/java/com/yammer/dropwizard/authenticator/tests/LdapAuthenticatorTest.java b/src/test/java/com/yammer/dropwizard/authenticator/tests/LdapAuthenticatorTest.java
@@ -0,0 +1,35 @@
+package com.yammer.dropwizard.authenticator.tests;
+
+import com.google.common.net.HostAndPort;
+import com.yammer.dropwizard.auth.basic.BasicCredentials;
+import com.yammer.dropwizard.authenticator.LdapAuthenticator;
+import org.junit.Test;
+
+import static org.hamcrest.Matchers.is;
+import static org.junit.Assert.assertThat;
+
+public class LdapAuthenticatorTest {
+    private final LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(
+            HostAndPort.fromParts("ns-001.sjc1.yammer.com", 636));
+
+    @Test
+    public void badUser() {
+        assertThat(ldapAuthenticator.authenticate(new BasicCredentials("yo", "dog")), is(false));
+    }
+
+    @Test
+    public void noPassword() {
+        assertThat(ldapAuthenticator.authenticate(new BasicCredentials("yo", "")), is(false));
+    }
+
+    @Test
+    public void noUser() {
+        assertThat(ldapAuthenticator.authenticate(new BasicCredentials("", "password")), is(false));
+    }
+
+    @Test
+    public void badServer() {
+        final LdapAuthenticator badAuthenticator = new LdapAuthenticator(HostAndPort.fromParts("localhost", 1234));
+        assertThat(badAuthenticator.authenticate(new BasicCredentials("yo", "dog")), is(false));
+    }
+}
diff --git a/src/test/resources/logback-test.xml b/src/test/resources/logback-test.xml
@@ -0,0 +1,11 @@
+<configuration>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <outputPatternAsPresentationHeader>false</outputPatternAsPresentationHeader>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+    <root level="error">
+        <appender-ref ref="STDOUT"/>
+    </root>
+</configuration>

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +*.iml
 +.idea/*
 +*.swp
 +target/*