A code example of Proxy Authentication Control JNDI Client

Subject: A code example of Proxy Authentication Control JNDI Client
Author: SteveHB
In response to: LDAP Proxy Authorization Control -- Code Example
Posted on: 03/13/2007 02:36:24 PM

(Note: JNDI Boost package is required to run this code)

/**
 *  A code example of Proxy Authentication Control JNDI Client 
 *  Note: JKD1.5 or higher and JNDI Boost package is required for this example to run.
 */
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;
import com.sun.jndi.ldap.ctl.ProxiedAuthorizationControl;
import java.util.Hashtable;

public class ProxiedUserControlJndiClient 
{
	   
  static final String  PROXY_AUTHORIZATION_CONTROL_OID = "2.16.840.1.113730.3.4.18";
	
  public static void main(String[] args)
  {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, 
	           "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://myserver.mydomain.com:389");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "mytest");
    env.put(Context.SECURITY_CREDENTIALS, "mypassword");
  	
    try{
  	
      /* Open an LDAP connection for the provided principal and credentials */
      LdapContext ctx = new InitialLdapContext(env, null);
	
      /* Query the server to see if the control is supported */ 
      if (!isProxyAuthorizationControlSupported(ctx)){
        System.out.println(
               "The server does not support Proxy Authorization Control.");
        System.exit(1);
      }

      /* Activate the control */
      ctx.setRequestControls(new Control[]{
        new ProxiedAuthorizationControl("dn:uid=proxyUser,ou=People,o=mydomain")});
      
      Attributes attrs = ctx.getAttributes("uid=proxiedUser,ou=People,o=mydomain");
      System.out.println(attrs);	
      	    
      /* Close the LDAP association */
      ctx.close();
	    
    }catch (Exception e){
    	e.printStackTrace();
    }

  }

  /**
   * Is Proxy Authorization Control supported?
   *
   * Query the rootDSE object to find out if the Proxy Authorization Control
   * is supported.
   */
  static boolean isProxyAuthorizationControlSupported(LdapContext ctx) 
		throws NamingException
  {
    SearchControls ctl = new SearchControls();
    ctl.setReturningAttributes(new String[]{"supportedControl"});
    ctl.setSearchScope(SearchControls.OBJECT_SCOPE);

    /* search for the rootDSE object */
    NamingEnumeration results = ctx.search("", "(objectClass=*)", ctl);

    while(results.hasMore())
    {
      SearchResult entry = (SearchResult)results.next();
      NamingEnumeration attrs = entry.getAttributes().getAll();
      while (attrs.hasMore())
      {
      	Attribute attr = (Attribute)attrs.next();
      	NamingEnumeration vals = attr.getAll();
        while (vals.hasMore())
        {
          String value = (String) vals.next();
          if (value.equals(PROXY_AUTHORIZATION_CONTROL_OID))
            return true;
        }
      }
    }
    return false;
  }
}

>
> On 03/13/2007 02:34:02 PM SteveHB wrote:

The Proxy Authorization Control allows a client to request that an operation be processed under a provided authorization identity instead of under the current authorization identity associated with the connection.

The structure of this control is as follows:
ProxiedAuthorizationControl ::= SEQUENCE { controlType 2.16.840.1.113730.3.4.18, criticality BOOLEAN DEFAULT FALSE, controlValue proxiedAuthorizationControlValue optional }

References:

Next Post: Re: LDAP Proxy Authorization Control -- Code Example SteveHB 03/13/2007 02:40:18 PM
Previous Post: LDAP Proxy Authorization Control -- Code Example SteveHB 03/13/2007 02:34:02 PM
Next Topic: Tree Delete Control SteveHB 03/30/2007 11:13:55 AM
Previous Topic: LDAP Persistent Search Control -- JNDI Client for AD SteveHB 03/13/2007 02:07:35 PM
Index: by Date
Index: by Topic