Posts Tagged ‘ Java

Setting a global default font for Swing applications

For my research, I am working on writing a Swing application for visualizing data. Part of this work is an exercise in human-computer interaction (HCI). To make this application more visually appeasing, we chose a font to apply to all Swing components. Originally, each component was initialized and then had

component.setFont(DEFAULT_FONT);

called on it. I did some searching on the Internet and realized this could all be avoided with a simple routine run before initializing the entire GUI:

private static void setDefaultFont() {
        Enumeration keys = UIManager.getDefaults().keys();
        while (keys.hasMoreElements()) {
            Object key = keys.nextElement();
            Object value = UIManager.get(key);
            if (value instanceof javax.swing.plaf.FontUIResource) {
                UIManager.put(key, DEFAULT_FONT);
            }
        }
    }

This has worked extremely well and reduced our complexity cost for maintaining and enhancing the application.

Authenticating against UIUC Active Directory (AD) using Java

So in recent weeks I have become interested in means of authenticating users against sources such as Active Directory at UIUC. Although the UIUC domain controllers support Kerberos authentication, I have decided to implement a simpler LDAPS based method due to LDAP being included in the JRE. The code I wrote up looks something like:

LDAPAuth.java:

import java.util.Hashtable;

import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

public class LDAPAuth {

	public static void main(String[] args)
	{
		System.out.println(authenticate("cemeyer2","password"));
	}

	public static boolean authenticate(String netid, String password)
	{
		String userDN = findUserDN(netid);
		try
		{
			LdapContext ctx = createLDAPContext(userDN, password);
			ctx.close();
			return true;
		}
		catch(Exception e)
		{
			return false;
		}
	}

	private static String findUserDN(String netid)
	{
		return "CN="+netid+",OU=Campus Accounts,DC=ad,DC=uiuc,DC=edu";
	}

	private static LdapContext createLDAPContext(String bindDN, String bindPassword) throws NamingException
	{
		Hashtable env = new Hashtable();
		env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
		env.put("java.naming.provider.url", "ldaps://ad.uiuc.edu/");
		env.put("java.naming.ldap.factory.socket", "TrustAllSSLSocketFactory");
		env.put("java.naming.security.protocol", "ssl");
		env.put("java.naming.security.principal", bindDN);
		env.put("java.naming.security.credentials", bindPassword);
		env.put("java.naming.security.authentication", "simple");
		env.put("com.sun.jndi.ldap.connect.pool", "true");
		LdapContext context = new InitialLdapContext(env, null);
		return context;
	}
}

And in the same package (default package in this example), TrustAllSSLSocketFactory.java:

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class TrustAllSSLSocketFactory extends SSLSocketFactory
{
    private static class TrustAllTrustManager
        implements X509TrustManager
    {

        public void checkClientTrusted(X509Certificate ax509certificate[], String s1)
            throws CertificateException
        {
        }

        public void checkServerTrusted(X509Certificate ax509certificate[], String s1)
            throws CertificateException
        {
        }

        public X509Certificate[] getAcceptedIssuers()
        {
            return new X509Certificate[0];
        }

        private TrustAllTrustManager()
        {
        }

    }

    public TrustAllSSLSocketFactory()
    {
        try
        {
            SSLContext sslcontent = SSLContext.getInstance("TLS");
            sslcontent.init(null, new TrustManager[] {
                new TrustAllTrustManager()
            }, new SecureRandom());
            _factory = sslcontent.getSocketFactory();
        }
        catch(Throwable t)
        {
        	//do nothing
        }
    }

    public static SocketFactory getDefault()
    {
        return new TrustAllSSLSocketFactory();
    }

    public Socket createSocket(Socket socket, String s, int i, boolean flag)
        throws IOException
    {
        return _factory.createSocket(socket, s, i, flag);
    }

    public Socket createSocket(InetAddress inaddr, int i, InetAddress inaddr2, int j)
        throws IOException
    {
        return _factory.createSocket(inaddr, i, inaddr2, j);
    }

    public Socket createSocket(InetAddress inaddr, int i)
        throws IOException
    {
        return _factory.createSocket(inaddr, i);
    }

    public Socket createSocket(String s, int i, InetAddress inaddr, int j)
        throws IOException
    {
        return _factory.createSocket(s, i, inaddr, j);
    }

    public Socket createSocket(String s, int i)
        throws IOException
    {
        return _factory.createSocket(s, i);
    }

    public String[] getDefaultCipherSuites()
    {
        return _factory.getSupportedCipherSuites();
    }

    public String[] getSupportedCipherSuites()
    {
        return _factory.getSupportedCipherSuites();
    }

    private SSLSocketFactory _factory;

}

Once that’s done, using the static LDAPAuth.authenticate() method will allow you to authenticate users against UIUC Active Directory over LDAPS without the need for an AD service account. But I’m pretty sure that any application that authenticates this way would be looked down upon by CITES since the application in question would potentially be able to sniff user login information, so please only use this code in a personal testing environment, not for a deployed application unless approved by people much higher up than me.

Good Luck!