ctx = ldapContextFactory.getLdapContext(principal, credentials);
/** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for the * specified username. This method binds to the LDAP server using the provided username and password - * which if successful, indicates that the password is correct. * <p/> * This method can be overridden by subclasses to query the LDAP server in a more complex way. * * @param token the authentication token provided by the user. * @param ldapContextFactory the factory used to build connections to the LDAP server. * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP. * @throws NamingException if any LDAP errors occur during the search. */ protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // Binds using the username and password provided by the user. LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(upToken.getUsername(), String.valueOf(upToken.getPassword())); } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
@Test public void testUserDnTemplateSubstitution() throws NamingException { realm.setUserDnTemplate("uid={0},ou=users,dc=mycompany,dc=com"); LdapContextFactory factory = createMock(LdapContextFactory.class); realm.setContextFactory(factory); Object expectedPrincipal = "uid=jsmith,ou=users,dc=mycompany,dc=com"; expect(factory.getLdapContext(eq(expectedPrincipal), isA(Object.class))).andReturn(createNiceMock(LdapContext.class)); replay(factory); realm.getAuthenticationInfo(new UsernamePasswordToken("jsmith", "secret") ); verify(factory); }
@Test(expected= AuthenticationException.class) public void testGetAuthenticationInfoNamingException() throws NamingException { realm.setUserDnTemplate("uid={0},ou=users,dc=mycompany,dc=com"); LdapContextFactory factory = createMock(LdapContextFactory.class); realm.setContextFactory(factory); expect(factory.getLdapContext(isA(Object.class), isA(Object.class))) .andThrow(new NamingException("Communication error.")); replay(factory); realm.getAuthenticationInfo(new UsernamePasswordToken("jsmith", "secret") ); }
/** * This test simulates that if a non-String principal (i.e. not a username) is passed as the LDAP principal, that * it is not altered into a User DN and is passed as-is. This will allow principals to be things like X.509 * certificates as well instead of only strings. * * @throws NamingException not thrown */ @Test public void testGetAuthenticationInfoNonSimpleToken() throws NamingException { realm.setUserDnTemplate("uid={0},ou=users,dc=mycompany,dc=com"); LdapContextFactory factory = createMock(LdapContextFactory.class); realm.setContextFactory(factory); final UUID userId = UUID.randomUUID(); //ensure the userId is passed as-is: expect(factory.getLdapContext(eq(userId), isA(Object.class))).andReturn(createNiceMock(LdapContext.class)); replay(factory); realm.getAuthenticationInfo(new AuthenticationToken() { public Object getPrincipal() { return userId; } public Object getCredentials() { return "secret"; } }); verify(factory); }
@Test(expected= AuthenticationException.class) public void testGetAuthenticationInfoNamingAuthenticationException() throws NamingException { realm.setUserDnTemplate("uid={0},ou=users,dc=mycompany,dc=com"); LdapContextFactory factory = createMock(LdapContextFactory.class); realm.setContextFactory(factory); expect(factory.getLdapContext(isA(Object.class), isA(Object.class))) .andThrow(new javax.naming.AuthenticationException("LDAP Authentication failed.")); replay(factory); realm.getAuthenticationInfo(new UsernamePasswordToken("jsmith", "secret") ); }
ctx = ldapContextFactory.getLdapContext(principal, credentials);
/** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for the * specified username. This method binds to the LDAP server using the provided username and password - * which if successful, indicates that the password is correct. * <p/> * This method can be overridden by subclasses to query the LDAP server in a more complex way. * * @param token the authentication token provided by the user. * @param ldapContextFactory the factory used to build connections to the LDAP server. * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP. * @throws NamingException if any LDAP errors occur during the search. */ protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // Binds using the username and password provided by the user. LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(upToken.getUsername(), String.valueOf(upToken.getPassword())); } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
@Override public LdapContext getLdapContext(Object principal, Object credentials) throws NamingException { return delegate.getLdapContext(principal, credentials); } }
@Override public LdapContext getLdapContext(String username, String password) throws NamingException { return delegate.getLdapContext(username, password); }
private void checkPasswordUsingBind(LdapContextFactory ldapContextFactory, String user, String pass) throws AuthenticationException { LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(user, pass); } catch (javax.naming.AuthenticationException e) { throw new AuthenticationException("User '" + user + "' cannot be authenticated.", e); } catch (NamingException e) { throw new AuthenticationException("User '" + user + "' cannot be authenticated.", e); } finally { LdapUtils.closeContext(ctx); } }
private void checkPasswordUsingBind( LdapContextFactory ldapContextFactory, String user, String pass ) throws AuthenticationException { LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext( user, pass ); } catch ( javax.naming.AuthenticationException e ) { throw new AuthenticationException( "User '" + user + "' cannot be authenticated.", e ); } catch ( NamingException e ) { throw new AuthenticationException( "User '" + user + "' cannot be authenticated.", e ); } finally { LdapUtils.closeContext( ctx ); } }
ctx = ldapContextFactory.getLdapContext(principal, credentials);
/** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for the * specified username. This method binds to the LDAP server using the provided username and password - * which if successful, indicates that the password is correct. * <p/> * This method can be overridden by subclasses to query the LDAP server in a more complex way. * * @param token the authentication token provided by the user. * @param ldapContextFactory the factory used to build connections to the LDAP server. * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP. * @throws NamingException if any LDAP errors occur during the search. */ protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // Binds using the username and password provided by the user. LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(upToken.getUsername(), String.valueOf(upToken.getPassword())); } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
@Nullable private AuthenticationInfo queryForAuthenticationInfo0( AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { final UsernamePasswordToken upToken = ensureUsernamePasswordToken(token); final String userDn = findUserDn(ldapContextFactory, upToken.getUsername()); if (userDn == null) { return null; } LdapContext ctx = null; try { // Binds using the username and password provided by the user. ctx = ldapContextFactory.getLdapContext(userDn, upToken.getPassword()); } catch (AuthenticationException e) { // According to this page, LDAP error code 49 (invalid credentials) is the only case where // AuthenticationException is raised: // - https://docs.oracle.com/javase/tutorial/jndi/ldap/exceptions.html // - com.sun.jndi.ldap.LdapCtx.mapErrorCode() return null; } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
@Nullable private AuthenticationInfo queryForAuthenticationInfo0( AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { final UsernamePasswordToken upToken = ensureUsernamePasswordToken(token); final String userDn = findUserDn(ldapContextFactory, upToken.getUsername()); if (userDn == null) { return null; } LdapContext ctx = null; try { // Binds using the username and password provided by the user. ctx = ldapContextFactory.getLdapContext(userDn, upToken.getPassword()); } catch (AuthenticationException e) { // According to this page, LDAP error code 49 (invalid credentials) is the only case where // AuthenticationException is raised: // - https://docs.oracle.com/javase/tutorial/jndi/ldap/exceptions.html // - com.sun.jndi.ldap.LdapCtx.mapErrorCode() return null; } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
LdapContext ctx2 = ldapContextFactory.getLdapContext( loginUser, credentials ); LdapUtils.closeContext( ctx2 );
ctx = ldapContextFactory.getLdapContext(principalName, new String(password)); } catch (Exception e) { log.warn("queryForAuthenticationInfo -> '{}', failed: {}", principalName, e.getMessage());