@Override public String toString() { return String.format( "[%s@%d::authenticationResultCode=%s, resolvedDn=%s, ldapEntry=%s, accountState=%s, result=%s, " + "resultCode=%s, message=%s, controls=%s]", getClass().getName(), hashCode(), authenticationResultCode, resolvedDn, ldapEntry, accountState, getResult(), getResultCode(), getMessage(), Arrays.toString(getControls())); } }
@Override protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential upc, final String originalPassword) throws GeneralSecurityException, PreventedException { val response = getLdapAuthenticationResponse(upc); LOGGER.debug("LDAP response: [{}]", response); if (!passwordPolicyHandlingStrategy.supports(response)) { LOGGER.warn("Authentication has failed because LDAP password policy handling strategy [{}] cannot handle [{}].", response, passwordPolicyHandlingStrategy.getClass().getSimpleName()); throw new FailedLoginException("Invalid credentials"); } LOGGER.debug("Attempting to examine and handle LDAP password policy via [{}]", passwordPolicyHandlingStrategy.getClass().getSimpleName()); val messageList = passwordPolicyHandlingStrategy.handle(response, getPasswordPolicyConfiguration()); if (response.getResult()) { LOGGER.debug("LDAP response returned a result. Creating the final LDAP principal"); val principal = createPrincipal(upc.getUsername(), response.getLdapEntry()); return createHandlerResult(upc, principal, messageList); } if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { LOGGER.warn("DN resolution failed. [{}]", response.getMessage()); throw new AccountNotFoundException(upc.getUsername() + " not found."); } throw new FailedLoginException("Invalid credentials"); }
@Override public String toString() { return String.format( "[%s@%d::authenticationResultCode=%s, resolvedDn=%s, ldapEntry=%s, accountState=%s, result=%s, " + "resultCode=%s, message=%s, controls=%s]", getClass().getName(), hashCode(), authenticationResultCode, resolvedDn, ldapEntry, accountState, getResult(), getResultCode(), encodeCntrlChars ? LdapUtils.percentEncodeControlChars(getMessage()) : getMessage(), Arrays.toString(getControls())); } }
@Override public String toString() { return String.format( "[%s@%d::authenticationResultCode=%s, resolvedDn=%s, ldapEntry=%s, accountState=%s, result=%s, " + "resultCode=%s, message=%s, controls=%s]", getClass().getName(), hashCode(), authenticationResultCode, resolvedDn, ldapEntry, accountState, getResult(), getResultCode(), encodeCntrlChars ? LdapUtils.percentEncodeControlChars(getMessage()) : getMessage(), Arrays.toString(getControls())); } }
LOGGER.debug("LDAP response: [{}]", response); if (response.getResult()) { val entry = response.getLdapEntry(); val profile = new CommonProfile();
if (response.getResult()) { if (entry != null) { final SearchResultWriter writer;
@Override public void validate(final UsernamePasswordCredentials credentials, final WebContext context) { init(); final String username = credentials.getUsername(); CommonHelper.assertNotBlank(Pac4jConstants.USERNAME, username); final AuthenticationResponse response; try { logger.debug("Attempting LDAP authentication for: {}", credentials); final List<String> attributesToRead = defineAttributesToRead(); final AuthenticationRequest request = new AuthenticationRequest(username, new Credential(credentials.getPassword()), attributesToRead.toArray(new String[attributesToRead.size()])); response = this.ldapAuthenticator.authenticate(request); } catch (final LdapException e) { throw new TechnicalException("Unexpected LDAP error", e); } logger.debug("LDAP response: {}", response); if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final List<Map<String, Object>> listAttributes = new ArrayList<>(); listAttributes.add(getAttributesFromEntry(entry)); final LdapProfile profile = convertAttributesToProfile(listAttributes, username); credentials.setUserProfile(profile); return; } if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { throw new AccountNotFoundException(username + " not found"); } throw new BadCredentialsException("Invalid credentials for: " + username); }
if (response.getResult()) { if (entry != null) { final SearchResultWriter writer;
AuthenticationResponse response = authenticator.authenticate( new AuthenticationRequest(username, new Credential(password), ReturnAttributes.ALL_USER.value())); if (response.getResult()) { // authentication succeeded LdapEntry userEntry = response.getLdapEntry();
if (response.getResult()) { if (entry != null) { SearchResultWriter writer;
@Override public void handle(final AuthenticationResponse response) { if (response.getResult()) { if (maxPasswordAge >= 0) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute pwdLastSet = entry.getAttribute("pwdLastSet"); if (pwdLastSet != null) { final Calendar exp = pwdLastSet.getValue(new FileTimeValueTranscoder()); exp.setTimeInMillis(exp.getTimeInMillis() + maxPasswordAge); response.setAccountState(new ActiveDirectoryAccountState(exp)); } } } else { if (response.getMessage() != null) { final ActiveDirectoryAccountState.Error adError = ActiveDirectoryAccountState.Error.parse( response.getMessage()); if (adError != null) { response.setAccountState(new ActiveDirectoryAccountState(adError)); } } } } }
response.setAccountState(new FreeIPAAccountState(fError)); } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("krbPasswordExpiration");
if (response.getResult()) { logger.debug("LDAP response returned as result. Creating the final LDAP principal"); return createHandlerResult(upc, createPrincipal(upc.getUsername(), response.getLdapEntry()), messageList);
response.setAccountState(new FreeIPAAccountState(fError)); } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("krbPasswordExpiration");
response.setAccountState(new EDirectoryAccountState(edError)); } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("passwordExpirationTime");
@Override public void handle(final AuthenticationResponse response) { if (response.getMessage() != null) { final EDirectoryAccountState.Error edError = EDirectoryAccountState.Error.parse(response.getMessage()); if (edError != null) { response.setAccountState(new EDirectoryAccountState(edError)); } } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("passwordExpirationTime"); final LdapAttribute loginRemaining = entry.getAttribute("loginGraceRemaining"); final int loginRemainingValue = loginRemaining != null ? Integer.parseInt(loginRemaining.getStringValue()) : 0; if (expTime != null) { final ZonedDateTime exp = expTime.getValue(new GeneralizedTimeValueTranscoder()); if (warningPeriod != null) { final ZonedDateTime warn = exp.minus(warningPeriod); if (ZonedDateTime.now().isAfter(warn)) { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else if (loginRemaining != null) { response.setAccountState(new EDirectoryAccountState(null, loginRemainingValue)); } } }
@Override public void handle(final AuthenticationResponse response) { if (response.getMessage() != null) { final EDirectoryAccountState.Error edError = EDirectoryAccountState.Error.parse(response.getMessage()); if (edError != null) { response.setAccountState(new EDirectoryAccountState(edError)); } } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("passwordExpirationTime"); final LdapAttribute loginRemaining = entry.getAttribute("loginGraceRemaining"); final int loginRemainingValue = loginRemaining != null ? Integer.parseInt(loginRemaining.getStringValue()) : 0; if (expTime != null) { final ZonedDateTime exp = expTime.getValue(new GeneralizedTimeValueTranscoder()); if (warningPeriod != null) { final ZonedDateTime warn = exp.minus(warningPeriod); if (ZonedDateTime.now().isAfter(warn)) { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else if (loginRemaining != null) { response.setAccountState(new EDirectoryAccountState(null, loginRemainingValue)); } } }
@Override public void handle(final AuthenticationResponse response) if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("msDS-UserPasswordExpiryTimeComputed");
@Override public void handle(final AuthenticationResponse response) if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("msDS-UserPasswordExpiryTimeComputed");