|
Lines 78-87
Link Here
|
| 78 |
import javax.naming.AuthenticationException; |
78 |
import javax.naming.AuthenticationException; |
| 79 |
import javax.naming.directory.Attribute; |
79 |
import javax.naming.directory.Attribute; |
| 80 |
import javax.naming.directory.Attributes; |
80 |
import javax.naming.directory.Attributes; |
| 81 |
import javax.naming.directory.DirContext; |
|
|
| 82 |
import javax.naming.directory.InitialDirContext; |
| 83 |
import javax.naming.directory.SearchControls; |
81 |
import javax.naming.directory.SearchControls; |
| 84 |
import javax.naming.directory.SearchResult; |
82 |
import javax.naming.directory.SearchResult; |
|
|
83 |
import javax.naming.ldap.LdapContext; |
| 84 |
import javax.naming.ldap.InitialLdapContext; |
| 85 |
import org.apache.catalina.LifecycleException; |
85 |
import org.apache.catalina.LifecycleException; |
| 86 |
import org.apache.catalina.Realm; |
86 |
import org.apache.catalina.Realm; |
| 87 |
import org.apache.catalina.util.StringManager; |
87 |
import org.apache.catalina.util.StringManager; |
|
Lines 210-216
Link Here
|
| 210 |
/** |
210 |
/** |
| 211 |
* The directory context linking us to our directory server. |
211 |
* The directory context linking us to our directory server. |
| 212 |
*/ |
212 |
*/ |
| 213 |
protected DirContext context = null; |
213 |
protected LdapContext context = null; |
| 214 |
|
214 |
|
| 215 |
|
215 |
|
| 216 |
/** |
216 |
/** |
|
Lines 660-666
Link Here
|
| 660 |
*/ |
660 |
*/ |
| 661 |
public Principal authenticate(String username, String credentials) { |
661 |
public Principal authenticate(String username, String credentials) { |
| 662 |
|
662 |
|
| 663 |
DirContext context = null; |
663 |
LdapContext context = null; |
| 664 |
|
664 |
|
| 665 |
try { |
665 |
try { |
| 666 |
|
666 |
|
|
Lines 711-717
Link Here
|
| 711 |
* |
711 |
* |
| 712 |
* @exception NamingException if a directory server error occurs |
712 |
* @exception NamingException if a directory server error occurs |
| 713 |
*/ |
713 |
*/ |
| 714 |
public synchronized Principal authenticate(DirContext context, |
714 |
public synchronized Principal authenticate(LdapContext context, |
| 715 |
String username, |
715 |
String username, |
| 716 |
String credentials) |
716 |
String credentials) |
| 717 |
throws NamingException { |
717 |
throws NamingException { |
|
Lines 754-760
Link Here
|
| 754 |
* |
754 |
* |
| 755 |
* @exception NamingException if a directory server error occurs |
755 |
* @exception NamingException if a directory server error occurs |
| 756 |
*/ |
756 |
*/ |
| 757 |
protected User getUser(DirContext context, String username) |
757 |
protected User getUser(LdapContext context, String username) |
| 758 |
throws NamingException { |
758 |
throws NamingException { |
| 759 |
|
759 |
|
| 760 |
User user = null; |
760 |
User user = null; |
|
Lines 792-798
Link Here
|
| 792 |
* |
792 |
* |
| 793 |
* @exception NamingException if a directory server error occurs |
793 |
* @exception NamingException if a directory server error occurs |
| 794 |
*/ |
794 |
*/ |
| 795 |
protected User getUserByPattern(DirContext context, |
795 |
protected User getUserByPattern(LdapContext context, |
| 796 |
String username, |
796 |
String username, |
| 797 |
String[] attrIds) |
797 |
String[] attrIds) |
| 798 |
throws NamingException { |
798 |
throws NamingException { |
|
Lines 848-854
Link Here
|
| 848 |
* |
848 |
* |
| 849 |
* @exception NamingException if a directory server error occurs |
849 |
* @exception NamingException if a directory server error occurs |
| 850 |
*/ |
850 |
*/ |
| 851 |
protected User getUserBySearch(DirContext context, |
851 |
protected User getUserBySearch(LdapContext context, |
| 852 |
String username, |
852 |
String username, |
| 853 |
String[] attrIds) |
853 |
String[] attrIds) |
| 854 |
throws NamingException { |
854 |
throws NamingException { |
|
Lines 946-952
Link Here
|
| 946 |
* |
946 |
* |
| 947 |
* @exception NamingException if a directory server error occurs |
947 |
* @exception NamingException if a directory server error occurs |
| 948 |
*/ |
948 |
*/ |
| 949 |
protected boolean checkCredentials(DirContext context, |
949 |
protected boolean checkCredentials(LdapContext context, |
| 950 |
User user, |
950 |
User user, |
| 951 |
String credentials) |
951 |
String credentials) |
| 952 |
throws NamingException { |
952 |
throws NamingException { |
|
Lines 983-989
Link Here
|
| 983 |
* |
983 |
* |
| 984 |
* @exception NamingException if a directory server error occurs |
984 |
* @exception NamingException if a directory server error occurs |
| 985 |
*/ |
985 |
*/ |
| 986 |
protected boolean compareCredentials(DirContext context, |
986 |
protected boolean compareCredentials(LdapContext context, |
| 987 |
User info, |
987 |
User info, |
| 988 |
String credentials) |
988 |
String credentials) |
| 989 |
throws NamingException { |
989 |
throws NamingException { |
|
Lines 1020-1031
Link Here
|
| 1020 |
* |
1020 |
* |
| 1021 |
* @exception NamingException if a directory server error occurs |
1021 |
* @exception NamingException if a directory server error occurs |
| 1022 |
*/ |
1022 |
*/ |
| 1023 |
protected boolean bindAsUser(DirContext context, |
1023 |
protected boolean bindAsUser(LdapContext context, |
| 1024 |
User user, |
1024 |
User user, |
| 1025 |
String credentials) |
1025 |
String credentials) |
| 1026 |
throws NamingException { |
1026 |
throws NamingException { |
| 1027 |
Attributes attr; |
1027 |
Attributes attr; |
| 1028 |
|
1028 |
|
|
|
1029 |
boolean validated = false; |
| 1030 |
|
| 1029 |
if (credentials == null || user == null) |
1031 |
if (credentials == null || user == null) |
| 1030 |
return (false); |
1032 |
return (false); |
| 1031 |
|
1033 |
|
|
Lines 1034-1054
Link Here
|
| 1034 |
return (false); |
1036 |
return (false); |
| 1035 |
|
1037 |
|
| 1036 |
// Validate the credentials specified by the user |
1038 |
// Validate the credentials specified by the user |
| 1037 |
if (debug >= 3) { |
1039 |
if (debug > 2) { |
| 1038 |
log(" validating credentials by binding as the user"); |
1040 |
log(" validating credentials by binding with dn " + dn); |
| 1039 |
} |
1041 |
} |
| 1040 |
|
1042 |
|
| 1041 |
// Set up security environment to bind as the user |
1043 |
// Set up security environment to bind as the user |
| 1042 |
context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn); |
1044 |
context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn); |
| 1043 |
context.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials); |
1045 |
context.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials); |
| 1044 |
|
1046 |
|
| 1045 |
// Elicit an LDAP bind operation |
|
|
| 1046 |
boolean validated = false; |
| 1047 |
try { |
1047 |
try { |
| 1048 |
if (debug > 2) { |
1048 |
context.reconnect(null); |
| 1049 |
log(" binding as " + dn); |
|
|
| 1050 |
} |
| 1051 |
attr = context.getAttributes("", null); |
| 1052 |
validated = true; |
1049 |
validated = true; |
| 1053 |
} |
1050 |
} |
| 1054 |
catch (AuthenticationException e) { |
1051 |
catch (AuthenticationException e) { |
|
Lines 1071-1076
Link Here
|
| 1071 |
else { |
1068 |
else { |
| 1072 |
context.removeFromEnvironment(Context.SECURITY_CREDENTIALS); |
1069 |
context.removeFromEnvironment(Context.SECURITY_CREDENTIALS); |
| 1073 |
} |
1070 |
} |
|
|
1071 |
|
| 1072 |
// and force an immediate rebind |
| 1073 |
context.reconnect(null); |
| 1074 |
|
1074 |
|
| 1075 |
return (validated); |
1075 |
return (validated); |
| 1076 |
} |
1076 |
} |
|
Lines 1087-1093
Link Here
|
| 1087 |
* |
1087 |
* |
| 1088 |
* @exception NamingException if a directory server error occurs |
1088 |
* @exception NamingException if a directory server error occurs |
| 1089 |
*/ |
1089 |
*/ |
| 1090 |
protected List getRoles(DirContext context, User user) |
1090 |
protected List getRoles(LdapContext context, User user) |
| 1091 |
throws NamingException { |
1091 |
throws NamingException { |
| 1092 |
|
1092 |
|
| 1093 |
if (user == null) |
1093 |
if (user == null) |
|
Lines 1221-1227
Link Here
|
| 1221 |
* |
1221 |
* |
| 1222 |
* @param context The directory context to be closed |
1222 |
* @param context The directory context to be closed |
| 1223 |
*/ |
1223 |
*/ |
| 1224 |
protected void close(DirContext context) { |
1224 |
protected void close(LdapContext context) { |
| 1225 |
|
1225 |
|
| 1226 |
// Do nothing if there is no opened connection |
1226 |
// Do nothing if there is no opened connection |
| 1227 |
if (context == null) |
1227 |
if (context == null) |
|
Lines 1277-1283
Link Here
|
| 1277 |
* |
1277 |
* |
| 1278 |
* @exception NamingException if a directory server error occurs |
1278 |
* @exception NamingException if a directory server error occurs |
| 1279 |
*/ |
1279 |
*/ |
| 1280 |
protected DirContext open() throws NamingException { |
1280 |
protected LdapContext open() throws NamingException { |
| 1281 |
|
1281 |
|
| 1282 |
// Do nothing if there is a directory server connection already open |
1282 |
// Do nothing if there is a directory server connection already open |
| 1283 |
if (context != null) |
1283 |
if (context != null) |
|
Lines 1294-1300
Link Here
|
| 1294 |
env.put(Context.SECURITY_CREDENTIALS, connectionPassword); |
1294 |
env.put(Context.SECURITY_CREDENTIALS, connectionPassword); |
| 1295 |
if (connectionURL != null) |
1295 |
if (connectionURL != null) |
| 1296 |
env.put(Context.PROVIDER_URL, connectionURL); |
1296 |
env.put(Context.PROVIDER_URL, connectionURL); |
| 1297 |
context = new InitialDirContext(env); |
1297 |
context = new InitialLdapContext(env, null); |
| 1298 |
return (context); |
1298 |
return (context); |
| 1299 |
|
1299 |
|
| 1300 |
} |
1300 |
} |
|
Lines 1305-1311
Link Here
|
| 1305 |
* |
1305 |
* |
| 1306 |
* @param context The directory context to release |
1306 |
* @param context The directory context to release |
| 1307 |
*/ |
1307 |
*/ |
| 1308 |
protected void release(DirContext context) { |
1308 |
protected void release(LdapContext context) { |
| 1309 |
|
1309 |
|
| 1310 |
; // NO-OP since we are not pooling anything |
1310 |
; // NO-OP since we are not pooling anything |
| 1311 |
|
1311 |
|