Lines 78-87
Link Here
|
78 |
import javax.naming.AuthenticationException; |
78 |
import javax.naming.AuthenticationException; |
79 |
import javax.naming.directory.Attribute; |
79 |
import javax.naming.directory.Attribute; |
80 |
import javax.naming.directory.Attributes; |
80 |
import javax.naming.directory.Attributes; |
81 |
import javax.naming.directory.DirContext; |
|
|
82 |
import javax.naming.directory.InitialDirContext; |
83 |
import javax.naming.directory.SearchControls; |
81 |
import javax.naming.directory.SearchControls; |
84 |
import javax.naming.directory.SearchResult; |
82 |
import javax.naming.directory.SearchResult; |
|
|
83 |
import javax.naming.ldap.LdapContext; |
84 |
import javax.naming.ldap.InitialLdapContext; |
85 |
import org.apache.catalina.LifecycleException; |
85 |
import org.apache.catalina.LifecycleException; |
86 |
import org.apache.catalina.Realm; |
86 |
import org.apache.catalina.Realm; |
87 |
import org.apache.catalina.util.StringManager; |
87 |
import org.apache.catalina.util.StringManager; |
Lines 210-216
Link Here
|
210 |
/** |
210 |
/** |
211 |
* The directory context linking us to our directory server. |
211 |
* The directory context linking us to our directory server. |
212 |
*/ |
212 |
*/ |
213 |
protected DirContext context = null; |
213 |
protected LdapContext context = null; |
214 |
|
214 |
|
215 |
|
215 |
|
216 |
/** |
216 |
/** |
Lines 660-666
Link Here
|
660 |
*/ |
660 |
*/ |
661 |
public Principal authenticate(String username, String credentials) { |
661 |
public Principal authenticate(String username, String credentials) { |
662 |
|
662 |
|
663 |
DirContext context = null; |
663 |
LdapContext context = null; |
664 |
|
664 |
|
665 |
try { |
665 |
try { |
666 |
|
666 |
|
Lines 711-717
Link Here
|
711 |
* |
711 |
* |
712 |
* @exception NamingException if a directory server error occurs |
712 |
* @exception NamingException if a directory server error occurs |
713 |
*/ |
713 |
*/ |
714 |
public synchronized Principal authenticate(DirContext context, |
714 |
public synchronized Principal authenticate(LdapContext context, |
715 |
String username, |
715 |
String username, |
716 |
String credentials) |
716 |
String credentials) |
717 |
throws NamingException { |
717 |
throws NamingException { |
Lines 754-760
Link Here
|
754 |
* |
754 |
* |
755 |
* @exception NamingException if a directory server error occurs |
755 |
* @exception NamingException if a directory server error occurs |
756 |
*/ |
756 |
*/ |
757 |
protected User getUser(DirContext context, String username) |
757 |
protected User getUser(LdapContext context, String username) |
758 |
throws NamingException { |
758 |
throws NamingException { |
759 |
|
759 |
|
760 |
User user = null; |
760 |
User user = null; |
Lines 792-798
Link Here
|
792 |
* |
792 |
* |
793 |
* @exception NamingException if a directory server error occurs |
793 |
* @exception NamingException if a directory server error occurs |
794 |
*/ |
794 |
*/ |
795 |
protected User getUserByPattern(DirContext context, |
795 |
protected User getUserByPattern(LdapContext context, |
796 |
String username, |
796 |
String username, |
797 |
String[] attrIds) |
797 |
String[] attrIds) |
798 |
throws NamingException { |
798 |
throws NamingException { |
Lines 848-854
Link Here
|
848 |
* |
848 |
* |
849 |
* @exception NamingException if a directory server error occurs |
849 |
* @exception NamingException if a directory server error occurs |
850 |
*/ |
850 |
*/ |
851 |
protected User getUserBySearch(DirContext context, |
851 |
protected User getUserBySearch(LdapContext context, |
852 |
String username, |
852 |
String username, |
853 |
String[] attrIds) |
853 |
String[] attrIds) |
854 |
throws NamingException { |
854 |
throws NamingException { |
Lines 946-952
Link Here
|
946 |
* |
946 |
* |
947 |
* @exception NamingException if a directory server error occurs |
947 |
* @exception NamingException if a directory server error occurs |
948 |
*/ |
948 |
*/ |
949 |
protected boolean checkCredentials(DirContext context, |
949 |
protected boolean checkCredentials(LdapContext context, |
950 |
User user, |
950 |
User user, |
951 |
String credentials) |
951 |
String credentials) |
952 |
throws NamingException { |
952 |
throws NamingException { |
Lines 983-989
Link Here
|
983 |
* |
983 |
* |
984 |
* @exception NamingException if a directory server error occurs |
984 |
* @exception NamingException if a directory server error occurs |
985 |
*/ |
985 |
*/ |
986 |
protected boolean compareCredentials(DirContext context, |
986 |
protected boolean compareCredentials(LdapContext context, |
987 |
User info, |
987 |
User info, |
988 |
String credentials) |
988 |
String credentials) |
989 |
throws NamingException { |
989 |
throws NamingException { |
Lines 1020-1031
Link Here
|
1020 |
* |
1020 |
* |
1021 |
* @exception NamingException if a directory server error occurs |
1021 |
* @exception NamingException if a directory server error occurs |
1022 |
*/ |
1022 |
*/ |
1023 |
protected boolean bindAsUser(DirContext context, |
1023 |
protected boolean bindAsUser(LdapContext context, |
1024 |
User user, |
1024 |
User user, |
1025 |
String credentials) |
1025 |
String credentials) |
1026 |
throws NamingException { |
1026 |
throws NamingException { |
1027 |
Attributes attr; |
1027 |
Attributes attr; |
1028 |
|
1028 |
|
|
|
1029 |
boolean validated = false; |
1030 |
|
1029 |
if (credentials == null || user == null) |
1031 |
if (credentials == null || user == null) |
1030 |
return (false); |
1032 |
return (false); |
1031 |
|
1033 |
|
Lines 1034-1054
Link Here
|
1034 |
return (false); |
1036 |
return (false); |
1035 |
|
1037 |
|
1036 |
// Validate the credentials specified by the user |
1038 |
// Validate the credentials specified by the user |
1037 |
if (debug >= 3) { |
1039 |
if (debug > 2) { |
1038 |
log(" validating credentials by binding as the user"); |
1040 |
log(" validating credentials by binding with dn " + dn); |
1039 |
} |
1041 |
} |
1040 |
|
1042 |
|
1041 |
// Set up security environment to bind as the user |
1043 |
// Set up security environment to bind as the user |
1042 |
context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn); |
1044 |
context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn); |
1043 |
context.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials); |
1045 |
context.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials); |
1044 |
|
1046 |
|
1045 |
// Elicit an LDAP bind operation |
|
|
1046 |
boolean validated = false; |
1047 |
try { |
1047 |
try { |
1048 |
if (debug > 2) { |
1048 |
context.reconnect(null); |
1049 |
log(" binding as " + dn); |
|
|
1050 |
} |
1051 |
attr = context.getAttributes("", null); |
1052 |
validated = true; |
1049 |
validated = true; |
1053 |
} |
1050 |
} |
1054 |
catch (AuthenticationException e) { |
1051 |
catch (AuthenticationException e) { |
Lines 1071-1076
Link Here
|
1071 |
else { |
1068 |
else { |
1072 |
context.removeFromEnvironment(Context.SECURITY_CREDENTIALS); |
1069 |
context.removeFromEnvironment(Context.SECURITY_CREDENTIALS); |
1073 |
} |
1070 |
} |
|
|
1071 |
|
1072 |
// and force an immediate rebind |
1073 |
context.reconnect(null); |
1074 |
|
1074 |
|
1075 |
return (validated); |
1075 |
return (validated); |
1076 |
} |
1076 |
} |
Lines 1087-1093
Link Here
|
1087 |
* |
1087 |
* |
1088 |
* @exception NamingException if a directory server error occurs |
1088 |
* @exception NamingException if a directory server error occurs |
1089 |
*/ |
1089 |
*/ |
1090 |
protected List getRoles(DirContext context, User user) |
1090 |
protected List getRoles(LdapContext context, User user) |
1091 |
throws NamingException { |
1091 |
throws NamingException { |
1092 |
|
1092 |
|
1093 |
if (user == null) |
1093 |
if (user == null) |
Lines 1221-1227
Link Here
|
1221 |
* |
1221 |
* |
1222 |
* @param context The directory context to be closed |
1222 |
* @param context The directory context to be closed |
1223 |
*/ |
1223 |
*/ |
1224 |
protected void close(DirContext context) { |
1224 |
protected void close(LdapContext context) { |
1225 |
|
1225 |
|
1226 |
// Do nothing if there is no opened connection |
1226 |
// Do nothing if there is no opened connection |
1227 |
if (context == null) |
1227 |
if (context == null) |
Lines 1277-1283
Link Here
|
1277 |
* |
1277 |
* |
1278 |
* @exception NamingException if a directory server error occurs |
1278 |
* @exception NamingException if a directory server error occurs |
1279 |
*/ |
1279 |
*/ |
1280 |
protected DirContext open() throws NamingException { |
1280 |
protected LdapContext open() throws NamingException { |
1281 |
|
1281 |
|
1282 |
// Do nothing if there is a directory server connection already open |
1282 |
// Do nothing if there is a directory server connection already open |
1283 |
if (context != null) |
1283 |
if (context != null) |
Lines 1294-1300
Link Here
|
1294 |
env.put(Context.SECURITY_CREDENTIALS, connectionPassword); |
1294 |
env.put(Context.SECURITY_CREDENTIALS, connectionPassword); |
1295 |
if (connectionURL != null) |
1295 |
if (connectionURL != null) |
1296 |
env.put(Context.PROVIDER_URL, connectionURL); |
1296 |
env.put(Context.PROVIDER_URL, connectionURL); |
1297 |
context = new InitialDirContext(env); |
1297 |
context = new InitialLdapContext(env, null); |
1298 |
return (context); |
1298 |
return (context); |
1299 |
|
1299 |
|
1300 |
} |
1300 |
} |
Lines 1305-1311
Link Here
|
1305 |
* |
1305 |
* |
1306 |
* @param context The directory context to release |
1306 |
* @param context The directory context to release |
1307 |
*/ |
1307 |
*/ |
1308 |
protected void release(DirContext context) { |
1308 |
protected void release(LdapContext context) { |
1309 |
|
1309 |
|
1310 |
; // NO-OP since we are not pooling anything |
1310 |
; // NO-OP since we are not pooling anything |
1311 |
|
1311 |
|