Lines 861-864
Link Here
|
861 |
// Retrieve user information |
861 |
List roles = null; |
862 |
User user = getUser(context, username); |
|
|
863 |
if (user == null) |
864 |
return (null); |
865 |
-- |
Lines 866-868
Link Here
|
866 |
// Check the user's credentials |
863 |
if ( userPassword == null ) |
867 |
if (!checkCredentials(context, user, credentials)) |
864 |
{ |
868 |
return (null); |
865 |
// Bind to the directory to authenticate (and obtain roles). |
869 |
-- |
866 |
roles = bindAsUser(context, username, credentials); |
Lines 870-871
Link Here
|
870 |
// Search for additional roles |
868 |
if ( debug >= 2 ) |
871 |
List roles = getRoles(context, user); |
869 |
log(sm.getString(((roles != null) ? "jndiRealm.authenticateSuccess" : "jndiRealm.authenticateFailure"), |
872 |
-- |
870 |
username)); |
Line 873
Link Here
|
|
|
872 |
if ( roles == null ) |
873 |
return(null); |
874 |
} |
875 |
else |
876 |
{ |
877 |
// Retrieve user information |
878 |
User user = getUser(context, username); |
879 |
if (user == null) |
880 |
return (null); |
881 |
|
882 |
boolean validated = compareCredentials(context, user, credentials); |
883 |
|
884 |
if (debug >= 2) { |
885 |
if (validated) { |
886 |
log(sm.getString("jndiRealm.authenticateSuccess", |
887 |
user.username)); |
888 |
} else { |
889 |
log(sm.getString("jndiRealm.authenticateFailure", |
890 |
user.username)); |
891 |
} |
892 |
} |
893 |
|
894 |
// Check the user's credentials |
895 |
if (!validated) |
896 |
return (null); |
897 |
|
898 |
// Search for additional roles |
899 |
roles = getRoles(context, user); |
900 |
} |
901 |
|
Lines 1073-1114
Link Here
|
1073 |
* Check whether the given User can be authenticated with the |
|
|
1074 |
* given credentials. If the <code>userPassword</code> |
1075 |
* configuration attribute is specified, the credentials |
1076 |
* previously retrieved from the directory are compared explicitly |
1077 |
* with those presented by the user. Otherwise the presented |
1078 |
* credentials are checked by binding to the directory as the |
1079 |
* user. |
1080 |
* |
1081 |
* @param context The directory context |
1082 |
* @param user The User to be authenticated |
1083 |
* @param credentials The credentials presented by the user |
1084 |
* |
1085 |
* @exception NamingException if a directory server error occurs |
1086 |
*/ |
1087 |
protected boolean checkCredentials(DirContext context, |
1088 |
User user, |
1089 |
String credentials) |
1090 |
throws NamingException { |
1091 |
|
1092 |
boolean validated = false; |
1093 |
|
1094 |
if (userPassword == null) { |
1095 |
validated = bindAsUser(context, user, credentials); |
1096 |
} else { |
1097 |
validated = compareCredentials(context, user, credentials); |
1098 |
} |
1099 |
|
1100 |
if (debug >= 2) { |
1101 |
if (validated) { |
1102 |
log(sm.getString("jndiRealm.authenticateSuccess", |
1103 |
user.username)); |
1104 |
} else { |
1105 |
log(sm.getString("jndiRealm.authenticateFailure", |
1106 |
user.username)); |
1107 |
} |
1108 |
} |
1109 |
return (validated); |
1110 |
} |
1111 |
|
1112 |
|
1113 |
|
1114 |
/** |
Line 1153
Link Here
|
1153 |
* Check credentials by binding to the directory as the user |
1140 |
* Return a List of roles associated with the given User. Any |
1154 |
-- |
1141 |
* roles present in the user's directory entry are supplemented by |
|
|
1142 |
* a directory search. If no roles are associated with this user, |
1143 |
* a zero-length List is returned. If the user is not validated, |
1144 |
* returns <code>null</code>. |
Lines 1156-1157
Link Here
|
1156 |
* @param user The User to be authenticated |
1147 |
* @param username Username of the Principal to look up |
1157 |
* @param credentials Authentication credentials |
1148 |
* @param credentials Password or other credentials to use in |
1158 |
-- |
1149 |
* authenticating this username |
Lines 1161-1165
Link Here
|
1161 |
protected boolean bindAsUser(DirContext context, |
1153 |
protected List bindAsUser(DirContext context, |
1162 |
User user, |
1154 |
String username, |
1163 |
String credentials) |
1155 |
String credentials) |
1164 |
throws NamingException { |
1156 |
throws NamingException { |
1165 |
Attributes attr; |
|
|
1166 |
-- |
Lines 1167-1170
Link Here
|
1167 |
if (credentials == null || user == null) |
1158 |
if (username == null || username.equals("") |
1168 |
return (false); |
1159 |
|| credentials == null || credentials.equals("")) |
1169 |
|
1160 |
return (null); |
1170 |
String dn = user.dn; |
1161 |
|
1171 |
-- |
1162 |
ArrayList roles = null; |
|
|
1163 |
|
1164 |
// Bind to the directory to authenticate and obtain roles. |
1165 |
|
1166 |
String dn = null; |
1167 |
|
1168 |
// Use pattern or search for user entry |
1169 |
if (userPatternFormat != null) { |
1170 |
if (debug >= 2) |
1171 |
log("lookupUser(" + username + ")"); |
1172 |
|
1173 |
// Form the dn from the user pattern |
1174 |
dn = userPatternFormat.format(new String[] { username }); |
1175 |
if (debug >= 3) { |
1176 |
log(" dn=" + dn); |
1177 |
} |
1178 |
} else { |
1179 |
if (userSearchFormat == null) |
1180 |
return (null); |
1181 |
|
1182 |
// Form the search filter |
1183 |
String filter = userSearchFormat.format(new String[] { username }); |
1184 |
|
1185 |
// Set up the search controls |
1186 |
SearchControls constraints = new SearchControls(); |
1187 |
|
1188 |
if (userSubtree) { |
1189 |
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); |
1190 |
} |
1191 |
else { |
1192 |
constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE); |
1193 |
} |
1194 |
constraints.setReturningAttributes(new String[0]); |
1195 |
|
1196 |
if (debug > 3) { |
1197 |
log(" Searching for " + username); |
1198 |
log(" base: " + userBase + " filter: " + filter); |
1199 |
} |
1200 |
|
1201 |
NamingEnumeration results = |
1202 |
context.search(userBase, filter, constraints); |
1203 |
|
1204 |
// Fail if no entries found |
1205 |
if (results == null || !results.hasMore()) { |
1206 |
if (debug > 2) { |
1207 |
log(" username not found"); |
1208 |
} |
1209 |
return(null); |
1210 |
} |
1211 |
|
1212 |
// Get result for the first entry found |
1213 |
SearchResult result = (SearchResult)results.next(); |
1214 |
|
1215 |
// Check no further entries were found |
1216 |
if (results.hasMore()) { |
1217 |
log("username " + username + " has multiple entries"); |
1218 |
return (null); |
1219 |
} |
1220 |
|
1221 |
// Get the entry's distinguished name |
1222 |
NameParser parser = context.getNameParser(""); |
1223 |
Name contextName = parser.parse(context.getNameInNamespace()); |
1224 |
Name baseName = parser.parse(userBase); |
1225 |
Name entryName = parser.parse(result.getName()); |
1226 |
Name name = contextName.addAll(baseName); |
1227 |
name = name.addAll(entryName); |
1228 |
dn = name.toString(); |
1229 |
|
1230 |
if (debug > 2) |
1231 |
log(" entry found for " + username + " with dn " + dn); |
1232 |
} |
1233 |
|
Line 1172
Link Here
|
1172 |
return (false); |
1235 |
return (null); |
1173 |
-- |
|
|
Line 1184
Link Here
|
1184 |
boolean validated = false; |
|
|
Lines 1189-1190
Link Here
|
1189 |
attr = context.getAttributes("", null); |
1251 |
ArrayList list = new ArrayList(); |
1190 |
validated = true; |
1252 |
if (userRoleName != null) |
1191 |
-- |
1253 |
list.add(userRoleName); |
|
|
1254 |
String[] attrIds = new String[list.size()]; |
1255 |
list.toArray(attrIds); |
1256 |
|
1257 |
Attributes attrs = context.getAttributes("", attrIds); |
1258 |
if (attrs != null) |
1259 |
{ |
1260 |
// Retrieve values of userRoleName attribute |
1261 |
if (userRoleName != null) |
1262 |
roles = addAttributeValues(userRoleName, attrs, roles); |
1263 |
} |
1264 |
|
1265 |
// Search for additional roles. |
1266 |
roles = (ArrayList)getRoles(context, new User(username, dn, null, roles)); |
1267 |
|
1268 |
// To indicate success roles must be non-null. |
1269 |
if ( roles == null ) |
1270 |
roles = new ArrayList(); |
Line 1197
Link Here
|
1197 |
|
1277 |
|
1198 |
-- |
|
|
Lines 1213-1214
Link Here
|
1213 |
return (validated); |
1293 |
return (roles); |
1214 |
} |
1294 |
} |
1215 |
-- |
|
|