View | Details | Raw Unified | Return to bug 19444
Collapse All | Expand All

(-)file_not_specified_in_diff (-81 / +150 lines)
Lines 861-864 Link Here
861
        // Retrieve user information
861
		List roles = null;
862
        User user = getUser(context, username);
863
        if (user == null)
864
            return (null);
865
--
Lines 866-868 Link Here
866
        // Check the user's credentials
863
		if ( userPassword == null )
867
        if (!checkCredentials(context, user, credentials))
864
		{
868
            return (null);
865
			// Bind to the directory to authenticate (and obtain roles).
869
--
866
			roles = bindAsUser(context, username, credentials);
Lines 870-871 Link Here
870
        // Search for additional roles
868
			if ( debug >= 2 )
871
        List roles = getRoles(context, user);
869
                 log(sm.getString(((roles != null) ? "jndiRealm.authenticateSuccess" : "jndiRealm.authenticateFailure"),
872
--
870
                                  username));
Line 873 Link Here
872
			if ( roles == null )
873
				return(null);
874
		}
875
		else
876
		{
877
	        // Retrieve user information
878
	        User user = getUser(context, username);
879
	        if (user == null)
880
	            return (null);
881
882
	         boolean validated = compareCredentials(context, user, credentials);
883
	         
884
	         if (debug >= 2) {
885
	             if (validated) {
886
	                 log(sm.getString("jndiRealm.authenticateSuccess",
887
	                                  user.username));
888
	             } else {
889
	                 log(sm.getString("jndiRealm.authenticateFailure",
890
	                                  user.username));
891
	             }
892
	         }
893
894
	        // Check the user's credentials
895
	        if (!validated)
896
	            return (null);
897
898
	        // Search for additional roles
899
	        roles = getRoles(context, user);
900
		}
901
Lines 1073-1114 Link Here
1073
     * Check whether the given User can be authenticated with the
1074
     * given credentials. If the <code>userPassword</code>
1075
     * configuration attribute is specified, the credentials
1076
     * previously retrieved from the directory are compared explicitly
1077
     * with those presented by the user. Otherwise the presented
1078
     * credentials are checked by binding to the directory as the
1079
     * user.
1080
     *
1081
     * @param context The directory context
1082
     * @param user The User to be authenticated
1083
     * @param credentials The credentials presented by the user
1084
     *
1085
     * @exception NamingException if a directory server error occurs
1086
     */
1087
    protected boolean checkCredentials(DirContext context,
1088
                                     User user,
1089
                                     String credentials)
1090
         throws NamingException {
1091
         
1092
         boolean validated = false;
1093
1094
         if (userPassword == null) {
1095
             validated = bindAsUser(context, user, credentials);
1096
         } else {
1097
             validated = compareCredentials(context, user, credentials);
1098
         }
1099
         
1100
         if (debug >= 2) {
1101
             if (validated) {
1102
                 log(sm.getString("jndiRealm.authenticateSuccess",
1103
                                  user.username));
1104
             } else {
1105
                 log(sm.getString("jndiRealm.authenticateFailure",
1106
                                  user.username));
1107
             }
1108
         }
1109
         return (validated);
1110
     }
1111
1112
1113
1114
    /**
Line 1153 Link Here
1153
     * Check credentials by binding to the directory as the user
1140
     * Return a List of roles associated with the given User.  Any
1154
--
1141
     * roles present in the user's directory entry are supplemented by
1142
     * a directory search. If no roles are associated with this user,
1143
     * a zero-length List is returned. If the user is not validated,
1144
	 * returns <code>null</code>.
Lines 1156-1157 Link Here
1156
     * @param user The User to be authenticated
1147
     * @param username Username of the Principal to look up
1157
     * @param credentials Authentication credentials
1148
     * @param credentials Password or other credentials to use in
1158
--
1149
     *  authenticating this username
Lines 1161-1165 Link Here
1161
     protected boolean bindAsUser(DirContext context,
1153
    protected List bindAsUser(DirContext context,
1162
                                  User user,
1154
                              String username,
1163
                                  String credentials)
1155
                              String credentials)
1164
         throws NamingException {
1156
        throws NamingException {
1165
         Attributes attr;
1166
--
Lines 1167-1170 Link Here
1167
         if (credentials == null || user == null)
1158
        if (username == null || username.equals("") 
1168
             return (false);
1159
            || credentials == null || credentials.equals(""))
1169
         
1160
            return (null);
1170
         String dn = user.dn;
1161
1171
--
1162
		ArrayList roles = null;
1163
1164
		// Bind to the directory to authenticate and obtain roles.
1165
1166
		 String dn = null;
1167
1168
        // Use pattern or search for user entry
1169
        if (userPatternFormat != null) {
1170
	        if (debug >= 2)
1171
	            log("lookupUser(" + username + ")");
1172
1173
	        // Form the dn from the user pattern
1174
	        dn = userPatternFormat.format(new String[] { username });
1175
	        if (debug >= 3) {
1176
	            log("  dn=" + dn);
1177
	        }
1178
        } else {
1179
	        if (userSearchFormat == null)
1180
	            return (null);
1181
1182
	        // Form the search filter
1183
	        String filter = userSearchFormat.format(new String[] { username });
1184
1185
	        // Set up the search controls
1186
	        SearchControls constraints = new SearchControls();
1187
1188
	        if (userSubtree) {
1189
	            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
1190
	        }
1191
	        else {
1192
	            constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
1193
	        }
1194
	        constraints.setReturningAttributes(new String[0]); 
1195
	        
1196
	        if (debug > 3) {
1197
	            log("  Searching for " + username);
1198
	            log("  base: " + userBase + "  filter: " + filter);
1199
	        }
1200
	        
1201
	        NamingEnumeration results = 
1202
	            context.search(userBase, filter, constraints);
1203
	        
1204
	        // Fail if no entries found
1205
	        if (results == null || !results.hasMore()) {
1206
	            if (debug > 2) {
1207
	                log("  username not found");
1208
	            }
1209
	            return(null);
1210
	        }
1211
	        
1212
	        // Get result for the first entry found
1213
	        SearchResult result = (SearchResult)results.next();
1214
	        
1215
	        // Check no further entries were found
1216
	        if (results.hasMore()) {
1217
	            log("username " + username + " has multiple entries");
1218
	            return (null);
1219
	        }
1220
1221
	        // Get the entry's distinguished name
1222
	        NameParser parser = context.getNameParser("");
1223
	        Name contextName = parser.parse(context.getNameInNamespace());
1224
	        Name baseName = parser.parse(userBase);
1225
	        Name entryName = parser.parse(result.getName());
1226
	        Name name = contextName.addAll(baseName);
1227
	        name = name.addAll(entryName);
1228
	        dn = name.toString();
1229
	        
1230
	        if (debug > 2)
1231
	            log("  entry found for " + username + " with dn " + dn);
1232
        }
1233
Line 1172 Link Here
1172
             return (false);
1235
             return (null);
1173
--
Line 1184 Link Here
1184
        boolean validated = false;
Lines 1189-1190 Link Here
1189
            attr = context.getAttributes("", null);
1251
			ArrayList list = new ArrayList();
1190
            validated = true;
1252
	        if (userRoleName != null)
1191
--
1253
	            list.add(userRoleName);
1254
	        String[] attrIds = new String[list.size()];
1255
	        list.toArray(attrIds);
1256
1257
			Attributes attrs = context.getAttributes("", attrIds);
1258
	        if (attrs != null)
1259
			{
1260
		        // Retrieve values of userRoleName attribute
1261
		        if (userRoleName != null)
1262
		            roles = addAttributeValues(userRoleName, attrs, roles);
1263
			}
1264
1265
			// Search for additional roles.
1266
			roles = (ArrayList)getRoles(context, new User(username, dn, null, roles));
1267
1268
			// To indicate success roles must be non-null.
1269
			if ( roles == null )
1270
				roles = new ArrayList();
Line 1197 Link Here
1197
 
1277
1198
--
Lines 1213-1214 Link Here
1213
        return (validated);
1293
        return (roles);
1214
     }
1294
	}
1215
--

Return to bug 19444