Ejemplo n.º 1
0
  @Override
  public void initialize(
      final Subject subject,
      final CallbackHandler callbackHandler,
      final Map<String, ?> sharedState,
      final Map<String, ?> options) {
    setLdapPrincipal = true;
    setLdapCredential = true;

    super.initialize(subject, callbackHandler, sharedState, options);

    for (String key : options.keySet()) {
      final String value = (String) options.get(key);
      if ("userRoleAttribute".equalsIgnoreCase(key)) {
        if ("".equals(value)) {
          userRoleAttribute = ReturnAttributes.NONE.value();
        } else if ("*".equals(value)) {
          userRoleAttribute = ReturnAttributes.ALL_USER.value();
        } else {
          userRoleAttribute = value.split(",");
        }
      } else if ("authenticatorFactory".equalsIgnoreCase(key)) {
        try {
          authenticatorFactory = (AuthenticatorFactory) Class.forName(value).newInstance();
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
          throw new IllegalArgumentException(e);
        }
      }
    }

    if (authenticatorFactory == null) {
      authenticatorFactory = new PropertiesAuthenticatorFactory();
    }

    logger.trace(
        "authenticatorFactory = {}, userRoleAttribute = {}",
        authenticatorFactory,
        Arrays.toString(userRoleAttribute));

    auth = authenticatorFactory.createAuthenticator(options);
    logger.debug("Retrieved authenticator from factory: {}", auth);

    authRequest = authenticatorFactory.createAuthenticationRequest(options);
    authRequest.setReturnAttributes(userRoleAttribute);
    logger.debug("Retrieved authentication request from factory: {}", authRequest);
  }
Ejemplo n.º 2
0
  @Override
  protected boolean login(final NameCallback nameCb, final PasswordCallback passCb)
      throws LoginException {
    try {
      getCredentials(nameCb, passCb, false);
      authRequest.setUser(new User(nameCb.getName()));
      authRequest.setCredential(new Credential(passCb.getPassword()));

      AuthenticationResponse response = auth.authenticate(authRequest);
      LdapEntry entry = null;
      if (response.getResult()) {
        entry = response.getLdapEntry();
        if (entry != null) {
          roles.addAll(LdapRole.toRoles(entry));
          if (defaultRole != null && !defaultRole.isEmpty()) {
            roles.addAll(defaultRole);
          }
        }
        loginSuccess = true;
      } else {
        if (tryFirstPass) {
          getCredentials(nameCb, passCb, true);
          response = auth.authenticate(authRequest);
          if (response.getResult()) {
            entry = response.getLdapEntry();
            if (entry != null) {
              roles.addAll(LdapRole.toRoles(entry));
            }
            if (defaultRole != null && !defaultRole.isEmpty()) {
              roles.addAll(defaultRole);
            }
            loginSuccess = true;
          } else {
            loginSuccess = false;
          }
        } else {
          loginSuccess = false;
        }
      }

      if (!loginSuccess) {
        logger.debug("Authentication failed: " + response);
        throw new LoginException("Authentication failed: " + response);
      } else {
        if (setLdapPrincipal) {
          principals.add(new LdapPrincipal(nameCb.getName(), entry));
        }

        final String loginDn = response.getResolvedDn();
        if (loginDn != null && setLdapDnPrincipal) {
          principals.add(new LdapDnPrincipal(loginDn, entry));
        }

        if (setLdapCredential) {
          credentials.add(new LdapCredential(passCb.getPassword()));
        }
        storeCredentials(nameCb, passCb, loginDn);
      }
    } catch (LdapException e) {
      logger.debug("Error occurred attempting authentication", e);
      loginSuccess = false;
      throw new LoginException(e != null ? e.getMessage() : "Authentication Error");
    }
    return true;
  }