Esempio n. 1
0
  public HttpPrincipal(String url, String login, String password, boolean digested) {

    _url = url;
    _login = login;

    if (digested) {
      _password = password;
    } else {
      try {
        _password = PwdEncryptor.encrypt(password);
      } catch (PwdEncryptorException pee) {
        _log.error(pee, pee);
      }
    }
  }
  protected LDAPAuthResult authenticate(
      LdapContext ctx, long companyId, Attributes attributes, String userDN, String password)
      throws Exception {

    LDAPAuthResult ldapAuthResult = new LDAPAuthResult();

    // Check passwords by either doing a comparison between the passwords or
    // by binding to the LDAP server. If using LDAP password policies, bind
    // auth method must be used in order to get the result control codes.

    String authMethod = PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_AUTH_METHOD);
    InitialLdapContext innerCtx = null;

    if (authMethod.equals(AUTH_METHOD_BIND)) {
      try {
        Hashtable<String, Object> env = (Hashtable<String, Object>) ctx.getEnvironment();

        env.put(Context.SECURITY_PRINCIPAL, userDN);
        env.put(Context.SECURITY_CREDENTIALS, password);
        env.put(Context.REFERRAL, PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_REFERRAL));

        // Do not use pooling because principal changes

        env.put("com.sun.jndi.ldap.connect.pool", "false");

        innerCtx = new InitialLdapContext(env, null);

        // Get LDAP bind results

        Control[] responseControls = innerCtx.getResponseControls();

        ldapAuthResult.setAuthenticated(true);
        ldapAuthResult.setResponseControl(responseControls);
      } catch (Exception e) {
        if (_log.isDebugEnabled()) {
          _log.debug(
              "Failed to bind to the LDAP server with userDN "
                  + userDN
                  + " and password "
                  + password);
        }

        _log.error("Failed to bind to the LDAP server", e);

        ldapAuthResult.setAuthenticated(false);
        ldapAuthResult.setErrorMessage(e.getMessage());
      } finally {
        if (innerCtx != null) {
          innerCtx.close();
        }
      }
    } else if (authMethod.equals(AUTH_METHOD_PASSWORD_COMPARE)) {
      Attribute userPassword = attributes.get("userPassword");

      if (userPassword != null) {
        String ldapPassword = new String((byte[]) userPassword.get());

        String encryptedPassword = password;

        String algorithm =
            PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_AUTH_PASSWORD_ENCRYPTION_ALGORITHM);

        if (Validator.isNotNull(algorithm)) {
          encryptedPassword =
              "******" + algorithm + "}" + PwdEncryptor.encrypt(algorithm, password, ldapPassword);
        }

        if (ldapPassword.equals(encryptedPassword)) {
          ldapAuthResult.setAuthenticated(true);
        } else {
          ldapAuthResult.setAuthenticated(false);

          if (_log.isWarnEnabled()) {
            _log.warn("Passwords do not match for userDN " + userDN);
          }
        }
      }
    }

    return ldapAuthResult;
  }