/** * Method authenticate. * * @param username String * @param password String * @return boolean * @throws Exception */ public boolean authenticate(String username, String password) throws Exception { try { ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.reconnect(connCtls); } catch (AuthenticationException e) { throw e; } catch (NamingException e) { throw e; } return true; }
/** * Method finito. * * @throws Exception */ public void finito() throws Exception { try { if (ctx != null) ctx.close(); } catch (NamingException e) { throw e; } }
/** Clean out state because of a failed authentication attempt */ private void cleanState() { username = null; if (password != null) { Arrays.fill(password, ' '); password = null; } try { if (ctx != null) { ctx.close(); } } catch (NamingException e) { // ignore } ctx = null; if (clearPass) { sharedState.remove(USERNAME_KEY); sharedState.remove(PASSWORD_KEY); } }
/** * Search for the user's entry. Determine the distinguished name of the user's entry and * optionally an authorization identity for the user. * * @param ctx an LDAP context to use for the search * @return the user's distinguished name or an empty string if none was found. * @exception LoginException if the user's entry cannot be found. */ private String findUserDN(LdapContext ctx) throws LoginException { String userDN = ""; // Locate the user's LDAP entry if (userFilter != null) { if (debug) { System.out.println( "\t\t[LdapLoginModule] " + "searching for entry belonging to user: "******"\t\t[LdapLoginModule] " + "cannot search for entry belonging to user: "******"Cannot find user's LDAP entry"); } try { NamingEnumeration results = ctx.search("", replaceUsernameToken(filterMatcher, userFilter), constraints); // Extract the distinguished name of the user's entry // (Use the first entry if more than one is returned) if (results.hasMore()) { SearchResult entry = (SearchResult) results.next(); // %%% - use the SearchResult.getNameInNamespace method // available in JDK 1.5 and later. // (can remove call to constraints.setReturningObjFlag) userDN = ((Context) entry.getObject()).getNameInNamespace(); if (debug) { System.out.println("\t\t[LdapLoginModule] found entry: " + userDN); } // Extract a value from user's authorization identity attribute if (authzIdentityAttr != null) { Attribute attr = entry.getAttributes().get(authzIdentityAttr); if (attr != null) { Object val = attr.get(); if (val instanceof String) { authzIdentity = (String) val; } } } results.close(); } else { // Bad username if (debug) { System.out.println("\t\t[LdapLoginModule] user's entry " + "not found"); } } } catch (NamingException e) { // ignore } if (userDN.equals("")) { throw (LoginException) new FailedLoginException("Cannot find user's LDAP entry"); } else { return userDN; } }
/** * Attempt authentication * * @param getPasswdFromSharedState boolean that tells this method whether to retrieve the password * from the sharedState. * @exception LoginException if the authentication attempt fails. */ private void attemptAuthentication(boolean getPasswdFromSharedState) throws LoginException { // first get the username and password getUsernamePassword(getPasswdFromSharedState); if (password == null || password.length == 0) { throw (LoginException) new FailedLoginException("No password was supplied"); } String dn = ""; if (authFirst || authOnly) { String id = replaceUsernameToken(identityMatcher, authcIdentity); // Prepare to bind using user's username and password ldapEnvironment.put(Context.SECURITY_CREDENTIALS, password); ldapEnvironment.put(Context.SECURITY_PRINCIPAL, id); if (debug) { System.out.println( "\t\t[LdapLoginModule] " + "attempting to authenticate user: "******"Cannot bind to LDAP server").initCause(e); } // Authentication has succeeded // Locate the user's distinguished name if (userFilter != null) { dn = findUserDN(ctx); } else { dn = id; } } else { try { // Connect to the LDAP server (using anonymous bind) ctx = new InitialLdapContext(ldapEnvironment, null); } catch (NamingException e) { throw (LoginException) new FailedLoginException("Cannot connect to LDAP server").initCause(e); } // Locate the user's distinguished name dn = findUserDN(ctx); try { // Prepare to bind using user's distinguished name and password ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); if (debug) { System.out.println( "\t\t[LdapLoginModule] " + "attempting to authenticate user: "******"Cannot bind to LDAP server").initCause(e); } } // Save input as shared state only if authentication succeeded if (storePass && !sharedState.containsKey(USERNAME_KEY) && !sharedState.containsKey(PASSWORD_KEY)) { sharedState.put(USERNAME_KEY, username); sharedState.put(PASSWORD_KEY, password); } // Create the user principals userPrincipal = new UserPrincipal(username); if (authzIdentity != null) { authzPrincipal = new UserPrincipal(authzIdentity); } try { ldapPrincipal = new LdapPrincipal(dn); } catch (InvalidNameException e) { if (debug) { System.out.println("\t\t[LdapLoginModule] " + "cannot create LdapPrincipal: bad DN"); } throw (LoginException) new FailedLoginException("Cannot create LdapPrincipal").initCause(e); } }