public HttpPrincipal(String url, String login, String password, boolean digested) { _url = url; _login = login; if (digested) { _password = password; } else { try { _password = PwdEncryptor.encrypt(password); } catch (PwdEncryptorException pee) { _log.error(pee, pee); } } }
protected LDAPAuthResult authenticate( LdapContext ctx, long companyId, Attributes attributes, String userDN, String password) throws Exception { LDAPAuthResult ldapAuthResult = new LDAPAuthResult(); // Check passwords by either doing a comparison between the passwords or // by binding to the LDAP server. If using LDAP password policies, bind // auth method must be used in order to get the result control codes. String authMethod = PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_AUTH_METHOD); InitialLdapContext innerCtx = null; if (authMethod.equals(AUTH_METHOD_BIND)) { try { Hashtable<String, Object> env = (Hashtable<String, Object>) ctx.getEnvironment(); env.put(Context.SECURITY_PRINCIPAL, userDN); env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.REFERRAL, PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_REFERRAL)); // Do not use pooling because principal changes env.put("com.sun.jndi.ldap.connect.pool", "false"); innerCtx = new InitialLdapContext(env, null); // Get LDAP bind results Control[] responseControls = innerCtx.getResponseControls(); ldapAuthResult.setAuthenticated(true); ldapAuthResult.setResponseControl(responseControls); } catch (Exception e) { if (_log.isDebugEnabled()) { _log.debug( "Failed to bind to the LDAP server with userDN " + userDN + " and password " + password); } _log.error("Failed to bind to the LDAP server", e); ldapAuthResult.setAuthenticated(false); ldapAuthResult.setErrorMessage(e.getMessage()); } finally { if (innerCtx != null) { innerCtx.close(); } } } else if (authMethod.equals(AUTH_METHOD_PASSWORD_COMPARE)) { Attribute userPassword = attributes.get("userPassword"); if (userPassword != null) { String ldapPassword = new String((byte[]) userPassword.get()); String encryptedPassword = password; String algorithm = PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_AUTH_PASSWORD_ENCRYPTION_ALGORITHM); if (Validator.isNotNull(algorithm)) { encryptedPassword = "******" + algorithm + "}" + PwdEncryptor.encrypt(algorithm, password, ldapPassword); } if (ldapPassword.equals(encryptedPassword)) { ldapAuthResult.setAuthenticated(true); } else { ldapAuthResult.setAuthenticated(false); if (_log.isWarnEnabled()) { _log.warn("Passwords do not match for userDN " + userDN); } } } } return ldapAuthResult; }