Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-11 21:03:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

OPEN - issue SEC-793: ldap-authentication-provider element parser ignores hash attribute.

Browse Source 
http://jira.springframework.org/browse/SEC-793. Added support for hash attribute. password-encoder still takes precendence with a warning if both are present.
This commit is contained in:
Luke Taylor 2008-04-23 12:50:09 +00:00
parent 7e63fe7357
commit 01185475a1
2 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java
View File

@ -28,6 +28,7 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
private static final String ATT_USER_DN_PATTERN = "user-dn-pattern"; private static final String ATT_USER_DN_PATTERN = "user-dn-pattern";
private static final String ATT_USER_PASSWORD = "password-attribute"; private static final String ATT_USER_PASSWORD = "password-attribute";
private static final String ATT_HASH = PasswordEncoderParser.ATT_HASH;
private static final String DEF_USER_SEARCH_FILTER="uid={0}"; private static final String DEF_USER_SEARCH_FILTER="uid={0}";
@ -53,6 +54,7 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
RootBeanDefinition authenticator = new RootBeanDefinition(BindAuthenticator.class); RootBeanDefinition authenticator = new RootBeanDefinition(BindAuthenticator.class);
Element passwordCompareElt = DomUtils.getChildElementByTagName(elt, Elements.LDAP_PASSWORD_COMPARE); Element passwordCompareElt = DomUtils.getChildElementByTagName(elt, Elements.LDAP_PASSWORD_COMPARE);
if (passwordCompareElt != null) { if (passwordCompareElt != null) {
authenticator = new RootBeanDefinition(PasswordComparisonAuthenticator.class); authenticator = new RootBeanDefinition(PasswordComparisonAuthenticator.class);
@ -62,14 +64,22 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
} }
Element passwordEncoderElement = DomUtils.getChildElementByTagName(passwordCompareElt, Elements.PASSWORD_ENCODER); Element passwordEncoderElement = DomUtils.getChildElementByTagName(passwordCompareElt, Elements.PASSWORD_ENCODER);
String hash = passwordCompareElt.getAttribute(ATT_HASH);
if (passwordEncoderElement != null) { if (passwordEncoderElement != null) {
if (StringUtils.hasText(hash)) {
parserContext.getReaderContext().warning("Attribute 'hash' cannot be used with 'password-encoder' and " +
"will be ignored.", parserContext.extractSource(elt));
}
PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElement, parserContext); PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElement, parserContext);
authenticator.getPropertyValues().addPropertyValue("passwordEncoder", pep.getPasswordEncoder()); authenticator.getPropertyValues().addPropertyValue("passwordEncoder", pep.getPasswordEncoder());
if (pep.getSaltSource() != null) { if (pep.getSaltSource() != null) {
parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP", passwordEncoderElement); parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP", passwordEncoderElement);
} }
} else if (StringUtils.hasText(hash)) {
Class encoderClass = (Class) PasswordEncoderParser.ENCODER_CLASSES.get(hash);
authenticator.getPropertyValues().addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass));
} }
} }

23
core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
View File

@ -42,8 +42,30 @@ public class LdapProviderBeanDefinitionParserTests {
setContext("<ldap-authentication-provider />"); setContext("<ldap-authentication-provider />");
} }
@Test @Test
public void supportsPasswordComparisonAuthentication() { public void supportsPasswordComparisonAuthentication() {
setContext("<ldap-server /> " +
"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
" <password-compare />" +
"</ldap-authentication-provider>");
LdapAuthenticationProvider provider = getProvider();
provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
}
@Test
public void supportsPasswordComparisonAuthenticationWithHashAttribute() {
setContext("<ldap-server /> " +
"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
" <password-compare password-attribute='uid' hash='plaintext'/>" +
"</ldap-authentication-provider>");
LdapAuthenticationProvider provider = getProvider();
provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));
}
@Test
public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() {
setContext("<ldap-server /> " + setContext("<ldap-server /> " +
"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" + "<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
" <password-compare password-attribute='uid'>" + " <password-compare password-attribute='uid'>" +
@ -58,7 +80,6 @@ public class LdapProviderBeanDefinitionParserTests {
appCtx = new InMemoryXmlApplicationContext(context); appCtx = new InMemoryXmlApplicationContext(context);
} }
private LdapAuthenticationProvider getProvider() { private LdapAuthenticationProvider getProvider() {
ProviderManager authManager = (ProviderManager) appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER); ProviderManager authManager = (ProviderManager) appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER);