OPEN - issue SEC-793: ldap-authentication-provider element parser ignores hash attribute.

http://jira.springframework.org/browse/SEC-793. Added support for hash attribute. password-encoder still takes precendence with a warning if both are present.
2008-04-23 12:50:09 +00:00 · 2008-04-23 12:50:09 +00:00 · 01185475a1
parent 7e63fe7357
commit 01185475a1
2 changed files with 38 additions and 7 deletions
--- a/core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java
@ -28,6 +28,7 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
  
    private static final String ATT_USER_DN_PATTERN = "user-dn-pattern";
    private static final String ATT_USER_PASSWORD = "password-attribute";
+    private static final String ATT_HASH = PasswordEncoderParser.ATT_HASH; 
    
    private static final String DEF_USER_SEARCH_FILTER="uid={0}";

@ -53,6 +54,7 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
        
        RootBeanDefinition authenticator = new RootBeanDefinition(BindAuthenticator.class);
        Element passwordCompareElt = DomUtils.getChildElementByTagName(elt, Elements.LDAP_PASSWORD_COMPARE);
+        
        if (passwordCompareElt != null) {
            authenticator = new RootBeanDefinition(PasswordComparisonAuthenticator.class);
            
@ -62,14 +64,22 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
            }
            
            Element passwordEncoderElement = DomUtils.getChildElementByTagName(passwordCompareElt, Elements.PASSWORD_ENCODER);
+            String hash = passwordCompareElt.getAttribute(ATT_HASH);
            
            if (passwordEncoderElement != null) {
+                if (StringUtils.hasText(hash)) {
+                    parserContext.getReaderContext().warning("Attribute 'hash' cannot be used with 'password-encoder' and " +
+                            "will be ignored.", parserContext.extractSource(elt));
+                }                
                PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElement, parserContext);
                authenticator.getPropertyValues().addPropertyValue("passwordEncoder", pep.getPasswordEncoder());
                
                if (pep.getSaltSource() != null) {
                    parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP", passwordEncoderElement);
                }
+            } else if (StringUtils.hasText(hash)) {
+                Class encoderClass = (Class) PasswordEncoderParser.ENCODER_CLASSES.get(hash);
+                authenticator.getPropertyValues().addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass));
            }
        } 
        
--- a/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
@ -42,8 +42,30 @@ public class LdapProviderBeanDefinitionParserTests {
        setContext("<ldap-authentication-provider />");
    }

+    
    @Test
    public void supportsPasswordComparisonAuthentication() {
+        setContext("<ldap-server /> " +
+                "<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
+                "    <password-compare />" +
+                "</ldap-authentication-provider>");
+        LdapAuthenticationProvider provider = getProvider();
+        provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));        
+    }    
+    
+    
+    @Test
+    public void supportsPasswordComparisonAuthenticationWithHashAttribute() {
+        setContext("<ldap-server /> " +
+                "<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
+                "    <password-compare password-attribute='uid' hash='plaintext'/>" +
+                "</ldap-authentication-provider>");
+        LdapAuthenticationProvider provider = getProvider();
+        provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));        
+    }    
+    
+    @Test
+    public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() {
        setContext("<ldap-server /> " +
        		"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
        		"    <password-compare password-attribute='uid'>" +
@ -58,7 +80,6 @@ public class LdapProviderBeanDefinitionParserTests {
        appCtx = new InMemoryXmlApplicationContext(context);
    }

-
    private LdapAuthenticationProvider getProvider() {
        ProviderManager authManager = (ProviderManager) appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER);