SEC-8: Removed custom interface and provider as the specialized authenticator should be sufficient.

ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticationProvider.java

@@ -1,108 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.ui.ntlm.ldap.authenticator;
-
-import org.acegisecurity.*;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
-import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
-import org.acegisecurity.ui.ntlm.NtlmUsernamePasswordAuthenticationToken;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.dao.DataAccessException;
-import org.springframework.util.StringUtils;
-import org.springframework.ldap.core.DirContextOperations;
-
-/**
- * This provider implements specialized behaviour if the supplied {@link Authentication} object is
- * from NTLM. In other cases calls the parent implementation.
- * 
- * @author sylvain.mougenot
- * 
- */
-public class NtlmAwareLdapAuthenticationProvider extends LdapAuthenticationProvider {
-	private static final Log logger = LogFactory.getLog(NtlmAwareLdapAuthenticationProvider.class);
-
-	/**
-	 * NTLM aware authenticator
-	 */
-	private NtlmAwareLdapAuthenticator authenticator;
-
-	/**
-	 * @param authenticator
-	 * @param authoritiesPopulator
-	 */
-	public NtlmAwareLdapAuthenticationProvider(NtlmAwareLdapAuthenticator authenticator,
-			                                    LdapAuthoritiesPopulator authoritiesPopulator) {
-		super(authenticator, authoritiesPopulator);
-		this.authenticator = authenticator;
-	}
-
-	/*
-	 * (non-Javadoc)
-	 * 
-	 * @see org.acegisecurity.providers.ldap.LdapAuthenticationProvider#retrieveUser(java.lang.String,
-	 *      org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
-	 */
-	protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
-			throws AuthenticationException {
-		final UserDetails myDetails;
-
-		if (authentication instanceof NtlmUsernamePasswordAuthenticationToken) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("Ntlm Token for Authentication"); //$NON-NLS-1$
-			}
-
-			// Only loads LDAP data
-			myDetails = retrieveUser(username, (NtlmUsernamePasswordAuthenticationToken) authentication);
-		} else {
-			// calls parent implementation
-			myDetails = super.retrieveUser(username, authentication);
-		}
-
-		return myDetails;
-	}
-
-	/**
-	 * Authentication has already been done. We need a particular behviour
-	 * because the parent check password consistency. But we do not have the
-	 * password (even if the user is authenticated).
-	 * 
-	 * @see NtlmUsernamePasswordAuthenticationToken#DEFAULT_PASSWORD
-	 * @param username
-	 * @param authentication
-	 * @return
-	 * @throws AuthenticationException
-	 */
-	protected UserDetails retrieveUser(String username, NtlmUsernamePasswordAuthenticationToken authentication)
-			throws AuthenticationException {
-		// identifiant obligatoire
-		if (!StringUtils.hasLength(username)) {
-			throw new BadCredentialsException(messages.getMessage(
-					"LdapAuthenticationProvider.emptyUsername",
-					"Empty Username"));
-		}
-
-		// NB: password is just the default value
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("Retrieving user " + username);
-		}
-
-		try {
-			// Complies with our lack of password (can't bind)
-			DirContextOperations ldapUser = authenticator.authenticate(authentication);
-
-            GrantedAuthority[] extraAuthorities = getAuthoritiesPopulator().getGrantedAuthorities(ldapUser, username);
-
-            return getUserDetailsContextMapper().mapUserFromContext(ldapUser, username, extraAuthorities);
-
-		} catch (DataAccessException ldapAccessFailure) {
-			throw new AuthenticationServiceException(ldapAccessFailure
-					.getMessage(), ldapAccessFailure);
-		}
-	}
-}

ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticator.java

@@ -1,25 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.ui.ntlm.ldap.authenticator;
-
-import org.acegisecurity.providers.ldap.LdapAuthenticator;
-import org.acegisecurity.ui.ntlm.NtlmUsernamePasswordAuthenticationToken;
-import org.springframework.ldap.core.DirContextOperations;
-
-/**
- * Authenticator compliant with NTLM part done previously (for authentication).
- * 
- * @author sylvain.mougenot
- *
- */
-public interface NtlmAwareLdapAuthenticator extends LdapAuthenticator {
-    /**
-     * Authentication was done previously by NTLM.
-     * Obtains additional user informations from the directory.
-     *
-     * @param aUserToken Ntlm issued authentication Token
-     * @return the details of the successfully authenticated user.
-     */
-    DirContextOperations authenticate(NtlmUsernamePasswordAuthenticationToken aUserToken);
-}

ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticatorImpl.java

@@ -1,5 +1,5 @@
 /**
- * 
+ *
  */
 package org.acegisecurity.ui.ntlm.ldap.authenticator;
 
@@ -16,11 +16,11 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.ldap.core.DirContextOperations;
 
 /**
- * Fullfill the User details after NTLM authentication was done. Or (if no NTLM
+ * Loads the UserDetails if authentication was already performed by NTLM (indicated by the type of authentication
- * authentication done) act as the parent to authenticate the user
+ * token submitted). Otherwise falls back to the parent class behaviour, attempting to bind as the user.
- * 
+ *
  * @author sylvain.mougenot
- * 
+ *
  */
 public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
 	/**
@@ -37,7 +37,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
 
 	/**
 	 * Prepare the template without bind requirements.
-	 * 
+	 *
 	 * @param aUserDn
 	 * @param aUserName
 	 * @see #loadDetail(SpringSecurityLdapTemplate, String, String)
@@ -50,7 +50,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
 
 	/**
 	 * Load datas
-	 * 
+	 *
 	 * @param aTemplate
 	 * @param aUserDn
 	 * @param aUserName
@@ -68,20 +68,20 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
 			// exception
 			// unless a subclass wishes to implement more specialized behaviour.
 			if (logger.isDebugEnabled()) {
-				logger.debug("Failed to bind as " + aUserDn + ": "
+				logger.debug("Failed to bind as " + aUserDn + ": " + e.getMessage(), e);
-						+ e.getMessage(), e);
 			}
 		}
 		return null;
 	}
 
-	/*
+	/**
-	 * (non-Javadoc)
+	 * If the supplied <tt>Authentication</tt> object is of type <tt>NtlmUsernamePasswordAuthenticationToken</tt>,
-	 * 
+     * the information stored in the user's directory entry is loaded without attempting to authenticate them.
-	 * @see org.acegisecurity.ui.ntlm.NtlmAwareLdapAuthenticator#authenticate(org.acegisecurity.ui.ntlm.NtlmUsernamePasswordAuthenticationToken)
+     * Otherwise the parent class is called to perform a bind operation to authenticate the user.
 	 */
 	public DirContextOperations authenticate(Authentication authentication) {
         if (!(authentication instanceof NtlmUsernamePasswordAuthenticationToken)) {
+            // Not NTLM authenticated, so call the base class to authenticate the user.
             return super.authenticate(authentication);
         }