Refactoring of BindAuthenticator to allow an extended version which uses ppolicy controls. Added no-cause constructor in LdapDataAccessException for use in data parsing errors.
This commit is contained in:
Luke Taylor
parent
ca1bf5cc21
commit
2daea069f9
|
|
@ -18,13 +18,18 @@ package org.acegisecurity.providers.ldap;
|
||||||
import org.acegisecurity.AuthenticationServiceException;
|
import org.acegisecurity.AuthenticationServiceException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Used to wrap unexpected NamingExceptions while accessing the LDAP server.
|
* Used to wrap unexpected NamingExceptions while accessing the LDAP server
|
||||||
|
* or for other LDAP-related data problems such as data we can't handle.
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public class LdapDataAccessException extends AuthenticationServiceException {
|
public class LdapDataAccessException extends AuthenticationServiceException {
|
||||||
|
|
||||||
|
public LdapDataAccessException(String msg) {
|
||||||
|
super(msg);
|
||||||
|
}
|
||||||
|
|
||||||
public LdapDataAccessException(String msg, Throwable ex) {
|
public LdapDataAccessException(String msg, Throwable ex) {
|
||||||
super(msg, ex);
|
super(msg, ex);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,7 @@ import java.util.Iterator;
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public final class BindAuthenticator extends AbstractLdapAuthenticator {
|
public class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||||
|
|
||||||
//~ Static fields/initializers =============================================
|
//~ Static fields/initializers =============================================
|
||||||
|
|
||||||
|
|
@ -55,14 +55,14 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||||
Iterator dns = getUserDns(username).iterator();
|
Iterator dns = getUserDns(username).iterator();
|
||||||
|
|
||||||
while(dns.hasNext() && user == null) {
|
while(dns.hasNext() && user == null) {
|
||||||
user = authenticateWithDn((String)dns.next(), password);
|
user = bindWithDn((String)dns.next(), password);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Otherwise use the configured locator to find the user
|
// Otherwise use the configured locator to find the user
|
||||||
// and authenticate with the returned DN.
|
// and authenticate with the returned DN.
|
||||||
if (user == null && getUserSearch() != null) {
|
if (user == null && getUserSearch() != null) {
|
||||||
LdapUserInfo userFromSearch = getUserSearch().searchForUser(username);
|
LdapUserInfo userFromSearch = getUserSearch().searchForUser(username);
|
||||||
user = authenticateWithDn(userFromSearch.getDn(), password);
|
user = bindWithDn(userFromSearch.getDn(), password);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(user == null) {
|
if(user == null) {
|
||||||
|
|
@ -75,10 +75,9 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private LdapUserInfo authenticateWithDn(String userDn, String password) {
|
LdapUserInfo bindWithDn(String userDn, String password) {
|
||||||
DirContext ctx = null;
|
DirContext ctx = null;
|
||||||
LdapUserInfo user = null;
|
LdapUserInfo user = null;
|
||||||
Attributes attributes = null;
|
|
||||||
|
|
||||||
if (logger.isDebugEnabled()) {
|
if (logger.isDebugEnabled()) {
|
||||||
logger.debug("Attempting to bind with DN = " + userDn);
|
logger.debug("Attempting to bind with DN = " + userDn);
|
||||||
|
|
@ -86,15 +85,9 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
ctx = getInitialDirContextFactory().newInitialDirContext(userDn, password);
|
ctx = getInitialDirContextFactory().newInitialDirContext(userDn, password);
|
||||||
attributes = ctx.getAttributes(
|
Attributes attributes = loadAttributes(ctx, userDn);
|
||||||
LdapUtils.getRelativeName(userDn, ctx),
|
|
||||||
getUserAttributes());
|
|
||||||
user = new LdapUserInfo(userDn, attributes);
|
user = new LdapUserInfo(userDn, attributes);
|
||||||
|
|
||||||
} catch(NamingException ne) {
|
|
||||||
throw new LdapDataAccessException(messages.getMessage(
|
|
||||||
"BindAuthenticator.failedToLoadAttributes", new String[] {userDn},
|
|
||||||
"Failed to load attributes for user {0}"), ne);
|
|
||||||
} catch(BadCredentialsException e) {
|
} catch(BadCredentialsException e) {
|
||||||
// This will be thrown if an invalid user name is used and the method may
|
// This will be thrown if an invalid user name is used and the method may
|
||||||
// be called multiple times to try different names, so we trap the exception.
|
// be called multiple times to try different names, so we trap the exception.
|
||||||
|
|
@ -108,4 +101,17 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Attributes loadAttributes(DirContext ctx, String userDn) {
|
||||||
|
try {
|
||||||
|
return ctx.getAttributes(
|
||||||
|
LdapUtils.getRelativeName(userDn, ctx),
|
||||||
|
getUserAttributes());
|
||||||
|
|
||||||
|
} catch(NamingException ne) {
|
||||||
|
throw new LdapDataAccessException(messages.getMessage(
|
||||||
|
"BindAuthenticator.failedToLoadAttributes", new String[] {userDn},
|
||||||
|
"Failed to load attributes for user {0}"), ne);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue