Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 06:42:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-8: Tidied up Ntlm contribution. NtlmAwareLdapAuthenticatorImpl was catching BadCredentialsExceptions which wouldn't be thrown since it doesn't actually do a bind. Changed to NameNotFoundException. Changed "bindWithoutDn" method name to "loadUser" which more clearly describes what it does.

Browse Source
This commit is contained in:
Luke Taylor 2007-09-19 00:27:17 +00:00
parent 58509a2736
commit 3afa96d7cc
7 changed files with 68 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ntlm/src/main/java/org/acegisecurity/ui/ntlm/HttpFilter.java
View File

@ -58,4 +58,4 @@ public abstract class HttpFilter implements Filter {
response.sendRedirect(response.encodeRedirectURL(url)); response.sendRedirect(response.encodeRedirectURL(url));
} }
} // End HttpFilter }

2
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmBaseException.java
View File

@ -31,4 +31,4 @@ public abstract class NtlmBaseException extends AuthenticationException {
super(msg); super(msg);
} }
} // End NtlmBaseException }

2
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmBeginHandshakeException.java
View File

@ -28,4 +28,4 @@ public class NtlmBeginHandshakeException extends NtlmBaseException {
super("NTLM"); super("NTLM");
} }
} // End NtlmBeginHandshakeException }

23
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmProcessingFilter.java
View File

@ -102,16 +102,16 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
/** Shoud the filter load balance among multiple domain controllers, default <code>false</code> */ /** Should the filter load balance among multiple domain controllers, default <code>false</code> */
private boolean loadBalance; private boolean loadBalance;
/** Shoud the domain name be stripped from the username, default <code>true</code> */ /** Should the domain name be stripped from the username, default <code>true</code> */
private boolean stripDomain = true; private boolean stripDomain = true;
/** Should the filter initiate NTLM negotiations, default <code>true</code> */ /** Should the filter initiate NTLM negotiations, default <code>true</code> */
private boolean forceIdentification = true; private boolean forceIdentification = true;
/** Shoud the filter retry NTLM on authorization failure, default <code>false</code> */ /** Should the filter retry NTLM on authorization failure, default <code>false</code> */
private boolean retryOnAuthFailure; private boolean retryOnAuthFailure;
private String soTimeout; private String soTimeout;
@ -120,7 +120,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
private String domainController; private String domainController;
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
//~ Public Methods ================================================================================================= //~ Methods ========================================================================================================
/** /**
* Ensures an <code>AuthenticationManager</code> and authentication failure * Ensures an <code>AuthenticationManager</code> and authentication failure
@ -130,9 +130,9 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required"); Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
// Default to 5 minutes if not already specified // Default to 5 minutes if not already specified
Config.setProperty("jcifs.smb.client.soTimeout", (soTimeout == null) ? "300000" : soTimeout); Config.setProperty("jcifs.smb.client.soTimeout", soTimeout == null ? "300000" : soTimeout);
// Default to 20 minutes if not already specified // Default to 20 minutes if not already specified
Config.setProperty("jcifs.netbios.cachePolicy", (cachePolicy == null) ? "1200" : cachePolicy); Config.setProperty("jcifs.netbios.cachePolicy", cachePolicy == null ? "1200" : cachePolicy);
if (domainController == null) { if (domainController == null) {
domainController = defaultDomain; domainController = defaultDomain;
@ -304,8 +304,6 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
this.retryOnAuthFailure = retryOnFailure; this.retryOnAuthFailure = retryOnFailure;
} }
//~ Protected Methods ==============================================================================================
protected void doFilter(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException { protected void doFilter(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException {
final HttpSession session = request.getSession(); final HttpSession session = request.getSession();
Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR); Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR);
@ -350,8 +348,6 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
} }
} }
//~ Private Methods ================================================================================================
/** /**
* Returns <code>true</code> if reauthentication is needed on an IE POST. * Returns <code>true</code> if reauthentication is needed on an IE POST.
*/ */
@ -502,10 +498,11 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* @throws SmbException * @throws SmbException
*/ */
private byte[] getChallenge(final HttpSession session, final UniAddress dcAddress) throws UnknownHostException, SmbException { private byte[] getChallenge(final HttpSession session, final UniAddress dcAddress) throws UnknownHostException, SmbException {
if (loadBalance) if (loadBalance) {
return ((NtlmChallenge) session.getAttribute(CHALLENGE_ATTR)).challenge; return ((NtlmChallenge) session.getAttribute(CHALLENGE_ATTR)).challenge;
}
return SmbSession.getChallenge(dcAddress); return SmbSession.getChallenge(dcAddress);
} }
} // End NtlmProcessingFilter } // End NtlmProcessingFilter

6
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmProcessingFilterEntryPoint.java
View File

@ -45,7 +45,7 @@ import jcifs.Config;
* @version $Id$ * @version $Id$
*/ */
public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean { public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
//~ Static fields/initializers ============================================= //~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(NtlmProcessingFilterEntryPoint.class); private static final Log logger = LogFactory.getLog(NtlmProcessingFilterEntryPoint.class);
@ -54,7 +54,7 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
/** Where to redirect the browser to if authentication fails */ /** Where to redirect the browser to if authentication fails */
private String authenticationFailureUrl; private String authenticationFailureUrl;
//~ Methods ================================================================ //~ Methods ========================================================================================================
/** /**
* Ensures an authentication failure URL has been provided in the bean * Ensures an authentication failure URL has been provided in the bean
@ -116,4 +116,4 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
} }
} }
} // End NtlmProcessingFilterEntryPoint }

7
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmType2MessageException.java
View File

@ -41,8 +41,9 @@ public class NtlmType2MessageException extends NtlmBaseException {
* Internet Explorer does a POST. * Internet Explorer does a POST.
*/ */
public void preserveAuthentication() { public void preserveAuthentication() {
if (auth != null) if (auth != null) {
SecurityContextHolder.getContext().setAuthentication(auth); SecurityContextHolder.getContext().setAuthentication(auth);
} }
}
} // End NTLMType2MessageException }

57
ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticatorImpl.java
View File

@ -14,6 +14,7 @@ import org.acegisecurity.ui.ntlm.NtlmUsernamePasswordAuthenticationToken;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.DirContextOperations; import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.NameNotFoundException;
/** /**
* Loads the UserDetails if authentication was already performed by NTLM (indicated by the type of authentication * Loads the UserDetails if authentication was already performed by NTLM (indicated by the type of authentication
@ -23,52 +24,34 @@ import org.springframework.ldap.core.DirContextOperations;
* *
*/ */
public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator { public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
/** //~ Static fields/initializers =====================================================================================
* Logger for this class
*/ private static final Log logger = LogFactory.getLog(NtlmAwareLdapAuthenticatorImpl.class);
private static final Log logger = LogFactory.getLog(NtlmAwareLdapAuthenticatorImpl.class);
//~ Constructors ===================================================================================================
/**
* @param initialDirContextFactory
*/
public NtlmAwareLdapAuthenticatorImpl(InitialDirContextFactory initialDirContextFactory) { public NtlmAwareLdapAuthenticatorImpl(InitialDirContextFactory initialDirContextFactory) {
super(initialDirContextFactory); super(initialDirContextFactory);
} }
/** //~ Methods ========================================================================================================
* Prepare the template without bind requirements.
*
* @param aUserDn
* @param aUserName
* @see #loadDetail(SpringSecurityLdapTemplate, String, String)
* @return
*/
protected DirContextOperations bindWithoutDn(String aUserDn, String aUserName) {
SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(getInitialDirContextFactory());
return loadDetail(template, aUserDn, aUserName);
}
/** /**
* Load datas * Loads the user context information without binding.
*
* @param aTemplate
* @param aUserDn
* @param aUserName
* @return
*/ */
protected DirContextOperations loadDetail(SpringSecurityLdapTemplate aTemplate, String aUserDn, String aUserName) { protected DirContextOperations loadUser(String aUserDn, String aUserName) {
SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(getInitialDirContextFactory());
try { try {
DirContextOperations user = aTemplate.retrieveEntry(aUserDn, getUserAttributes()); DirContextOperations user = template.retrieveEntry(aUserDn, getUserAttributes());
return user; return user;
} catch (BadCredentialsException e) { } catch (NameNotFoundException e) {
// This will be thrown if an invalid user name is used and the // This will be thrown if an invalid user name is used and the method may
// method may // be called multiple times to try different names, so we trap the exception.
// be called multiple times to try different names, so we trap the
// exception
// unless a subclass wishes to implement more specialized behaviour.
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Failed to bind as " + aUserDn + ": " + e.getMessage(), e); logger.debug("Failed to load user " + aUserDn + ": " + e.getMessage(), e);
} }
} }
return null; return null;
@ -97,7 +80,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
// tries them all until we found something // tries them all until we found something
while (myDns.hasNext() && (user == null)) { while (myDns.hasNext() && (user == null)) {
user = bindWithoutDn((String) myDns.next(), userName); user = loadUser((String) myDns.next(), userName);
} }
// Otherwise use the configured locator to find the user // Otherwise use the configured locator to find the user
@ -105,7 +88,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
if ((user == null) && (getUserSearch() != null)) { if ((user == null) && (getUserSearch() != null)) {
DirContextOperations userFromSearch = getUserSearch().searchForUser(userName); DirContextOperations userFromSearch = getUserSearch().searchForUser(userName);
// lancer l'identificvation // lancer l'identificvation
user = bindWithoutDn(userFromSearch.getDn().toString(), userName); user = loadUser(userFromSearch.getDn().toString(), userName);
} }
// Failed to locate the user in the LDAP directory // Failed to locate the user in the LDAP directory