Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 14:22:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-8: Tidied up Ntlm contribution. NtlmAwareLdapAuthenticatorImpl was catching BadCredentialsExceptions which wouldn't be thrown since it doesn't actually do a bind. Changed to NameNotFoundException. Changed "bindWithoutDn" method name to "loadUser" which more clearly describes what it does.

Browse Source
This commit is contained in:
Luke Taylor 2007-09-19 00:27:17 +00:00
parent 58509a2736
commit 3afa96d7cc
7 changed files with 68 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ntlm/src/main/java/org/acegisecurity/ui/ntlm/HttpFilter.java
View File

@ -58,4 +58,4 @@ public abstract class HttpFilter implements Filter {
response.sendRedirect(response.encodeRedirectURL(url)); response.sendRedirect(response.encodeRedirectURL(url));
} }
} // End HttpFilter }

2
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmBaseException.java
View File

@ -31,4 +31,4 @@ public abstract class NtlmBaseException extends AuthenticationException {
super(msg); super(msg);
} }
} // End NtlmBaseException }

2
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmBeginHandshakeException.java
View File

@ -28,4 +28,4 @@ public class NtlmBeginHandshakeException extends NtlmBaseException {
super("NTLM"); super("NTLM");
} }
} // End NtlmBeginHandshakeException }

73
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmProcessingFilter.java
View File

@ -72,7 +72,7 @@ import org.springframework.util.Assert;
* server to automatcially discover the username of a browser client when that * server to automatcially discover the username of a browser client when that
* client is logged into a Windows domain and is using an NTLM-aware browser. * client is logged into a Windows domain and is using an NTLM-aware browser.
* A web application can then reuse the user's Windows credentials without * A web application can then reuse the user's Windows credentials without
* having to ask for them again. * having to ask for them again.
* <p> * <p>
* Because NTLM only provides the username of the Windows client, an Acegi * Because NTLM only provides the username of the Windows client, an Acegi
* Security NTLM deployment must have a <code>UserDetailsService</code> that * Security NTLM deployment must have a <code>UserDetailsService</code> that
@ -83,7 +83,7 @@ import org.springframework.util.Assert;
* The Acegi Security bean configuration file must also place the * The Acegi Security bean configuration file must also place the
* <code>ExceptionTranslationFilter</code> before this filter in the * <code>ExceptionTranslationFilter</code> before this filter in the
* <code>FilterChainProxy</code> definition. * <code>FilterChainProxy</code> definition.
* *
* @author Davide Baroncelli * @author Davide Baroncelli
* @author Edward Smith * @author Edward Smith
* @version $Id$ * @version $Id$
@ -102,16 +102,16 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
/** Shoud the filter load balance among multiple domain controllers, default <code>false</code> */ /** Should the filter load balance among multiple domain controllers, default <code>false</code> */
private boolean loadBalance; private boolean loadBalance;
/** Shoud the domain name be stripped from the username, default <code>true</code> */ /** Should the domain name be stripped from the username, default <code>true</code> */
private boolean stripDomain = true; private boolean stripDomain = true;
/** Should the filter initiate NTLM negotiations, default <code>true</code> */ /** Should the filter initiate NTLM negotiations, default <code>true</code> */
private boolean forceIdentification = true; private boolean forceIdentification = true;
/** Shoud the filter retry NTLM on authorization failure, default <code>false</code> */ /** Should the filter retry NTLM on authorization failure, default <code>false</code> */
private boolean retryOnAuthFailure; private boolean retryOnAuthFailure;
private String soTimeout; private String soTimeout;
@ -120,7 +120,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
private String domainController; private String domainController;
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
//~ Public Methods ================================================================================================= //~ Methods ========================================================================================================
/** /**
* Ensures an <code>AuthenticationManager</code> and authentication failure * Ensures an <code>AuthenticationManager</code> and authentication failure
@ -130,9 +130,9 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required"); Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
// Default to 5 minutes if not already specified // Default to 5 minutes if not already specified
Config.setProperty("jcifs.smb.client.soTimeout", (soTimeout == null) ? "300000" : soTimeout); Config.setProperty("jcifs.smb.client.soTimeout", soTimeout == null ? "300000" : soTimeout);
// Default to 20 minutes if not already specified // Default to 20 minutes if not already specified
Config.setProperty("jcifs.netbios.cachePolicy", (cachePolicy == null) ? "1200" : cachePolicy); Config.setProperty("jcifs.netbios.cachePolicy", cachePolicy == null ? "1200" : cachePolicy);
if (domainController == null) { if (domainController == null) {
domainController = defaultDomain; domainController = defaultDomain;
@ -141,7 +141,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Sets the <code>AuthenticationManager</code> to use. * Sets the <code>AuthenticationManager</code> to use.
* *
* @param authenticationManager the <code>AuthenticationManager</code> to use. * @param authenticationManager the <code>AuthenticationManager</code> to use.
*/ */
public void setAuthenticationManager(AuthenticationManager authenticationManager) { public void setAuthenticationManager(AuthenticationManager authenticationManager) {
@ -153,7 +153,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* client username and password are also set, then preauthentication will * client username and password are also set, then preauthentication will
* be used which is necessary to initialize the SMB signing digest. SMB * be used which is necessary to initialize the SMB signing digest. SMB
* signatures are required by default on Windows 2003 domain controllers. * signatures are required by default on Windows 2003 domain controllers.
* *
* @param defaultDomain The name of the default domain. * @param defaultDomain The name of the default domain.
*/ */
public void setDefaultDomain(String defaultDomain) { public void setDefaultDomain(String defaultDomain) {
@ -163,7 +163,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Sets the SMB client username. * Sets the SMB client username.
* *
* @param smbClientUsername The SMB client username. * @param smbClientUsername The SMB client username.
*/ */
public void setSmbClientUsername(String smbClientUsername) { public void setSmbClientUsername(String smbClientUsername) {
@ -172,7 +172,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Sets the SMB client password. * Sets the SMB client password.
* *
* @param smbClientPassword The SMB client password. * @param smbClientPassword The SMB client password.
*/ */
public void setSmbClientPassword(String smbClientPassword) { public void setSmbClientPassword(String smbClientPassword) {
@ -184,8 +184,8 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* authentication is forced to use a separate transport. This effectively * authentication is forced to use a separate transport. This effectively
* ignores SMB signing requirements, however at the expense of reducing * ignores SMB signing requirements, however at the expense of reducing
* scalability. Preauthentication with a domain, username, and password is * scalability. Preauthentication with a domain, username, and password is
* the preferred method for working with servers that require signatures. * the preferred method for working with servers that require signatures.
* *
* @param smbClientSSNLimit The SMB client SSN limit. * @param smbClientSSNLimit The SMB client SSN limit.
*/ */
public void setSmbClientSSNLimit(String smbClientSSNLimit) { public void setSmbClientSSNLimit(String smbClientSSNLimit) {
@ -196,17 +196,17 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* Configures JCIFS to use a WINS server. It is preferred to use a WINS * Configures JCIFS to use a WINS server. It is preferred to use a WINS
* server over a specific domain controller. Set this property instead of * server over a specific domain controller. Set this property instead of
* <code>domainController</code> if there is a WINS server available. * <code>domainController</code> if there is a WINS server available.
* *
* @param netbiosWINS The WINS server JCIFS will use. * @param netbiosWINS The WINS server JCIFS will use.
*/ */
public void setNetbiosWINS(String netbiosWINS) { public void setNetbiosWINS(String netbiosWINS) {
Config.setProperty("jcifs.netbios.wins", netbiosWINS); Config.setProperty("jcifs.netbios.wins", netbiosWINS);
} }
/** /**
* The IP address of any SMB server that should be used to authenticate * The IP address of any SMB server that should be used to authenticate
* HTTP clients. * HTTP clients.
* *
* @param domainController The IP address of the domain controller. * @param domainController The IP address of the domain controller.
*/ */
public void setDomainController(String domainController) { public void setDomainController(String domainController) {
@ -218,7 +218,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* specified, then query for domain controllers by name. When load * specified, then query for domain controllers by name. When load
* balance is <code>true</code>, rotate through the list of domain * balance is <code>true</code>, rotate through the list of domain
* controllers when authenticating users. * controllers when authenticating users.
* *
* @param loadBalance The load balance flag value. * @param loadBalance The load balance flag value.
*/ */
public void setLoadBalance(boolean loadBalance) { public void setLoadBalance(boolean loadBalance) {
@ -229,7 +229,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* Configures <code>NtlmProcessingFilter</code> to strip the Windows * Configures <code>NtlmProcessingFilter</code> to strip the Windows
* domain name from the username when set to <code>true</code>, which * domain name from the username when set to <code>true</code>, which
* is the default value. * is the default value.
* *
* @param stripDomain The strip domain flag value. * @param stripDomain The strip domain flag value.
*/ */
public void setStripDomain(boolean stripDomain) { public void setStripDomain(boolean stripDomain) {
@ -240,7 +240,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* Sets the <code>jcifs.smb.client.soTimeout</code> property to the * Sets the <code>jcifs.smb.client.soTimeout</code> property to the
* timeout value specified in milliseconds. Defaults to 5 minutes * timeout value specified in milliseconds. Defaults to 5 minutes
* if not specified. * if not specified.
* *
* @param timeout The milliseconds timeout value. * @param timeout The milliseconds timeout value.
*/ */
public void setSoTimeout(String timeout) { public void setSoTimeout(String timeout) {
@ -251,7 +251,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* Sets the <code>jcifs.netbios.cachePolicy</code> property to the * Sets the <code>jcifs.netbios.cachePolicy</code> property to the
* number of seconds a NetBIOS address is cached by JCIFS. Defaults to * number of seconds a NetBIOS address is cached by JCIFS. Defaults to
* 20 minutes if not specified. * 20 minutes if not specified.
* *
* @param numSeconds The number of seconds a NetBIOS address is cached. * @param numSeconds The number of seconds a NetBIOS address is cached.
*/ */
public void setCachePolicy(String numSeconds) { public void setCachePolicy(String numSeconds) {
@ -261,7 +261,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Loads properties starting with "jcifs" into the JCIFS configuration. * Loads properties starting with "jcifs" into the JCIFS configuration.
* Any other properties are ignored. * Any other properties are ignored.
* *
* @param props The JCIFS properties to set. * @param props The JCIFS properties to set.
*/ */
public void setJcifsProperties(Properties props) { public void setJcifsProperties(Properties props) {
@ -277,7 +277,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Returns <code>true</code> if NTLM authentication is forced. * Returns <code>true</code> if NTLM authentication is forced.
* *
* @return <code>true</code> if NTLM authentication is forced. * @return <code>true</code> if NTLM authentication is forced.
*/ */
public boolean isForceIdentification() { public boolean isForceIdentification() {
@ -286,7 +286,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Sets a flag denoting whether NTLM authentication should be forced. * Sets a flag denoting whether NTLM authentication should be forced.
* *
* @param forceIdentification the force identification flag value to set. * @param forceIdentification the force identification flag value to set.
*/ */
public void setForceIdentification(boolean forceIdentification) { public void setForceIdentification(boolean forceIdentification) {
@ -297,15 +297,13 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* Sets a flag denoting whether NTLM should retry whenever authentication * Sets a flag denoting whether NTLM should retry whenever authentication
* fails. Retry will only occur on an {@link AuthenticationCredentialsNotFoundException} * fails. Retry will only occur on an {@link AuthenticationCredentialsNotFoundException}
* or {@link InsufficientAuthenticationException}. * or {@link InsufficientAuthenticationException}.
* *
* @param retryOnFailure the retry on failure flag value to set. * @param retryOnFailure the retry on failure flag value to set.
*/ */
public void setRetryOnAuthFailure(boolean retryOnFailure) { public void setRetryOnAuthFailure(boolean retryOnFailure) {
this.retryOnAuthFailure = retryOnFailure; this.retryOnAuthFailure = retryOnFailure;
} }
//~ Protected Methods ==============================================================================================
protected void doFilter(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException { protected void doFilter(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException {
final HttpSession session = request.getSession(); final HttpSession session = request.getSession();
Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR); Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR);
@ -350,8 +348,6 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
} }
} }
//~ Private Methods ================================================================================================
/** /**
* Returns <code>true</code> if reauthentication is needed on an IE POST. * Returns <code>true</code> if reauthentication is needed on an IE POST.
*/ */
@ -362,7 +358,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Creates and returns a Type 2 message from the provided Type 1 message. * Creates and returns a Type 2 message from the provided Type 1 message.
* *
* @param message the Type 1 message to process. * @param message the Type 1 message to process.
* @param session the <code>HTTPSession</code> object. * @param session the <code>HTTPSession</code> object.
* @param dcAddress the domain controller address. * @param dcAddress the domain controller address.
@ -379,7 +375,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Builds and returns an <code>NtlmPasswordAuthentication</code> object * Builds and returns an <code>NtlmPasswordAuthentication</code> object
* from the provided Type 3 message. * from the provided Type 3 message.
* *
* @param message the Type 3 message to process. * @param message the Type 3 message to process.
* @param session the <code>HTTPSession</code> object. * @param session the <code>HTTPSession</code> object.
* @param dcAddress the domain controller address. * @param dcAddress the domain controller address.
@ -400,7 +396,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Checks the user credentials against the domain controller. * Checks the user credentials against the domain controller.
* *
* @param session the <code>HTTPSession</code> object. * @param session the <code>HTTPSession</code> object.
* @param dcAddress the domain controller address. * @param dcAddress the domain controller address.
* @param auth the <code>NtlmPasswordAuthentication</code> object. * @param auth the <code>NtlmPasswordAuthentication</code> object.
@ -424,7 +420,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Authenticates the user credentials acquired from NTLM against the Acegi * Authenticates the user credentials acquired from NTLM against the Acegi
* Security <code>AuthenticationManager</code>. * Security <code>AuthenticationManager</code>.
* *
* @param request the <code>HttpServletRequest</code> object. * @param request the <code>HttpServletRequest</code> object.
* @param response the <code>HttpServletResponse</code> object. * @param response the <code>HttpServletResponse</code> object.
* @param session the <code>HttpSession</code> object. * @param session the <code>HttpSession</code> object.
@ -472,7 +468,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Returns the domain controller address based on the <code>loadBalance</code> * Returns the domain controller address based on the <code>loadBalance</code>
* setting. * setting.
* *
* @param session the <code>HttpSession</code> object. * @param session the <code>HttpSession</code> object.
* @return the domain controller address. * @return the domain controller address.
* @throws UnknownHostException * @throws UnknownHostException
@ -494,7 +490,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
/** /**
* Returns the domain controller challenge based on the <code>loadBalance</code> * Returns the domain controller challenge based on the <code>loadBalance</code>
* setting. * setting.
* *
* @param session the <code>HttpSession</code> object. * @param session the <code>HttpSession</code> object.
* @param dcAddress the domain controller address. * @param dcAddress the domain controller address.
* @return the domain controller challenge. * @return the domain controller challenge.
@ -502,10 +498,11 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
* @throws SmbException * @throws SmbException
*/ */
private byte[] getChallenge(final HttpSession session, final UniAddress dcAddress) throws UnknownHostException, SmbException { private byte[] getChallenge(final HttpSession session, final UniAddress dcAddress) throws UnknownHostException, SmbException {
if (loadBalance) if (loadBalance) {
return ((NtlmChallenge) session.getAttribute(CHALLENGE_ATTR)).challenge; return ((NtlmChallenge) session.getAttribute(CHALLENGE_ATTR)).challenge;
}
return SmbSession.getChallenge(dcAddress); return SmbSession.getChallenge(dcAddress);
} }
} // End NtlmProcessingFilter } // End NtlmProcessingFilter

12
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmProcessingFilterEntryPoint.java
View File

@ -45,7 +45,7 @@ import jcifs.Config;
* @version $Id$ * @version $Id$
*/ */
public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean { public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
//~ Static fields/initializers ============================================= //~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(NtlmProcessingFilterEntryPoint.class); private static final Log logger = LogFactory.getLog(NtlmProcessingFilterEntryPoint.class);
@ -54,7 +54,7 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
/** Where to redirect the browser to if authentication fails */ /** Where to redirect the browser to if authentication fails */
private String authenticationFailureUrl; private String authenticationFailureUrl;
//~ Methods ================================================================ //~ Methods ========================================================================================================
/** /**
* Ensures an authentication failure URL has been provided in the bean * Ensures an authentication failure URL has been provided in the bean
@ -66,7 +66,7 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
/** /**
* Sets the authentication failure URL. * Sets the authentication failure URL.
* *
* @param authenticationFailureUrl the authentication failure URL. * @param authenticationFailureUrl the authentication failure URL.
*/ */
public void setAuthenticationFailureUrl(String authenticationFailureUrl) { public void setAuthenticationFailureUrl(String authenticationFailureUrl) {
@ -83,11 +83,11 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
* <li>{@link NtlmBeginHandshakeException}: NTLM * <li>{@link NtlmBeginHandshakeException}: NTLM
* <li>{@link NtlmType2MessageException}: NTLM &lt;base64-encoded type-2-message&gt; * <li>{@link NtlmType2MessageException}: NTLM &lt;base64-encoded type-2-message&gt;
* </ul> * </ul>
* *
* If the {@link AuthenticationException} is not a subclass of * If the {@link AuthenticationException} is not a subclass of
* {@link NtlmBaseException}, then redirect the user to the authentication * {@link NtlmBaseException}, then redirect the user to the authentication
* failure URL. * failure URL.
* *
* @param request The {@link HttpServletRequest} object. * @param request The {@link HttpServletRequest} object.
* @param response Then {@link HttpServletResponse} object. * @param response Then {@link HttpServletResponse} object.
* @param authException Either {@link NtlmBeginHandshakeException}, * @param authException Either {@link NtlmBeginHandshakeException},
@ -116,4 +116,4 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
} }
} }
} // End NtlmProcessingFilterEntryPoint }

7
ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmType2MessageException.java
View File

@ -41,8 +41,9 @@ public class NtlmType2MessageException extends NtlmBaseException {
* Internet Explorer does a POST. * Internet Explorer does a POST.
*/ */
public void preserveAuthentication() { public void preserveAuthentication() {
if (auth != null) if (auth != null) {
SecurityContextHolder.getContext().setAuthentication(auth); SecurityContextHolder.getContext().setAuthentication(auth);
} }
}
} // End NTLMType2MessageException }

57
ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticatorImpl.java
View File

@ -14,6 +14,7 @@ import org.acegisecurity.ui.ntlm.NtlmUsernamePasswordAuthenticationToken;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.DirContextOperations; import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.NameNotFoundException;
/** /**
* Loads the UserDetails if authentication was already performed by NTLM (indicated by the type of authentication * Loads the UserDetails if authentication was already performed by NTLM (indicated by the type of authentication
@ -23,52 +24,34 @@ import org.springframework.ldap.core.DirContextOperations;
* *
*/ */
public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator { public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
/** //~ Static fields/initializers =====================================================================================
* Logger for this class
*/ private static final Log logger = LogFactory.getLog(NtlmAwareLdapAuthenticatorImpl.class);
private static final Log logger = LogFactory.getLog(NtlmAwareLdapAuthenticatorImpl.class);
//~ Constructors ===================================================================================================
/**
* @param initialDirContextFactory
*/
public NtlmAwareLdapAuthenticatorImpl(InitialDirContextFactory initialDirContextFactory) { public NtlmAwareLdapAuthenticatorImpl(InitialDirContextFactory initialDirContextFactory) {
super(initialDirContextFactory); super(initialDirContextFactory);
} }
/** //~ Methods ========================================================================================================
* Prepare the template without bind requirements.
*
* @param aUserDn
* @param aUserName
* @see #loadDetail(SpringSecurityLdapTemplate, String, String)
* @return
*/
protected DirContextOperations bindWithoutDn(String aUserDn, String aUserName) {
SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(getInitialDirContextFactory());
return loadDetail(template, aUserDn, aUserName);
}
/** /**
* Load datas * Loads the user context information without binding.
*
* @param aTemplate
* @param aUserDn
* @param aUserName
* @return
*/ */
protected DirContextOperations loadDetail(SpringSecurityLdapTemplate aTemplate, String aUserDn, String aUserName) { protected DirContextOperations loadUser(String aUserDn, String aUserName) {
SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(getInitialDirContextFactory());
try { try {
DirContextOperations user = aTemplate.retrieveEntry(aUserDn, getUserAttributes()); DirContextOperations user = template.retrieveEntry(aUserDn, getUserAttributes());
return user; return user;
} catch (BadCredentialsException e) { } catch (NameNotFoundException e) {
// This will be thrown if an invalid user name is used and the // This will be thrown if an invalid user name is used and the method may
// method may // be called multiple times to try different names, so we trap the exception.
// be called multiple times to try different names, so we trap the
// exception
// unless a subclass wishes to implement more specialized behaviour.
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Failed to bind as " + aUserDn + ": " + e.getMessage(), e); logger.debug("Failed to load user " + aUserDn + ": " + e.getMessage(), e);
} }
} }
return null; return null;
@ -97,7 +80,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
// tries them all until we found something // tries them all until we found something
while (myDns.hasNext() && (user == null)) { while (myDns.hasNext() && (user == null)) {
user = bindWithoutDn((String) myDns.next(), userName); user = loadUser((String) myDns.next(), userName);
} }
// Otherwise use the configured locator to find the user // Otherwise use the configured locator to find the user
@ -105,7 +88,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
if ((user == null) && (getUserSearch() != null)) { if ((user == null) && (getUserSearch() != null)) {
DirContextOperations userFromSearch = getUserSearch().searchForUser(userName); DirContextOperations userFromSearch = getUserSearch().searchForUser(userName);
// lancer l'identificvation // lancer l'identificvation
user = bindWithoutDn(userFromSearch.getDn().toString(), userName); user = loadUser(userFromSearch.getDn().toString(), userName);
} }
// Failed to locate the user in the LDAP directory // Failed to locate the user in the LDAP directory