SEC-8: Tidied up Ntlm contribution. NtlmAwareLdapAuthenticatorImpl was catching BadCredentialsExceptions which wouldn't be thrown since it doesn't actually do a bind. Changed to NameNotFoundException. Changed "bindWithoutDn" method name to "loadUser" which more clearly describes what it does.

ntlm/src/main/java/org/acegisecurity/ui/ntlm/HttpFilter.java

@@ -58,4 +58,4 @@ public abstract class HttpFilter implements Filter {
 		response.sendRedirect(response.encodeRedirectURL(url));
 	}
 
-}	// End HttpFilter
+}

ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmBaseException.java

@@ -31,4 +31,4 @@ public abstract class NtlmBaseException extends AuthenticationException {
 		super(msg);
 	}
 
-}	// End NtlmBaseException
+}

ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmBeginHandshakeException.java

@@ -28,4 +28,4 @@ public class NtlmBeginHandshakeException extends NtlmBaseException {
 		super("NTLM");
 	}
 
-}	// End NtlmBeginHandshakeException
+}

ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmProcessingFilter.java

@@ -102,16 +102,16 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 
 	//~ Instance fields ================================================================================================
 
-	/** Shoud the filter load balance among multiple domain controllers, default <code>false</code>		*/
+	/** Should the filter load balance among multiple domain controllers, default <code>false</code> */
 	private boolean	loadBalance;
 
-	/** Shoud the domain name be stripped from the username, default <code>true</code>					*/
+	/** Should the domain name be stripped from the username, default <code>true</code> */
 	private boolean stripDomain = true;
 
 	/** Should the filter initiate NTLM negotiations, default <code>true</code>	*/
 	private boolean forceIdentification = true;
 
-	/** Shoud the filter retry NTLM on authorization failure, default <code>false</code>				*/
+	/** Should the filter retry NTLM on authorization failure, default <code>false</code> */
 	private boolean retryOnAuthFailure;
 
 	private String	soTimeout;
@@ -120,7 +120,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 	private String	domainController;
 	private AuthenticationManager authenticationManager;
 
-	//~ Public Methods =================================================================================================
+	//~ Methods ========================================================================================================
 
 	/**
 	 * Ensures an <code>AuthenticationManager</code> and authentication failure
@@ -130,9 +130,9 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 		Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
 
 		// Default to 5 minutes if not already specified
-		Config.setProperty("jcifs.smb.client.soTimeout", (soTimeout == null) ? "300000" : soTimeout);
+		Config.setProperty("jcifs.smb.client.soTimeout", soTimeout == null ? "300000" : soTimeout);
 		// Default to 20 minutes if not already specified
-		Config.setProperty("jcifs.netbios.cachePolicy", (cachePolicy == null) ? "1200" : cachePolicy);
+		Config.setProperty("jcifs.netbios.cachePolicy", cachePolicy == null ? "1200" : cachePolicy);
 
 		if (domainController == null) {
 			domainController = defaultDomain;
@@ -304,8 +304,6 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 		this.retryOnAuthFailure = retryOnFailure;
 	}
 
-	//~ Protected Methods ==============================================================================================
-
 	protected void doFilter(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException {
 		final HttpSession session = request.getSession();
 		Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR);
@@ -350,8 +348,6 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 		}
 	}
 
-	//~ Private Methods ================================================================================================
-
 	/**
 	 * Returns <code>true</code> if reauthentication is needed on an IE POST.
 	 */
@@ -502,8 +498,9 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 	 * @throws SmbException
 	 */
 	private byte[] getChallenge(final HttpSession session, final UniAddress dcAddress) throws UnknownHostException, SmbException {
-		if (loadBalance)
+		if (loadBalance) {
 			return ((NtlmChallenge) session.getAttribute(CHALLENGE_ATTR)).challenge;
+        }
 
         return SmbSession.getChallenge(dcAddress);
 	}

ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmProcessingFilterEntryPoint.java

@@ -45,7 +45,7 @@ import jcifs.Config;
  * @version $Id$
  */
 public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
-    //~ Static fields/initializers =============================================
+    //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(NtlmProcessingFilterEntryPoint.class);
 
@@ -54,7 +54,7 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
 	/** Where to redirect the browser to if authentication fails		*/
 	private String authenticationFailureUrl;
 
-	//~ Methods ================================================================
+	//~ Methods ========================================================================================================
 
 	/**
 	 * Ensures an authentication failure URL has been provided in the bean
@@ -116,4 +116,4 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
 		}
 	}
 
-}	// End NtlmProcessingFilterEntryPoint
+}

ntlm/src/main/java/org/acegisecurity/ui/ntlm/NtlmType2MessageException.java

@@ -41,8 +41,9 @@ public class NtlmType2MessageException extends NtlmBaseException {
 	 * Internet Explorer does a POST.
 	 */
 	public void preserveAuthentication() {
-		if (auth != null)
+		if (auth != null) {
 			SecurityContextHolder.getContext().setAuthentication(auth);
         }
+    }
 
-}	// End NTLMType2MessageException
+}

ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticatorImpl.java

@@ -14,6 +14,7 @@ import org.acegisecurity.ui.ntlm.NtlmUsernamePasswordAuthenticationToken;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.ldap.NameNotFoundException;
 
 /**
  * Loads the UserDetails if authentication was already performed by NTLM (indicated by the type of authentication
@@ -23,52 +24,34 @@ import org.springframework.ldap.core.DirContextOperations;
  *
  */
 public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
-	/**
-	 * Logger for this class
-	 */
+    //~ Static fields/initializers =====================================================================================
+
     private static final Log logger = LogFactory.getLog(NtlmAwareLdapAuthenticatorImpl.class);
 
-	/**
-	 * @param initialDirContextFactory
-	 */
+
+    //~ Constructors ===================================================================================================
+
 	public NtlmAwareLdapAuthenticatorImpl(InitialDirContextFactory initialDirContextFactory) {
 		super(initialDirContextFactory);
 	}
 
-	/**
-	 * Prepare the template without bind requirements.
-	 *
-	 * @param aUserDn
-	 * @param aUserName
-	 * @see #loadDetail(SpringSecurityLdapTemplate, String, String)
-	 * @return
-	 */
-	protected DirContextOperations bindWithoutDn(String aUserDn, String aUserName) {
-		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(getInitialDirContextFactory());
-		return loadDetail(template, aUserDn, aUserName);
-	}
+    //~ Methods ========================================================================================================
 
     /**
-	 * Load datas
-	 *
-	 * @param aTemplate
-	 * @param aUserDn
-	 * @param aUserName
-	 * @return
+     * Loads the user context information without binding.
 	 */
-	protected DirContextOperations loadDetail(SpringSecurityLdapTemplate aTemplate, String aUserDn, String aUserName) {
+	protected DirContextOperations loadUser(String aUserDn, String aUserName) {
+		SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(getInitialDirContextFactory());
+
 		try {
-			DirContextOperations user =  aTemplate.retrieveEntry(aUserDn, getUserAttributes());
+			DirContextOperations user =  template.retrieveEntry(aUserDn, getUserAttributes());
 
 			return user;
-		} catch (BadCredentialsException e) {
-			// This will be thrown if an invalid user name is used and the
-			// method may
-			// be called multiple times to try different names, so we trap the
-			// exception
-			// unless a subclass wishes to implement more specialized behaviour.
+		} catch (NameNotFoundException e) {
+			// This will be thrown if an invalid user name is used and the method may
+			// be called multiple times to try different names, so we trap the exception.
 			if (logger.isDebugEnabled()) {
-				logger.debug("Failed to bind as " + aUserDn + ": " + e.getMessage(), e);
+				logger.debug("Failed to load user " + aUserDn + ": " + e.getMessage(), e);
 			}
 		}
 		return null;
@@ -97,7 +80,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
 
 		// tries them all until we found something
 		while (myDns.hasNext() && (user == null)) {
-			user = bindWithoutDn((String) myDns.next(), userName);
+			user = loadUser((String) myDns.next(), userName);
 		}
 
 		// Otherwise use the configured locator to find the user
@@ -105,7 +88,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
 		if ((user == null) && (getUserSearch() != null)) {
 			DirContextOperations userFromSearch = getUserSearch().searchForUser(userName);
 			// lancer l'identificvation
-			user = bindWithoutDn(userFromSearch.getDn().toString(), userName);
+			user = loadUser(userFromSearch.getDn().toString(), userName);
 		}
 
 		// Failed to locate the user in the LDAP directory