SEC-245: Add mapPassword method to allow customized translation of password attribute.

2025-06-26 13:53:14 +00:00 · 2006-08-28 20:58:26 +00:00 · 2006-08-28 20:58:26 +00:00 · 4e65b24253
commit 4e65b24253
parent 1149da6137
2 changed files with 33 additions and 8 deletions
--- a/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java
+++ b/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java
@ -58,14 +58,7 @@ public class LdapUserDetailsMapper implements LdapEntryMapper {
        Attribute passwordAttribute = attributes.get(passwordAttributeName);

        if (passwordAttribute != null) {
-            Object retrievedPassword = passwordAttribute.get();
-
-            if (!(retrievedPassword instanceof String)) {
-                // Assume it's binary
-                retrievedPassword = new String((byte[]) retrievedPassword);
-            }
-
-            essence.setPassword((String) retrievedPassword);
+            essence.setPassword(mapPassword(passwordAttribute));
        }

        // Map the roles
@ -93,6 +86,25 @@ public class LdapUserDetailsMapper implements LdapEntryMapper {
        return essence;
    }

+    /**
+     * Extension point to allow customized creation of the user's password from
+     * the attribute stored in the directory.
+     *
+     * @param passwordAttribute the attribute instance containing the password
+     * @return a String representation of the password.
+     */
+    protected String mapPassword(Attribute passwordAttribute) throws NamingException {
+        Object retrievedPassword = passwordAttribute.get();
+
+        if (!(retrievedPassword instanceof String)) {
+            // Assume it's binary
+            retrievedPassword = new String((byte[]) retrievedPassword);
+        }
+
+        return (String) retrievedPassword;
+
+    }
+
    /**
     * Creates a GrantedAuthority from a role attribute. Override to customize
     * authority object creation.
--- a/core/src/test/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java
+++ b/core/src/test/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java
@ -79,4 +79,17 @@ public class LdapUserDetailsMapperTests extends TestCase {

        assertEquals(0, user.getGrantedAuthorities().length);
    }
+
+    public void testPasswordAttributeIsMappedCorrectly() throws Exception {
+        LdapUserDetailsMapper mapper = new LdapUserDetailsMapper();
+
+        mapper.setPasswordAttributeName("myappsPassword");
+        BasicAttributes attrs = new BasicAttributes();
+        attrs.put(new BasicAttribute("myappsPassword", "mypassword".getBytes()));
+
+        LdapUserDetails user =
+                ((LdapUserDetailsImpl.Essence) mapper.mapAttributes("cn=someName", attrs)).createUserDetails();
+
+        assertEquals("mypassword", user.getPassword());
+    }
 }