From 4e65b24253fbabe2b150c0ec07536f717b6f4cff Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Mon, 28 Aug 2006 20:58:26 +0000 Subject: [PATCH] SEC-245: Add mapPassword method to allow customized translation of password attribute. --- .../ldap/LdapUserDetailsMapper.java | 28 +++++++++++++------ .../ldap/LdapUserDetailsMapperTests.java | 13 +++++++++ 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java b/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java index 50fed353da..811f790747 100644 --- a/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java +++ b/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java @@ -58,14 +58,7 @@ public class LdapUserDetailsMapper implements LdapEntryMapper { Attribute passwordAttribute = attributes.get(passwordAttributeName); if (passwordAttribute != null) { - Object retrievedPassword = passwordAttribute.get(); - - if (!(retrievedPassword instanceof String)) { - // Assume it's binary - retrievedPassword = new String((byte[]) retrievedPassword); - } - - essence.setPassword((String) retrievedPassword); + essence.setPassword(mapPassword(passwordAttribute)); } // Map the roles @@ -93,6 +86,25 @@ public class LdapUserDetailsMapper implements LdapEntryMapper { return essence; } + /** + * Extension point to allow customized creation of the user's password from + * the attribute stored in the directory. + * + * @param passwordAttribute the attribute instance containing the password + * @return a String representation of the password. + */ + protected String mapPassword(Attribute passwordAttribute) throws NamingException { + Object retrievedPassword = passwordAttribute.get(); + + if (!(retrievedPassword instanceof String)) { + // Assume it's binary + retrievedPassword = new String((byte[]) retrievedPassword); + } + + return (String) retrievedPassword; + + } + /** * Creates a GrantedAuthority from a role attribute. Override to customize * authority object creation. diff --git a/core/src/test/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java b/core/src/test/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java index 2c1dc600b1..d1203d7722 100644 --- a/core/src/test/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java +++ b/core/src/test/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java @@ -79,4 +79,17 @@ public class LdapUserDetailsMapperTests extends TestCase { assertEquals(0, user.getGrantedAuthorities().length); } + + public void testPasswordAttributeIsMappedCorrectly() throws Exception { + LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); + + mapper.setPasswordAttributeName("myappsPassword"); + BasicAttributes attrs = new BasicAttributes(); + attrs.put(new BasicAttribute("myappsPassword", "mypassword".getBytes())); + + LdapUserDetails user = + ((LdapUserDetailsImpl.Essence) mapper.mapAttributes("cn=someName", attrs)).createUserDetails(); + + assertEquals("mypassword", user.getPassword()); + } }