Added MessageSource support for LDAP provider classes.
This commit is contained in:
parent
e81be72bd7
commit
56bccf6070
|
@ -24,9 +24,12 @@ import javax.naming.CommunicationException;
|
||||||
import javax.naming.directory.InitialDirContext;
|
import javax.naming.directory.InitialDirContext;
|
||||||
import javax.naming.directory.DirContext;
|
import javax.naming.directory.DirContext;
|
||||||
|
|
||||||
import org.springframework.dao.DataAccessResourceFailureException;
|
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
import org.springframework.context.MessageSourceAware;
|
||||||
|
import org.springframework.context.MessageSource;
|
||||||
|
import org.springframework.context.support.MessageSourceAccessor;
|
||||||
import org.acegisecurity.BadCredentialsException;
|
import org.acegisecurity.BadCredentialsException;
|
||||||
|
import org.acegisecurity.AcegiMessageSource;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
|
@ -60,7 +63,8 @@ import org.apache.commons.logging.LogFactory;
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class DefaultInitialDirContextFactory implements InitialDirContextFactory {
|
public class DefaultInitialDirContextFactory implements InitialDirContextFactory,
|
||||||
|
MessageSourceAware {
|
||||||
|
|
||||||
//~ Static fields/initializers =============================================
|
//~ Static fields/initializers =============================================
|
||||||
|
|
||||||
|
@ -72,6 +76,8 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
|
||||||
|
|
||||||
//~ Instance fields ========================================================
|
//~ Instance fields ========================================================
|
||||||
|
|
||||||
|
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The LDAP url of the server (and root context) to connect to.
|
* The LDAP url of the server (and root context) to connect to.
|
||||||
* TODO: Allow a backup URL for a replication server.
|
* TODO: Allow a backup URL for a replication server.
|
||||||
|
@ -213,11 +219,17 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
|
||||||
return new InitialDirContext(env);
|
return new InitialDirContext(env);
|
||||||
|
|
||||||
} catch(CommunicationException ce) {
|
} catch(CommunicationException ce) {
|
||||||
throw new DataAccessResourceFailureException("Unable to connect to LDAP Server.", ce);
|
throw new LdapDataAccessException(messages.getMessage(
|
||||||
|
"DefaultIntitalDirContextFactory.communicationFailure",
|
||||||
|
"Unable to connect to LDAP server"), ce);
|
||||||
} catch(javax.naming.AuthenticationException ae) {
|
} catch(javax.naming.AuthenticationException ae) {
|
||||||
throw new BadCredentialsException("Authentication to LDAP server failed.", ae);
|
throw new BadCredentialsException(messages.getMessage(
|
||||||
|
"DefaultIntitalDirContextFactory.badCredentials",
|
||||||
|
"Bad credentials"), ae);
|
||||||
} catch (NamingException nx) {
|
} catch (NamingException nx) {
|
||||||
throw new LdapDataAccessException("Failed to obtain InitialDirContext", nx);
|
throw new LdapDataAccessException(messages.getMessage(
|
||||||
|
"DefaultIntitalDirContextFactory.unexpectedException",
|
||||||
|
"Failed to obtain InitialDirContext due to unexpected exception"), nx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -265,4 +277,8 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
|
||||||
Assert.notNull(extraEnvVars, "Extra environment map cannot be null.");
|
Assert.notNull(extraEnvVars, "Extra environment map cannot be null.");
|
||||||
this.extraEnvVars = extraEnvVars;
|
this.extraEnvVars = extraEnvVars;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setMessageSource(MessageSource messageSource) {
|
||||||
|
this.messages = new MessageSourceAccessor(messageSource);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -138,10 +138,12 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
|
||||||
}
|
}
|
||||||
|
|
||||||
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
|
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
|
||||||
|
if(logger.isDebugEnabled()) {
|
||||||
logger.debug("Retrieving user " + username);
|
logger.debug("Retrieving user " + username);
|
||||||
|
}
|
||||||
|
|
||||||
String password = (String)authentication.getCredentials();
|
String password = (String)authentication.getCredentials();
|
||||||
Assert.notNull(password, "Null password was supplied in authentication token");
|
Assert.hasLength(password, "Null or empty password was supplied in authentication token");
|
||||||
|
|
||||||
LdapUserInfo ldapUser = authenticator.authenticate(username, password);
|
LdapUserInfo ldapUser = authenticator.authenticate(username, password);
|
||||||
|
|
||||||
|
|
|
@ -18,8 +18,12 @@ package org.acegisecurity.providers.ldap.authenticator;
|
||||||
import org.acegisecurity.providers.ldap.LdapAuthenticator;
|
import org.acegisecurity.providers.ldap.LdapAuthenticator;
|
||||||
import org.acegisecurity.providers.ldap.InitialDirContextFactory;
|
import org.acegisecurity.providers.ldap.InitialDirContextFactory;
|
||||||
import org.acegisecurity.providers.ldap.LdapUserSearch;
|
import org.acegisecurity.providers.ldap.LdapUserSearch;
|
||||||
|
import org.acegisecurity.AcegiMessageSource;
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
import org.springframework.beans.factory.InitializingBean;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
import org.springframework.context.support.MessageSourceAccessor;
|
||||||
|
import org.springframework.context.MessageSourceAware;
|
||||||
|
import org.springframework.context.MessageSource;
|
||||||
|
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -32,10 +36,11 @@ import java.util.ArrayList;
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
|
public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
|
||||||
InitializingBean {
|
InitializingBean, MessageSourceAware {
|
||||||
|
|
||||||
//~ Instance fields ========================================================
|
//~ Instance fields ========================================================
|
||||||
|
|
||||||
|
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||||
private InitialDirContextFactory initialDirContextFactory;
|
private InitialDirContextFactory initialDirContextFactory;
|
||||||
|
|
||||||
//private String[] userDnPattern = null;
|
//private String[] userDnPattern = null;
|
||||||
|
@ -139,6 +144,11 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator,
|
||||||
return initialDirContextFactory;
|
return initialDirContextFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setMessageSource(MessageSource messageSource) {
|
||||||
|
Assert.notNull("Message source must not be null");
|
||||||
|
this.messages = new MessageSourceAccessor(messageSource);
|
||||||
|
}
|
||||||
|
|
||||||
public void afterPropertiesSet() throws Exception {
|
public void afterPropertiesSet() throws Exception {
|
||||||
Assert.isTrue(userDnFormat != null || userSearch != null,
|
Assert.isTrue(userDnFormat != null || userSearch != null,
|
||||||
"Either an LdapUserSearch or DN pattern (or both) must be supplied.");
|
"Either an LdapUserSearch or DN pattern (or both) must be supplied.");
|
||||||
|
|
|
@ -66,7 +66,9 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(user == null) {
|
if(user == null) {
|
||||||
throw new BadCredentialsException("Failed to authenticate as " + username);
|
throw new BadCredentialsException(messages.getMessage(
|
||||||
|
"BindAuthenticator.badCredentials",
|
||||||
|
"Bad credentials"));
|
||||||
}
|
}
|
||||||
|
|
||||||
return user;
|
return user;
|
||||||
|
@ -90,11 +92,15 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||||
user = new LdapUserInfo(userDn, attributes);
|
user = new LdapUserInfo(userDn, attributes);
|
||||||
|
|
||||||
} catch(NamingException ne) {
|
} catch(NamingException ne) {
|
||||||
throw new LdapDataAccessException("Failed to load attributes for user " + userDn, ne);
|
throw new LdapDataAccessException(messages.getMessage(
|
||||||
|
"BindAuthenticator.failedToLoadAttributes", new String[] {userDn},
|
||||||
|
"Failed to load attributes for user {0}"), ne);
|
||||||
} catch(BadCredentialsException e) {
|
} catch(BadCredentialsException e) {
|
||||||
// This will be thrown if an invalid user name is used and the method may
|
// This will be thrown if an invalid user name is used and the method may
|
||||||
// be called multiple times to try different names, so we trap the exception.
|
// be called multiple times to try different names, so we trap the exception.
|
||||||
logger.debug("Failed to bind as " + userDn + ", " + e.getMessage());
|
if(logger.isDebugEnabled()) {
|
||||||
|
logger.debug("Failed to bind as " + userDn + ": " + e.getCause());
|
||||||
|
}
|
||||||
} finally {
|
} finally {
|
||||||
LdapUtils.closeContext(ctx);
|
LdapUtils.closeContext(ctx);
|
||||||
}
|
}
|
||||||
|
|
|
@ -110,7 +110,9 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!verifyPassword(password, (String)retrievedPassword)) {
|
if(!verifyPassword(password, (String)retrievedPassword)) {
|
||||||
throw new BadCredentialsException("Invalid password.");
|
throw new BadCredentialsException(messages.getMessage(
|
||||||
|
"PasswordComparisonAuthenticator.badCredentials",
|
||||||
|
"Bad credentials"));
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
@ -161,7 +163,9 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
|
||||||
new Object[]{passwordBytes}, ctls);
|
new Object[]{passwordBytes}, ctls);
|
||||||
|
|
||||||
if(!results.hasMore()) {
|
if(!results.hasMore()) {
|
||||||
throw new BadCredentialsException("Password comparison failed");
|
throw new BadCredentialsException(messages.getMessage(
|
||||||
|
"PasswordComparisonAuthenticator.badCredentials",
|
||||||
|
"Bad credentials"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -172,7 +176,7 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
|
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
|
||||||
Assert.notNull(passwordEncoder, "Password Encoder must not be null.");
|
Assert.notNull(passwordEncoder, "passwordEncoder must not be null.");
|
||||||
this.passwordEncoder = passwordEncoder;
|
this.passwordEncoder = passwordEncoder;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
<html>
|
||||||
|
<body>
|
||||||
|
LDAP authenticator implementations.
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -37,3 +37,9 @@ SwitchUserProcessingFilter.disabled=User is disabled
|
||||||
SwitchUserProcessingFilter.expired=User account has expired
|
SwitchUserProcessingFilter.expired=User account has expired
|
||||||
SwitchUserProcessingFilter.credentialsExpired=User credentials have expired
|
SwitchUserProcessingFilter.credentialsExpired=User credentials have expired
|
||||||
AbstractAccessDecisionManager.accessDenied=Access is denied
|
AbstractAccessDecisionManager.accessDenied=Access is denied
|
||||||
|
DefaultIntitalDirContextFactory.communicationFailure=Unable to connect to LDAP server
|
||||||
|
DefaultIntitalDirContextFactory.badCredentials=Bad credentials
|
||||||
|
DefaultIntitalDirContextFactory.unexpectedException=Failed to obtain InitialDirContext due to unexpected exception
|
||||||
|
PasswordComparisonAuthenticator.badCredentials=Bad credentials
|
||||||
|
BindAuthenticator.badCredentials=Bad credentials
|
||||||
|
BindAuthenticator.failedToLoadAttributes=Bad credentials
|
||||||
|
|
Loading…
Reference in New Issue