From a7d7631f2fc7052432d4411801ad15170b20b692 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Mon, 1 May 2006 00:43:42 +0000 Subject: [PATCH] Fixed potential problem with multiple userDn patterns. --- .../PasswordComparisonAuthenticator.java | 46 ++++++++++++------- .../PasswordComparisonAuthenticatorTests.java | 5 ++ 2 files changed, 34 insertions(+), 17 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticator.java b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticator.java index cd4ebeb4f3..504d8a70d6 100644 --- a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticator.java +++ b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticator.java @@ -18,6 +18,8 @@ package org.acegisecurity.providers.ldap.authenticator; import org.acegisecurity.ldap.LdapUserInfo; import org.acegisecurity.ldap.LdapUtils; import org.acegisecurity.ldap.InitialDirContextFactory; +import org.acegisecurity.ldap.LdapTemplate; +import org.acegisecurity.ldap.AttributesMapper; import org.acegisecurity.providers.encoding.PasswordEncoder; import org.acegisecurity.BadCredentialsException; import org.acegisecurity.userdetails.UsernameNotFoundException; @@ -32,6 +34,7 @@ import javax.naming.NamingException; import javax.naming.directory.SearchControls; import javax.naming.directory.DirContext; import javax.naming.directory.Attribute; +import javax.naming.directory.Attributes; import java.util.Iterator; @@ -82,26 +85,35 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic // locate the user and check the password LdapUserInfo user = null; - DirContext ctx = getInitialDirContextFactory().newInitialDirContext(); Iterator dns = getUserDns(username).iterator(); + LdapTemplate ldapTemplate = new LdapTemplate(getInitialDirContextFactory()); + + while(dns.hasNext() && user == null) { + final String userDn = (String)dns.next(); + + if(ldapTemplate.nameExists(userDn)) { + AttributesMapper mapper = new AttributesMapper() { + public Object mapAttributes(Attributes attributes) { + return new LdapUserInfo(userDn, attributes); + } + }; + + user = (LdapUserInfo)ldapTemplate.retrieveEntry(userDn, mapper, getUserAttributes()); + } + } + + if (user == null && getUserSearch() != null) { + user = getUserSearch().searchForUser(username); + } + + if (user == null) { + throw new UsernameNotFoundException(username); + } + + DirContext ctx = getInitialDirContextFactory().newInitialDirContext(); + try { - while(dns.hasNext() && user == null) { - String userDn = (String)dns.next(); - String relativeName = LdapUtils.getRelativeName(userDn, ctx); - - user = new LdapUserInfo(userDn, - ctx.getAttributes(relativeName, getUserAttributes())); - } - - if (user == null && getUserSearch() != null) { - user = getUserSearch().searchForUser(username); - } - - if (user == null) { - throw new UsernameNotFoundException(username); - } - Attribute passwordAttribute = user.getAttributes().get(passwordAttributeName); if(passwordAttribute != null) { diff --git a/core/src/test/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticatorTests.java b/core/src/test/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticatorTests.java index 576c680cd7..c9ec1b219a 100644 --- a/core/src/test/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticatorTests.java +++ b/core/src/test/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticatorTests.java @@ -67,6 +67,11 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapServerTest authenticator.authenticate("Bob", "bobspassword"); } + public void testMultipleDnPatternsWorkOk() { + authenticator.setUserDnPatterns(new String[] {"uid={0},ou=nonexistent", "uid={0},ou=people"}); + authenticator.authenticate("Bob", "bobspassword"); + } + public void testLocalCompareSucceedsWithShaEncodedPassword() { authenticator = new PasswordComparisonAuthenticator(getInitialCtxFactory()); authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});