Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed potential problem with multiple userDn patterns.

Browse Source
This commit is contained in:
Luke Taylor 2006-05-01 00:43:42 +00:00
parent f0b11109b4
commit a7d7631f2f
2 changed files with 34 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
core/src/main/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticator.java
View File

@ -18,6 +18,8 @@ package org.acegisecurity.providers.ldap.authenticator;
import org.acegisecurity.ldap.LdapUserInfo;
import org.acegisecurity.ldap.LdapUtils;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.ldap.LdapTemplate;
import org.acegisecurity.ldap.AttributesMapper;
import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.userdetails.UsernameNotFoundException;
@ -32,6 +34,7 @@ import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.DirContext;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import java.util.Iterator;
@ -82,26 +85,35 @@ public final class PasswordComparisonAuthenticator extends AbstractLdapAuthentic
// locate the user and check the password
LdapUserInfo user = null;
DirContext ctx = getInitialDirContextFactory().newInitialDirContext();
Iterator dns = getUserDns(username).iterator();
LdapTemplate ldapTemplate = new LdapTemplate(getInitialDirContextFactory());
while(dns.hasNext() && user == null) {
final String userDn = (String)dns.next();
if(ldapTemplate.nameExists(userDn)) {
AttributesMapper mapper = new AttributesMapper() {
public Object mapAttributes(Attributes attributes) {
return new LdapUserInfo(userDn, attributes);
}
};
user = (LdapUserInfo)ldapTemplate.retrieveEntry(userDn, mapper, getUserAttributes());
}
}
if (user == null && getUserSearch() != null) {
user = getUserSearch().searchForUser(username);
}
if (user == null) {
throw new UsernameNotFoundException(username);
}
DirContext ctx = getInitialDirContextFactory().newInitialDirContext();
try {
while(dns.hasNext() && user == null) {
String userDn = (String)dns.next();
String relativeName = LdapUtils.getRelativeName(userDn, ctx);
user = new LdapUserInfo(userDn,
ctx.getAttributes(relativeName, getUserAttributes()));
}
if (user == null && getUserSearch() != null) {
user = getUserSearch().searchForUser(username);
}
if (user == null) {
throw new UsernameNotFoundException(username);
}
Attribute passwordAttribute = user.getAttributes().get(passwordAttributeName);
if(passwordAttribute != null) {

5
core/src/test/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticatorTests.java
View File

@ -67,6 +67,11 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapServerTest
authenticator.authenticate("Bob", "bobspassword");
}
public void testMultipleDnPatternsWorkOk() {
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=nonexistent", "uid={0},ou=people"});
authenticator.authenticate("Bob", "bobspassword");
}
public void testLocalCompareSucceedsWithShaEncodedPassword() {
authenticator = new PasswordComparisonAuthenticator(getInitialCtxFactory());
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});