Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merged branch 'jetty-12.0.x' into 'jetty-12.1.x'. 

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet 2024-10-14 17:28:02 +02:00
parent f715a5966a 9c7d1fdb67
commit 93569eee0d
No known key found for this signature in database
GPG Key ID: 1677D141BCF3584D
2 changed files with 12 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/jaas/spi/LdapLoginModule.java
View File

@ -41,7 +41,6 @@ import javax.security.auth.login.LoginException;
import org.eclipse.jetty.security.UserPrincipal; import org.eclipse.jetty.security.UserPrincipal;
import org.eclipse.jetty.security.jaas.callback.ObjectCallback; import org.eclipse.jetty.security.jaas.callback.ObjectCallback;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.TypeUtil; import org.eclipse.jetty.util.TypeUtil;
import org.eclipse.jetty.util.security.Credential; import org.eclipse.jetty.util.security.Credential;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -240,7 +239,7 @@ public class LdapLoginModule extends AbstractLoginModule
protected String doRFC2254Encoding(String inputString) protected String doRFC2254Encoding(String inputString)
{ {
StringBuffer buf = new StringBuffer(inputString.length()); StringBuilder buf = new StringBuilder(inputString.length());
for (int i = 0; i < inputString.length(); i++) for (int i = 0; i < inputString.length(); i++)
{ {
char c = inputString.charAt(i); char c = inputString.charAt(i);
@ -279,11 +278,10 @@ public class LdapLoginModule extends AbstractLoginModule
private Attributes getUserAttributes(String username) throws LoginException private Attributes getUserAttributes(String username) throws LoginException
{ {
SearchResult result = findUser(username); SearchResult result = findUser(username);
Attributes attributes = result.getAttributes(); return result.getAttributes();
return attributes;
} }
private String getUserCredentials(Attributes attributes) throws LoginException private String getUserCredentials(Attributes attributes)
{ {
String ldapCredential = null; String ldapCredential = null;
@ -421,7 +419,7 @@ public class LdapLoginModule extends AbstractLoginModule
return isAuthenticated(); return isAuthenticated();
} }
boolean authed = false; boolean authed;
if (_forceBindingLogin) if (_forceBindingLogin)
{ {
@ -514,7 +512,7 @@ public class LdapLoginModule extends AbstractLoginModule
Hashtable<Object, Object> environment = getEnvironment(); Hashtable<Object, Object> environment = getEnvironment();
if (userDn == null || "".equals(userDn)) if (userDn == null || userDn.isEmpty())
{ {
throw new FailedLoginException("username may not be empty"); throw new FailedLoginException("username may not be empty");
} }
@ -533,10 +531,6 @@ public class LdapLoginModule extends AbstractLoginModule
setAuthenticated(true); setAuthenticated(true);
return true; return true;
} }
catch (AuthenticationException e)
{
throw new FailedLoginException(e.getMessage());
}
catch (NamingException e) catch (NamingException e)
{ {
throw new FailedLoginException(e.getMessage()); throw new FailedLoginException(e.getMessage());
@ -548,7 +542,7 @@ public class LdapLoginModule extends AbstractLoginModule
String filter = "(&(objectClass={0})({1}={2}))"; String filter = "(&(objectClass={0})({1}={2}))";
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
LOG.debug("Searching for user {} with filter: \'{}\' from base dn: {}", username, filter, _userBaseDn); LOG.debug("Searching for user {} with filter: '{}' from base dn: {}", username, filter, _userBaseDn);
Object[] filterArguments = new Object[]{ Object[] filterArguments = new Object[]{
_userObjectClass, _userObjectClass,
@ -581,7 +575,7 @@ public class LdapLoginModule extends AbstractLoginModule
if (!results.hasMoreElements()) if (!results.hasMoreElements())
throw new FailedLoginException("User not found."); throw new FailedLoginException("User not found.");
SearchResult searchResult = (SearchResult)results.nextElement(); SearchResult searchResult = results.nextElement();
if (results.hasMoreElements()) if (results.hasMoreElements())
throw new FailedLoginException("Search result contains ambiguous entries"); throw new FailedLoginException("Search result contains ambiguous entries");
@ -610,7 +604,8 @@ public class LdapLoginModule extends AbstractLoginModule
_port = Integer.parseInt((String)options.get("port")); _port = Integer.parseInt((String)options.get("port"));
_contextFactory = (String)options.get("contextFactory"); _contextFactory = (String)options.get("contextFactory");
_bindDn = (String)options.get("bindDn"); _bindDn = (String)options.get("bindDn");
_bindPassword = (String)options.get("bindPassword"); String bindPassword = (String)options.get("bindPassword");
_bindPassword = bindPassword == null ? null : Credential.getCredential(bindPassword).toString();
_authenticationMethod = (String)options.get("authenticationMethod"); _authenticationMethod = (String)options.get("authenticationMethod");
_userBaseDn = (String)options.get("userBaseDn"); _userBaseDn = (String)options.get("userBaseDn");
@ -731,13 +726,13 @@ public class LdapLoginModule extends AbstractLoginModule
if (encryptedPassword.toUpperCase(Locale.ENGLISH).startsWith("{MD5}")) if (encryptedPassword.toUpperCase(Locale.ENGLISH).startsWith("{MD5}"))
{ {
String src = encryptedPassword.substring("{MD5}".length(), encryptedPassword.length()); String src = encryptedPassword.substring("{MD5}".length());
return "MD5:" + base64ToHex(src); return "MD5:" + base64ToHex(src);
} }
if (encryptedPassword.toUpperCase(Locale.ENGLISH).startsWith("{CRYPT}")) if (encryptedPassword.toUpperCase(Locale.ENGLISH).startsWith("{CRYPT}"))
{ {
return "CRYPT:" + encryptedPassword.substring("{CRYPT}".length(), encryptedPassword.length()); return "CRYPT:" + encryptedPassword.substring("{CRYPT}".length());
} }
return encryptedPassword; return encryptedPassword;
@ -748,10 +743,4 @@ public class LdapLoginModule extends AbstractLoginModule
byte[] bytes = Base64.getDecoder().decode(src); byte[] bytes = Base64.getDecoder().decode(src);
return TypeUtil.toString(bytes, 16); return TypeUtil.toString(bytes, 16);
} }
private static String hexToBase64(String src)
{
byte[] bytes = StringUtil.fromHexString(src);
return Base64.getEncoder().encodeToString(bytes);
}
} }

2
jetty-core/jetty-security/src/test/java/org/eclipse/jetty/security/jaas/JAASLdapLoginServiceTest.java
View File

@ -164,7 +164,7 @@ public class JAASLdapLoginServiceTest extends AbstractLdapTestUnit
options.put("port", Integer.toString(ldapServer.getTransports()[0].getPort())); options.put("port", Integer.toString(ldapServer.getTransports()[0].getPort()));
options.put("contextFactory", "com.sun.jndi.ldap.LdapCtxFactory"); options.put("contextFactory", "com.sun.jndi.ldap.LdapCtxFactory");
options.put("bindDn", "uid=admin,ou=system"); options.put("bindDn", "uid=admin,ou=system");
options.put("bindPassword", "secret"); options.put("bindPassword", "OBF:1yta1t331v8w1v9q1t331ytc");
options.put("userBaseDn", "ou=people,dc=jetty,dc=org"); options.put("userBaseDn", "ou=people,dc=jetty,dc=org");
options.put("roleBaseDn", "ou=groups,dc=jetty,dc=org"); options.put("roleBaseDn", "ou=groups,dc=jetty,dc=org");
options.put("roleNameAttribute", "cn"); options.put("roleNameAttribute", "cn");