Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1005 from SimonDallaway/LdapLoginModule 

fix for userRdnAttribute value != username
This commit is contained in:
Joakim Erdfelt 2016-10-19 14:08:54 -07:00 committed by GitHub
parent acd632b204 51567be439
commit d1d3996bf5
1 changed files with 55 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/LdapLoginModule.java
View File

@ -181,20 +181,22 @@ public class LdapLoginModule extends AbstractLoginModule
public class LDAPUserInfo extends UserInfo public class LDAPUserInfo extends UserInfo
{ {
Attributes attributes;
/** /**
* @param userName * @param userName
* @param credential * @param credential
*/ */
public LDAPUserInfo(String userName, Credential credential) public LDAPUserInfo(String userName, Credential credential, Attributes attributes)
{ {
super(userName, credential); super(userName, credential);
this.attributes = attributes;
} }
@Override @Override
public List<String> doFetchRoles() throws Exception public List<String> doFetchRoles() throws Exception
{ {
return getUserRoles(_rootContext, getUserName()); return getUserRoles(_rootContext, getUserName(), attributes);
} }
} }
@ -214,7 +216,8 @@ public class LdapLoginModule extends AbstractLoginModule
*/ */
public UserInfo getUserInfo(String username) throws Exception public UserInfo getUserInfo(String username) throws Exception
{ {
String pwdCredential = getUserCredentials(username); Attributes attributes = getUserAttributes(username);
String pwdCredential = getUserCredentials(attributes);
if (pwdCredential == null) if (pwdCredential == null)
{ {
@ -223,7 +226,7 @@ public class LdapLoginModule extends AbstractLoginModule
pwdCredential = convertCredentialLdapToJetty(pwdCredential); pwdCredential = convertCredentialLdapToJetty(pwdCredential);
Credential credential = Credential.getCredential(pwdCredential); Credential credential = Credential.getCredential(pwdCredential);
return new LDAPUserInfo(username, credential); return new LDAPUserInfo(username, credential, attributes);
} }
protected String doRFC2254Encoding(String inputString) protected String doRFC2254Encoding(String inputString)
@ -258,7 +261,7 @@ public class LdapLoginModule extends AbstractLoginModule
} }
/** /**
* attempts to get the users credentials from the users context * attempts to get the users LDAP attributes from the users context
* <p> * <p>
* NOTE: this is not an user authenticated operation * NOTE: this is not an user authenticated operation
* *
@ -266,34 +269,25 @@ public class LdapLoginModule extends AbstractLoginModule
* @return * @return
* @throws LoginException * @throws LoginException
*/ */
private String getUserCredentials(String username) throws LoginException private Attributes getUserAttributes(String username) throws LoginException
{ {
String ldapCredential = null; Attributes attributes = null;
SearchControls ctls = new SearchControls(); SearchResult result;
ctls.setCountLimit(1); try {
ctls.setDerefLinkFlag(true); result = findUser(username);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); attributes = result.getAttributes();
}
String filter = "(&(objectClass={0})({1}={2}))"; catch (NamingException e) {
throw new LoginException("Root context binding failure.");
LOG.debug("Searching for users with filter: \'" + filter + "\'" + " from base dn: " + _userBaseDn);
try
{
Object[] filterArguments = {_userObjectClass, _userIdAttribute, username};
NamingEnumeration<SearchResult> results = _rootContext.search(_userBaseDn, filter, filterArguments, ctls);
LOG.debug("Found user?: " + results.hasMoreElements());
if (!results.hasMoreElements())
{
throw new LoginException("User not found.");
} }
SearchResult result = findUser(username); return attributes;
}
Attributes attributes = result.getAttributes(); private String getUserCredentials(Attributes attributes) throws LoginException
{
String ldapCredential = null;
Attribute attribute = attributes.get(_userPasswordAttribute); Attribute attribute = attributes.get(_userPasswordAttribute);
if (attribute != null) if (attribute != null)
@ -309,11 +303,6 @@ public class LdapLoginModule extends AbstractLoginModule
LOG.debug("no password available under attribute: " + _userPasswordAttribute); LOG.debug("no password available under attribute: " + _userPasswordAttribute);
} }
} }
}
catch (NamingException e)
{
throw new LoginException("Root context binding failure.");
}
LOG.debug("user cred is: " + ldapCredential); LOG.debug("user cred is: " + ldapCredential);
@ -330,9 +319,22 @@ public class LdapLoginModule extends AbstractLoginModule
* @return * @return
* @throws LoginException * @throws LoginException
*/ */
private List<String> getUserRoles(DirContext dirContext, String username) throws LoginException, NamingException private List<String> getUserRoles(DirContext dirContext, String username, Attributes attributes) throws LoginException, NamingException
{ {
String userDn = _userRdnAttribute + "=" + username + "," + _userBaseDn; String rdnValue = username;
Attribute attribute = attributes.get(_userRdnAttribute);
if (attribute != null)
{
try
{
rdnValue = (String) attribute.get(); // switch to the value stored in the _userRdnAttribute if we can
}
catch (NamingException e)
{
}
}
String userDn = _userRdnAttribute + "=" + rdnValue + "," + _userBaseDn;
return getUserRolesByDn(dirContext, userDn); return getUserRolesByDn(dirContext, userDn);
} }
@ -537,7 +539,7 @@ public class LdapLoginModule extends AbstractLoginModule
String filter = "(&(objectClass={0})({1}={2}))"; String filter = "(&(objectClass={0})({1}={2}))";
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
LOG.debug("Searching for users with filter: \'" + filter + "\'" + " from base dn: " + _userBaseDn); LOG.debug("Searching for user " + username + " with filter: \'" + filter + "\'" + " from base dn: " + _userBaseDn);
Object[] filterArguments = new Object[]{ Object[] filterArguments = new Object[]{
_userObjectClass, _userObjectClass,