[jboss-cvs] JBossAS SVN: r75354 - projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jul 3 14:50:30 EDT 2008
Author: darran.lofthouse at jboss.com
Date: 2008-07-03 14:50:30 -0400 (Thu, 03 Jul 2008)
New Revision: 75354
Modified:
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java
Log:
[SECURITY-133] Add the authentication.
Modified: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java 2008-07-03 18:15:24 UTC (rev 75353)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java 2008-07-03 18:50:30 UTC (rev 75354)
@@ -68,8 +68,8 @@
* use of this login module.
*
*
- * @author darran
- *
+ * @author darran.lofthouse at jboss.com
+ * @since 3rd July 2008
*/
public class AdvancedLdapLoginModule extends AbstractServerLoginModule
{
@@ -107,6 +107,9 @@
private static final String ROLE_NAME_ATTRIBUTE_ID = "roleNameAttributeID";
+ // Authentication Settings
+ private static final String ALLOW_EMPTY_PASSWORD = "allowEmptyPassword";
+
/*
* Other Constants
*/
@@ -159,6 +162,9 @@
protected String roleNameAttributeID;
+ // Authentication Settings
+ protected boolean allowEmptyPassword;
+
/*
* Module State
*/
@@ -223,6 +229,9 @@
roleNameAttributeID = (String) options.get(ROLE_NAME_ATTRIBUTE_ID);
+ temp = (String) options.get(ALLOW_EMPTY_PASSWORD);
+ allowEmptyPassword = Boolean.parseBoolean(temp);
+
}
@Override
@@ -277,7 +286,7 @@
return roleSets;
}
- protected Boolean authorize() throws Exception
+ protected Boolean innerLogin() throws Exception
{
/*
* TODO - General failures should throw LoginException, an
@@ -310,17 +319,24 @@
String userDN = findUserDN(searchContext);
// If authentication required authenticate as user
- // TODO
+ if (super.loginOk == false)
+ {
+ authenticate(userDN);
+ }
- // Search for roles in LDAP
- rolesSearch(searchContext, userDN);
+ if (super.loginOk)
+ {
+ // Search for roles in LDAP
+ rolesSearch(searchContext, userDN);
+ }
}
finally
{
if (searchContext != null)
searchContext.close();
}
- return Boolean.TRUE;
+
+ return Boolean.valueOf(super.loginOk);
}
/**
@@ -355,7 +371,6 @@
PasswordCallback pc = new PasswordCallback("Password: ", false);
Callback[] callbacks =
{nc, pc};
- String password = null;
callbackHandler.handle(callbacks);
String username = nc.getName();
@@ -451,6 +466,37 @@
return userDN;
}
+ protected void authenticate(String userDN)
+ {
+ if (credential.length == 0)
+ {
+ if (allowEmptyPassword == false)
+ {
+ log.trace("Rejecting empty password.");
+ return;
+ }
+ }
+
+ try
+ {
+ LdapContext authContext = constructLdapContext(userDN, credential, null);
+ authContext.close();
+ }
+ catch (NamingException ne)
+ {
+ log.debug("Authentication failed - " + ne.getMessage());
+ return;
+ }
+
+ super.loginOk = true;
+ if (getUseFirstPass() == true)
+ { // Add the username and password to the shared state map
+ sharedState.put("javax.security.auth.login.name", getIdentity().getName());
+ sharedState.put("javax.security.auth.login.password", credential);
+ }
+
+ }
+
protected void rolesSearch(LdapContext searchContext, String dn) throws NamingException
{
Object[] filterArgs =
@@ -464,7 +510,7 @@
SearchResult sr = (SearchResult) results.next();
String resultDN = canonicalize(sr.getName());
- log.debug("resultDN = " + resultDN);
+ log.trace("rolesSearch resultDN = " + resultDN);
String[] attrNames =
{roleAttributeID};
@@ -582,7 +628,7 @@
{
try
{
- return authorize();
+ return innerLogin();
}
catch (Exception e)
{
More information about the jboss-cvs-commits
mailing list