[jboss-cvs] JBossAS SVN: r90857 - branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jul 6 15:05:33 EDT 2009
Author: mmoyses
Date: 2009-07-06 15:05:33 -0400 (Mon, 06 Jul 2009)
New Revision: 90857
Modified:
branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
Log:
JBPAPP-2232: backport SECURITY-225. Allows usage with password-stacking useFirstPass.
Modified: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2009-07-06 18:45:59 UTC (rev 90856)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2009-07-06 19:05:33 UTC (rev 90857)
@@ -24,19 +24,23 @@
import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
import java.util.StringTokenizer;
import java.util.Map.Entry;
-import java.util.Properties;
+
+import javax.management.ObjectName;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
-import javax.naming.directory.Attribute;
import javax.naming.ldap.InitialLdapContext;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
-import javax.management.ObjectName;
import org.jboss.security.SimpleGroup;
@@ -168,6 +172,7 @@
protected int searchTimeLimit = 10000;
protected int searchScope = SearchControls.SUBTREE_SCOPE;
protected boolean trace;
+ protected boolean isPasswordValidated = false;
public LdapExtLoginModule()
{
@@ -184,6 +189,12 @@
{
return "";
}
+
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ trace = log.isTraceEnabled();
+ }
/**
Overriden by subclasses to return the Groups that correspond to the to the
@@ -195,6 +206,22 @@
*/
protected Group[] getRoleSets() throws LoginException
{
+ if (!isPasswordValidated)
+ {
+ try
+ {
+ String username = getUsername();
+ createLdapInitContext(username, null);
+ defaultRole();
+ }
+ catch (Exception e)
+ {
+ LoginException le = new LoginException();
+ le.initCause(e);
+ throw le;
+ }
+ }
+
Group[] roleSets = {userRoles};
return roleSets;
}
@@ -207,6 +234,7 @@
*/
protected boolean validatePassword(String inputPassword, String expectedPassword)
{
+ isPasswordValidated = true;
boolean isValid = false;
if (inputPassword != null)
{
@@ -397,9 +425,12 @@
results.close();
results = null;
- // Bind as the user dn to authenticate the user
- InitialLdapContext userCtx = constructInitialLdapContext(userDN, credential);
- userCtx.close();
+ if (isPasswordValidated)
+ {
+ // Bind as the user dn to authenticate the user
+ InitialLdapContext userCtx = constructInitialLdapContext(userDN, credential);
+ userCtx.close();
+ }
return userDN;
}
More information about the jboss-cvs-commits
mailing list