Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package org.mifosplatform.infrastructure.core.service;
- import javax.naming.directory.Attributes;
- import javax.naming.directory.DirContext;
- import org.springframework.ldap.NamingException;
- import org.springframework.ldap.core.DirContextAdapter;
- import org.springframework.ldap.core.DirContextOperations;
- import org.springframework.ldap.core.DistinguishedName;
- import org.springframework.ldap.core.support.BaseLdapPathContextSource;
- import org.springframework.ldap.support.LdapUtils;
- import org.springframework.security.authentication.BadCredentialsException;
- import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.ldap.authentication.BindAuthenticator;
- import org.springframework.security.ldap.ppolicy.PasswordPolicyControl;
- import org.springframework.security.ldap.ppolicy.PasswordPolicyControlExtractor;
- import org.springframework.util.Assert;
- import org.springframework.util.StringUtils;
- public class MifosBindAuthenticator extends BindAuthenticator {
- private final CryptographyWritePlatformService cryptographyWritePlatformService;
- public MifosBindAuthenticator(BaseLdapPathContextSource contextSource, final CryptographyWritePlatformService cryptographyWritePlatformService) {
- super(contextSource);
- this.cryptographyWritePlatformService = cryptographyWritePlatformService;
- }
- @Override
- public DirContextOperations authenticate(Authentication authentication) {
- DirContextOperations user = null;
- Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
- "Can only process UsernamePasswordAuthenticationToken objects");
- String username = authentication.getName();
- String password = this.cryptographyWritePlatformService.decryptUsingRSA((String)authentication.getCredentials(),
- CryptographyApiConstants.loginAuth, true);
- if (!StringUtils.hasLength(password)) {
- throw new BadCredentialsException(messages.getMessage("BindAuthenticator.emptyPassword",
- "Empty Password"));
- }
- // If DN patterns are configured, try authenticating with them directly
- for (String dn : getUserDns(username)) {
- user = bindWithDn(dn, username, password);
- if (user != null) {
- break;
- }
- }
- // Otherwise use the configured search object to find the user and authenticate with the returned DN.
- if (user == null && getUserSearch() != null) {
- DirContextOperations userFromSearch = getUserSearch().searchForUser(username);
- user = bindWithDn(userFromSearch.getDn().toString(), username, password);
- }
- if (user == null) {
- throw new BadCredentialsException(
- messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials"));
- }
- return user;
- }
- private DirContextOperations bindWithDn(String userDnStr, String username, String password) {
- BaseLdapPathContextSource ctxSource = (BaseLdapPathContextSource) getContextSource();
- DistinguishedName userDn = new DistinguishedName(userDnStr);
- DistinguishedName fullDn = new DistinguishedName(userDn);
- fullDn.prepend(ctxSource.getBaseLdapPath());
- //logger.debug("Attempting to bind as " + fullDn);
- DirContext ctx = null;
- try {
- ctx = getContextSource().getContext(fullDn.toString(), password);
- // Check for password policy control
- PasswordPolicyControl ppolicy = PasswordPolicyControlExtractor.extractControl(ctx);
- //logger.debug("Retrieving attributes...");
- Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());
- DirContextAdapter result = new DirContextAdapter(attrs, userDn, ctxSource.getBaseLdapPath());
- if (ppolicy != null) {
- result.setAttributeValue(ppolicy.getID(), ppolicy);
- }
- return result;
- } catch (NamingException e) {
- // This will be thrown if an invalid user name is used and the method may
- // be called multiple times to try different names, so we trap the exception
- // unless a subclass wishes to implement more specialized behaviour.
- if ((e instanceof org.springframework.ldap.AuthenticationException)
- || (e instanceof org.springframework.ldap.OperationNotSupportedException)) {
- handleBindException(userDnStr, username, e);
- } else {
- throw e;
- }
- } catch (javax.naming.NamingException e) {
- throw LdapUtils.convertLdapException(e);
- } finally {
- LdapUtils.closeContext(ctx);
- }
- return null;
- }
- }
Add Comment
Please, Sign In to add comment