API tools faq
paste
Guest User

MifosBindAuthenticator

a guest
Sep 2nd, 2017
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.90 KB | None | 0 0
raw download clone embed print report
  1. package org.mifosplatform.infrastructure.core.service;
  2.  
  3. import javax.naming.directory.Attributes;
  4. import javax.naming.directory.DirContext;
  5.  
  6. import org.springframework.ldap.NamingException;
  7. import org.springframework.ldap.core.DirContextAdapter;
  8. import org.springframework.ldap.core.DirContextOperations;
  9. import org.springframework.ldap.core.DistinguishedName;
  10. import org.springframework.ldap.core.support.BaseLdapPathContextSource;
  11. import org.springframework.ldap.support.LdapUtils;
  12. import org.springframework.security.authentication.BadCredentialsException;
  13. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  14. import org.springframework.security.core.Authentication;
  15. import org.springframework.security.ldap.authentication.BindAuthenticator;
  16. import org.springframework.security.ldap.ppolicy.PasswordPolicyControl;
  17. import org.springframework.security.ldap.ppolicy.PasswordPolicyControlExtractor;
  18. import org.springframework.util.Assert;
  19. import org.springframework.util.StringUtils;
  20.  
  21.  
  22. public class MifosBindAuthenticator extends BindAuthenticator {
  23.  
  24. private final CryptographyWritePlatformService cryptographyWritePlatformService;
  25.  
  26. public MifosBindAuthenticator(BaseLdapPathContextSource contextSource, final CryptographyWritePlatformService cryptographyWritePlatformService) {
  27. super(contextSource);
  28. this.cryptographyWritePlatformService = cryptographyWritePlatformService;
  29. }
  30.  
  31. @Override
  32. public DirContextOperations authenticate(Authentication authentication) {
  33. DirContextOperations user = null;
  34. Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
  35. "Can only process UsernamePasswordAuthenticationToken objects");
  36.  
  37. String username = authentication.getName();
  38. String password = this.cryptographyWritePlatformService.decryptUsingRSA((String)authentication.getCredentials(),
  39. CryptographyApiConstants.loginAuth, true);
  40.  
  41. if (!StringUtils.hasLength(password)) {
  42. throw new BadCredentialsException(messages.getMessage("BindAuthenticator.emptyPassword",
  43. "Empty Password"));
  44. }
  45.  
  46. // If DN patterns are configured, try authenticating with them directly
  47. for (String dn : getUserDns(username)) {
  48. user = bindWithDn(dn, username, password);
  49.  
  50. if (user != null) {
  51. break;
  52. }
  53. }
  54.  
  55. // Otherwise use the configured search object to find the user and authenticate with the returned DN.
  56. if (user == null && getUserSearch() != null) {
  57. DirContextOperations userFromSearch = getUserSearch().searchForUser(username);
  58. user = bindWithDn(userFromSearch.getDn().toString(), username, password);
  59. }
  60.  
  61. if (user == null) {
  62. throw new BadCredentialsException(
  63. messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials"));
  64. }
  65.  
  66. return user;
  67. }
  68.  
  69. private DirContextOperations bindWithDn(String userDnStr, String username, String password) {
  70. BaseLdapPathContextSource ctxSource = (BaseLdapPathContextSource) getContextSource();
  71. DistinguishedName userDn = new DistinguishedName(userDnStr);
  72. DistinguishedName fullDn = new DistinguishedName(userDn);
  73. fullDn.prepend(ctxSource.getBaseLdapPath());
  74.  
  75. //logger.debug("Attempting to bind as " + fullDn);
  76.  
  77. DirContext ctx = null;
  78. try {
  79. ctx = getContextSource().getContext(fullDn.toString(), password);
  80. // Check for password policy control
  81. PasswordPolicyControl ppolicy = PasswordPolicyControlExtractor.extractControl(ctx);
  82.  
  83. //logger.debug("Retrieving attributes...");
  84.  
  85. Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());
  86.  
  87. DirContextAdapter result = new DirContextAdapter(attrs, userDn, ctxSource.getBaseLdapPath());
  88.  
  89. if (ppolicy != null) {
  90. result.setAttributeValue(ppolicy.getID(), ppolicy);
  91. }
  92.  
  93. return result;
  94. } catch (NamingException e) {
  95. // This will be thrown if an invalid user name is used and the method may
  96. // be called multiple times to try different names, so we trap the exception
  97. // unless a subclass wishes to implement more specialized behaviour.
  98. if ((e instanceof org.springframework.ldap.AuthenticationException)
  99. || (e instanceof org.springframework.ldap.OperationNotSupportedException)) {
  100. handleBindException(userDnStr, username, e);
  101. } else {
  102. throw e;
  103. }
  104. } catch (javax.naming.NamingException e) {
  105. throw LdapUtils.convertLdapException(e);
  106. } finally {
  107. LdapUtils.closeContext(ctx);
  108. }
  109.  
  110. return null;
  111. }
  112.  
  113. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!