@Override public Hashtable<Object, Object> getEnvironment() { Hashtable<Object, Object> table = super.getEnvironment(); if (!LDAPAuthenticationHandler.getLdapSSLVerifyCertificate()) { table.put("java.naming.ldap.factory.socket", TrustAllSSLSocketFactory.class.getName()); } return table; } }
/** * get the available information about the user * <p/> * for this LoginModule, the credential can be null which will result in a * binding ldap authentication scenario * <p/> * roles are also an optional concept if required * * @param username * @return the userinfo for the username * @throws Exception */ public UserInfo getUserInfo(String username) throws Exception { String pwdCredential = getUserCredentials(username); if (pwdCredential == null) { return null; } pwdCredential = convertCredentialLdapToJetty(pwdCredential); Credential credential = Credential.getCredential(pwdCredential); List<String> roles = getUserRoles(_rootContext, username); return new UserInfo(username, credential, roles); }
/** * password supplied authentication check * * @param webCredential * @return true if authenticated * @throws LoginException */ protected boolean credentialLogin(Object webCredential) throws LoginException { setAuthenticated(getCurrentUser().checkCredential(webCredential)); return isAuthenticated(); }
if (getCallbackHandler() == null) Callback[] callbacks = configureCallbacks(); getCallbackHandler().handle(callbacks); setAuthenticated(false); return isAuthenticated(); return bindingLogin(webUserName, webCredential); UserInfo userInfo = getUserInfo(webUserName); setAuthenticated(false); return false; setCurrentUser(new JAASUserInfo(userInfo)); return credentialLogin(Credential.getCredential((String) webCredential)); return credentialLogin(webCredential);
/** * binding authentication check * This method of authentication works only if the user branch of the DIT (ldap tree) * has an ACI (access control instruction) that allow the access to any user or at least * for the user that logs in. * * @param username * @param password * @return true always * @throws LoginException */ public boolean bindingLogin(String username, Object password) throws LoginException, NamingException { SearchResult searchResult = findUser(username); String userDn = searchResult.getNameInNamespace(); LOG.info("Attempting authentication: " + userDn); Hashtable<Object,Object> environment = getEnvironment(); environment.put(Context.SECURITY_PRINCIPAL, userDn); environment.put(Context.SECURITY_CREDENTIALS, password); DirContext dirContext = new InitialDirContext(environment); List<String> roles = getUserRolesByDn(dirContext, userDn); UserInfo userInfo = new UserInfo(username, null, roles); setCurrentUser(new JAASUserInfo(userInfo)); setAuthenticated(true); return true; }
_userObjectClass = getOption(options, "userObjectClass", _userObjectClass); _userRdnAttribute = getOption(options, "userRdnAttribute", _userRdnAttribute); _userIdAttribute = getOption(options, "userIdAttribute", _userIdAttribute); _userPasswordAttribute = getOption(options, "userPasswordAttribute", _userPasswordAttribute); _roleObjectClass = getOption(options, "roleObjectClass", _roleObjectClass); _roleMemberAttribute = getOption(options, "roleMemberAttribute", _roleMemberAttribute); _roleNameAttribute = getOption(options, "roleNameAttribute", _roleNameAttribute); _debug = Boolean.parseBoolean(String.valueOf(getOption(options, "debug", Boolean.toString(_debug)))); _rootContext = new InitialDirContext(getEnvironment());
SearchResult result = findUser(username);
if (getCallbackHandler() == null) Callback[] callbacks = configureCallbacks(); getCallbackHandler().handle(callbacks); setAuthenticated(false); return isAuthenticated(); return bindingLogin(webUserName, webCredential); UserInfo userInfo = getUserInfo(webUserName); setAuthenticated(false); return false; setCurrentUser(new JAASUserInfo(userInfo)); return credentialLogin(Credential.getCredential((String) webCredential)); return credentialLogin(webCredential);
/** * binding authentication check * This method of authentication works only if the user branch of the DIT (ldap tree) * has an ACI (access control instruction) that allow the access to any user or at least * for the user that logs in. * * @param username * @param password * @return true always * @throws LoginException */ public boolean bindingLogin(String username, Object password) throws LoginException, NamingException { SearchResult searchResult = findUser(username); String userDn = searchResult.getNameInNamespace(); LOG.info("Attempting authentication: " + userDn); Hashtable<Object,Object> environment = getEnvironment(); environment.put(Context.SECURITY_PRINCIPAL, userDn); environment.put(Context.SECURITY_CREDENTIALS, password); DirContext dirContext = new InitialDirContext(environment); List<String> roles = getUserRolesByDn(dirContext, userDn); UserInfo userInfo = new UserInfo(username, null, roles); setCurrentUser(new JAASUserInfo(userInfo)); setAuthenticated(true); return true; }
_userObjectClass = getOption(options, "userObjectClass", _userObjectClass); _userRdnAttribute = getOption(options, "userRdnAttribute", _userRdnAttribute); _userIdAttribute = getOption(options, "userIdAttribute", _userIdAttribute); _userPasswordAttribute = getOption(options, "userPasswordAttribute", _userPasswordAttribute); _roleObjectClass = getOption(options, "roleObjectClass", _roleObjectClass); _roleMemberAttribute = getOption(options, "roleMemberAttribute", _roleMemberAttribute); _roleNameAttribute = getOption(options, "roleNameAttribute", _roleNameAttribute); _debug = Boolean.parseBoolean(String.valueOf(getOption(options, "debug", Boolean.toString(_debug)))); _rootContext = new InitialDirContext(getEnvironment());
SearchResult result = findUser(username);
/** * password supplied authentication check * * @param webCredential * @return true if authenticated * @throws LoginException */ protected boolean credentialLogin(Object webCredential) throws LoginException { setAuthenticated(getCurrentUser().checkCredential(webCredential)); return isAuthenticated(); }
/** * get the available information about the user * <p/> * for this LoginModule, the credential can be null which will result in a * binding ldap authentication scenario * <p/> * roles are also an optional concept if required * * @param username * @return the userinfo for the username * @throws Exception */ public UserInfo getUserInfo(String username) throws Exception { String pwdCredential = getUserCredentials(username); if (pwdCredential == null) { return null; } pwdCredential = convertCredentialLdapToJetty(pwdCredential); Credential credential = Credential.getCredential(pwdCredential); List<String> roles = getUserRoles(_rootContext, username); return new UserInfo(username, credential, roles); }