Author: elecharny
Date: Wed Jun 2 10:19:26 2010
New Revision: 950470
URL: http://svn.apache.org/viewvc?rev=950470&view=rev
Log:
o Added loggers and logs in authenticator classes
o the getAuthenticationLevel() and authenticate() methods now throw a LdapException instead of a NamingException
o The authenticatorType is now an enum, not a String
o Added missing Javadoc
Modified:
directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java
directory/shared/trunk/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java
Modified: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java?rev=950470&r1=950469&r2=950470&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java (original)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java Wed Jun 2 10:19:26 2010
@@ -34,11 +34,14 @@ import org.apache.directory.server.core.
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.codec.MessageTypeEnum;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
-import org.apache.directory.shared.ldap.entry.Modification;
import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.Modification;
+import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
import org.apache.directory.shared.ldap.message.control.Control;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
@@ -50,6 +53,9 @@ import org.apache.directory.shared.ldap.
*/
public class BindOperationContext implements OperationContext
{
+ /** A logger for this class */
+ private static final Logger LOG = LoggerFactory.getLogger( BindOperationContext.class );
+
/** The password */
private byte[] credentials;
@@ -106,10 +112,13 @@ public class BindOperationContext implem
* UNAUTHENT
* INVALID
*/
- public AuthenticationLevel getAuthenticationLevel()
+ public AuthenticationLevel getAuthenticationLevel() throws LdapAuthenticationException
{
+ // First check if the SASL mechanism has been set
if ( ( saslMechanism == null ) )
{
+ // No, it's either a SIMPLE, ANONYMOUS, UNAUTHENT or an error
+ //
if ( dn.isEmpty() )
{
if ( StringTools.isEmpty( credentials ) )
@@ -120,7 +129,8 @@ public class BindOperationContext implem
else
{
// If we have a password but no DN, this is invalid
- return AuthenticationLevel.INVALID;
+ LOG.info( "Bad authentication for {}", dn );
+ throw new LdapAuthenticationException( "Invalid authentication" );
}
}
else if ( StringTools.isEmpty( credentials ) )
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java?rev=950470&r1=950469&r2=950470&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java Wed Jun 2 10:19:26 2010
@@ -423,11 +423,11 @@ public class SimpleBindIT extends Abstra
}
catch ( NameNotFoundException nnfe )
{
- assertTrue( true );
+ fail();
}
- catch ( NamingException ne )
+ catch ( AuthenticationException ne )
{
- fail();
+ assertTrue( true );
}
}
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=950470&r1=950469&r2=950470&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java Wed Jun 2 10:19:26 2010
@@ -20,8 +20,13 @@
package org.apache.directory.server.core.authn;
+import javax.naming.NamingException;
+
import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.name.DN;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
@@ -32,10 +37,14 @@ import org.apache.directory.shared.ldap.
*/
public abstract class AbstractAuthenticator implements Authenticator
{
+ /** A logger for the extending classes */
+ protected static final Logger LOG = LoggerFactory.getLogger( AbstractAuthenticator.class );
+
+ /** The associated DirectoryService */
private DirectoryService directoryService;
/** authenticator type */
- private final String authenticatorType;
+ private final AuthenticationLevel authenticatorType;
/**
@@ -43,7 +52,7 @@ public abstract class AbstractAuthentica
*
* @param type the type of this authenticator (e.g. 'simple', 'none'...)
*/
- protected AbstractAuthenticator( String type )
+ protected AbstractAuthenticator( AuthenticationLevel type )
{
this.authenticatorType = type;
}
@@ -59,7 +68,10 @@ public abstract class AbstractAuthentica
}
- public String getAuthenticatorType()
+ /**
+ * {@inheritDoc}
+ */
+ public AuthenticationLevel getAuthenticatorType()
{
return authenticatorType;
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java?rev=950470&r1=950469&r2=950470&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java Wed Jun 2 10:19:26 2010
@@ -40,7 +40,7 @@ public class AnonymousAuthenticator exte
*/
public AnonymousAuthenticator()
{
- super( AuthenticationLevel.NONE.toString() );
+ super( AuthenticationLevel.NONE );
}
@@ -57,6 +57,7 @@ public class AnonymousAuthenticator exte
}
else
{
+ LOG.info( "Cannot authenticate as anonymous, the server does not allow it" );
throw new LdapNoPermissionException( I18n.err( I18n.ERR_228 ) );
}
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=950470&r1=950469&r2=950470&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Wed Jun 2 10:19:26 2010
@@ -83,8 +83,7 @@ public class AuthenticationInterceptor e
private static final boolean IS_DEBUG = LOG.isDebugEnabled();
private Set authenticators;
- private final Map> authenticatorsMapByType =
- new HashMap>();
+ private final Map> authenticatorsMapByType = new HashMap>();
private DirectoryService directoryService;
@@ -188,7 +187,7 @@ public class AuthenticationInterceptor e
* @param type type of Authenticator sought
* @return A list of Authenticators of the requested type or null if no authenticator is found.
*/
- private Collection getAuthenticators( String type )
+ private Collection getAuthenticators( AuthenticationLevel type )
{
Collection result = authenticatorsMapByType.get( type );
@@ -314,7 +313,7 @@ public class AuthenticationInterceptor e
private void invalidateAuthenticatorCaches( DN principalDn )
{
- for ( String authMech : authenticatorsMapByType.keySet() )
+ for ( AuthenticationLevel authMech : authenticatorsMapByType.keySet() )
{
Collection authenticators = getAuthenticators( authMech );
@@ -448,7 +447,7 @@ public class AuthenticationInterceptor e
throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, "Cannot Bind for DN " + opContext.getDn().getName() );
}
- Collection authenticators = getAuthenticators( level.getName() );
+ Collection authenticators = getAuthenticators( level );
if ( authenticators == null )
{
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java?rev=950470&r1=950469&r2=950470&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java Wed Jun 2 10:19:26 2010
@@ -26,6 +26,7 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.LdapPrincipal;
import org.apache.directory.server.core.interceptor.context.BindOperationContext;
import org.apache.directory.server.core.partition.DefaultPartitionNexus;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.name.DN;
@@ -51,7 +52,7 @@ public interface Authenticator
* Returns the type of this authenticator (e.g. 'simple',
* 'none',...).
*/
- String getAuthenticatorType();
+ AuthenticationLevel getAuthenticatorType();
/**
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=950470&r1=950469&r2=950470&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Wed Jun 2 10:19:26 2010
@@ -51,16 +51,14 @@ import org.apache.directory.server.i18n.
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.LdapSecurityConstants;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.util.Base64;
import org.apache.directory.shared.ldap.util.StringTools;
import org.apache.directory.shared.ldap.util.UnixCrypt;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
/**
@@ -75,8 +73,6 @@ import org.slf4j.LoggerFactory;
*/
public class SimpleAuthenticator extends AbstractAuthenticator
{
- private static final Logger LOG = LoggerFactory.getLogger( SimpleAuthenticator.class );
-
/** A speedup for logger in debug mode */
private static final boolean IS_DEBUG = LOG.isDebugEnabled();
@@ -137,7 +133,7 @@ public class SimpleAuthenticator extends
*/
public SimpleAuthenticator()
{
- super( AuthenticationLevel.SIMPLE.toString() );
+ super( AuthenticationLevel.SIMPLE );
credentialCache = new LRUMap( DEFAULT_CACHE_SIZE );
}
@@ -148,7 +144,7 @@ public class SimpleAuthenticator extends
*/
public SimpleAuthenticator( int cacheSize )
{
- super( AuthenticationLevel.SIMPLE.toString() );
+ super( AuthenticationLevel.SIMPLE );
credentialCache = new LRUMap( cacheSize > 0 ? cacheSize : DEFAULT_CACHE_SIZE );
}
@@ -191,7 +187,7 @@ public class SimpleAuthenticator extends
* @return A byte array which can be empty if the password was not found
* @throws Exception If we have a problem during the lookup operation
*/
- private LdapPrincipal getStoredPassword( BindOperationContext opContext ) throws Exception
+ private LdapPrincipal getStoredPassword( BindOperationContext opContext ) throws LdapAuthenticationException
{
LdapPrincipal principal = null;
@@ -272,7 +268,7 @@ public class SimpleAuthenticator extends
* The stored password is always using the unsalted form, and is stored as a bytes array.
*
*/
- public LdapPrincipal authenticate( BindOperationContext opContext ) throws Exception
+ public LdapPrincipal authenticate( BindOperationContext opContext ) throws LdapAuthenticationException
{
if ( IS_DEBUG )
{
@@ -588,7 +584,7 @@ public class SimpleAuthenticator extends
* @return the credentials from the backend
* @throws Exception if there are problems accessing backend
*/
- private byte[] lookupUserPassword( BindOperationContext opContext ) throws Exception
+ private byte[] lookupUserPassword( BindOperationContext opContext ) throws LdapAuthenticationException
{
// ---- lookup the principal entry's userPassword attribute
Entry userEntry;
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java?rev=950470&r1=950469&r2=950470&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java Wed Jun 2 10:19:26 2010
@@ -20,11 +20,10 @@
package org.apache.directory.server.core.authn;
-import javax.naming.NamingException;
-
import org.apache.directory.server.core.LdapPrincipal;
import org.apache.directory.server.core.interceptor.context.BindOperationContext;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
/**
@@ -43,15 +42,15 @@ public class StrongAuthenticator extends
*/
public StrongAuthenticator()
{
- super( AuthenticationLevel.STRONG.toString() );
+ super( AuthenticationLevel.STRONG );
}
/**
- * User has already been authenticated during SASL negotiation. Set the authentication level
+ * User has already been authenticated during SASL negotiation. Set the authentication level
* to strong and return an {@link LdapPrincipal}.
*/
- public LdapPrincipal authenticate( BindOperationContext opContext ) throws NamingException
+ public LdapPrincipal authenticate( BindOperationContext opContext ) throws LdapAuthenticationException
{
// Possibly check if user account is disabled, other account checks.
return new LdapPrincipal( opContext.getDn(), AuthenticationLevel.STRONG );
Modified: directory/shared/trunk/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java?rev=950470&r1=950469&r2=950470&view=diff
==============================================================================
--- directory/shared/trunk/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java (original)
+++ directory/shared/trunk/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java Wed Jun 2 10:19:26 2010
@@ -23,7 +23,13 @@ import org.apache.directory.shared.i18n.
/**
- * An enumeration that represents the level of authentication.
+ * An enumeration that represents the level of authentication. We have 5
+ * different levels :
+ *
+ * - NONE : anonymous
+ * - SIMPLE : Simple authentication
+ * - STRONG : SASL or external authentication
+ * - UNAUTHENT>A special case when just doing some auditing
*
* @author Apache Directory Project
* @version $Rev$, $Date$
@@ -31,11 +37,6 @@ import org.apache.directory.shared.i18n.
public enum AuthenticationLevel
{
/**
- * Invalid authentication type
- */
- INVALID(-1, "invalid" ),
-
- /**
* No authentication (anonymous access)
*/
NONE( 0, "none" ),
@@ -55,8 +56,10 @@ public enum AuthenticationLevel
*/
UNAUTHENT( 3, "unauthent" );
+ /** The internal numeric value */
private int level;
+ /** The level name */
private final String name;
private AuthenticationLevel( int level, String name )
@@ -83,12 +86,22 @@ public enum AuthenticationLevel
}
+ /**
+ * {@inheritDoc}
+ */
public String toString()
{
return name;
}
-
-
+
+
+ /**
+ * Return the AuthenticationLevel associated with the given numeric level. This
+ * is used by the serialization process.
+ *
+ * @param val The numeric level we are looking at
+ * @return The associated AuthenticationLevel
+ */
public static AuthenticationLevel getLevel( int val )
{
switch( val )