directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1446503 - in /directory/apacheds/trunk: interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/ server-integ/src/test/java/org/apache/dire...
Date Fri, 15 Feb 2013 10:45:30 GMT
Author: elecharny
Date: Fri Feb 15 10:45:29 2013
New Revision: 1446503

URL: http://svn.apache.org/r1446503
Log:
o Fixed the setAuthenticators() method to really reset the list of authenticators when setting
new ones
o Added kerberos logs in StoreUtils
o Added a SimpleBind test to check that we can't bind when providing a bad user if the SimpleAuthenticator
is not enabled

Modified:
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java
    directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1446503&r1=1446502&r2=1446503&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Fri Feb 15 10:45:29 2013
@@ -231,10 +231,18 @@ public class AuthenticationInterceptor e
         }
 
         this.authenticators.clear();
+        this.authenticatorsMapByType.clear();
 
         for ( Authenticator authenticator : authenticators )
         {
-            this.authenticators.add( authenticator );
+            try
+            {
+                register( authenticator, directoryService );
+            }
+            catch ( LdapException le )
+            {
+                LOG.error( "Cannot register authenticator {}", authenticator );
+            }
         }
     }
 
@@ -246,7 +254,8 @@ public class AuthenticationInterceptor e
     {
         authenticatorsMapByType.clear();
         Set<Authenticator> copy = new HashSet<Authenticator>( authenticators
);
-        authenticators = null;
+        authenticators = new HashSet<Authenticator>();
+
         for ( Authenticator authenticator : copy )
         {
             authenticator.destroy();
@@ -313,7 +322,6 @@ public class AuthenticationInterceptor e
 
         Entry entry = addContext.getEntry();
 
-
         if ( !directoryService.isPwdPolicyEnabled() || addContext.isReplEvent() )
         {
             next( addContext );
@@ -410,76 +418,56 @@ public class AuthenticationInterceptor e
         }
 
         Collection<Authenticator> authenticators = getAuthenticators( level );
-
-        if ( authenticators == null )
-        {
-            LOG.debug( "No authenticators found, delegating bind to the nexus." );
-
-            // as a last resort try binding via the nexus
-            next( bindContext );
-
-            LOG.debug( "Nexus succeeded on bind operation." );
-
-            // bind succeeded if we got this far
-            // TODO - authentication level not being set
-            LdapPrincipal principal = new LdapPrincipal( schemaManager, bindContext.getDn(),
AuthenticationLevel.SIMPLE );
-            CoreSession session = new DefaultCoreSession( principal, directoryService );
-            bindContext.setSession( session );
-
-            // remove creds so there is no security risk
-            bindContext.setCredentials( null );
-            return;
-        }
-
+        PasswordPolicyException ppe = null;
         boolean isPPolicyReqCtrlPresent = bindContext.hasRequestControl( PasswordPolicy.OID
);
         PasswordPolicyDecorator pwdRespCtrl =
             new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
-
         boolean authenticated = false;
-        PasswordPolicyException ppe = null;
 
-        // TODO : we should refactor that.
-        // try each authenticator
-        for ( Authenticator authenticator : authenticators )
+        if ( authenticators == null )
         {
-            try
+            LOG.warn( "Cannot find any authenticator for level {} : {}", level );
+        }
+        else
+        {
+
+            // TODO : we should refactor that.
+            // try each authenticator
+            for ( Authenticator authenticator : authenticators )
             {
-                // perform the authentication
-                LdapPrincipal principal = authenticator.authenticate( bindContext );
+                try
+                {
+                    // perform the authentication
+                    LdapPrincipal principal = authenticator.authenticate( bindContext );
 
-                LdapPrincipal clonedPrincipal = ( LdapPrincipal ) ( principal.clone() );
+                    LdapPrincipal clonedPrincipal = ( LdapPrincipal ) ( principal.clone()
);
 
-                // remove creds so there is no security risk
-                bindContext.setCredentials( null );
-                clonedPrincipal.setUserPassword( StringConstants.EMPTY_BYTES );
+                    // remove creds so there is no security risk
+                    bindContext.setCredentials( null );
+                    clonedPrincipal.setUserPassword( StringConstants.EMPTY_BYTES );
 
-                // authentication was successful
-                CoreSession session = new DefaultCoreSession( clonedPrincipal, directoryService
);
-                bindContext.setSession( session );
+                    // authentication was successful
+                    CoreSession session = new DefaultCoreSession( clonedPrincipal, directoryService
);
+                    bindContext.setSession( session );
 
-                authenticated = true;
+                    authenticated = true;
 
-                // break out of the loop if the authentication succeeded
-                break;
-            }
-            catch ( PasswordPolicyException e )
-            {
-                ppe = e;
-                break;
-            }
-            catch ( LdapAuthenticationException e )
-            {
-                // authentication failed, try the next authenticator
-                if ( LOG.isInfoEnabled() )
+                    // break out of the loop if the authentication succeeded
+                    break;
+                }
+                catch ( PasswordPolicyException e )
                 {
+                    ppe = e;
+                    break;
+                }
+                catch ( LdapAuthenticationException e )
+                {
+                    // authentication failed, try the next authenticator
                     LOG.info( "Authenticator {} failed to authenticate: {}", authenticator,
bindContext );
                 }
-            }
-            catch ( Exception e )
-            {
-                // Log other exceptions than LdapAuthenticationException
-                if ( LOG.isWarnEnabled() )
+                catch ( Exception e )
                 {
+                    // Log other exceptions than LdapAuthenticationException
                     LOG.info( "Unexpected failure for Authenticator {} : {}", authenticator,
bindContext );
                 }
             }
@@ -498,17 +486,17 @@ public class AuthenticationInterceptor e
 
         Dn dn = bindContext.getDn();
         Entry userEntry = bindContext.getEntry();
-        
+
         PasswordPolicyConfiguration policyConfig = getPwdPolicy( userEntry );
 
         // load the user entry again if ppolicy is enabled, cause the authenticator might
have modified the entry
-        if( policyConfig != null )
+        if ( policyConfig != null )
         {
             LookupOperationContext lookupContext = new LookupOperationContext( adminSession,
bindContext.getDn(),
-                    SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+                SchemaConstants.ALL_ATTRIBUTES_ARRAY );
             userEntry = directoryService.getPartitionNexus().lookup( lookupContext );
         }
-        
+
         // check if the user entry is null, it will be null
         // in cases of anonymous bind
         if ( authenticated && ( userEntry == null ) && directoryService.isAllowAnonymousAccess()
)
@@ -585,12 +573,12 @@ public class AuthenticationInterceptor e
                     }
                 }
 
-                if( !mods.isEmpty() )
+                if ( !mods.isEmpty() )
                 {
                     String csnVal = directoryService.getCSN().toString();
                     Modification csnMod = new DefaultModification( REPLACE_ATTRIBUTE, ENTRY_CSN_AT,
csnVal );
                     mods.add( csnMod );
-                    
+
                     ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession
);
                     bindModCtx.setDn( dn );
                     bindModCtx.setEntry( userEntry );
@@ -816,8 +804,7 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( modifyContext );
 
-
-        if ( ! directoryService.isPwdPolicyEnabled() || modifyContext.isReplEvent() )
+        if ( !directoryService.isPwdPolicyEnabled() || modifyContext.isReplEvent() )
         {
             next( modifyContext );
             invalidateAuthenticatorCaches( modifyContext.getDn() );
@@ -849,7 +836,8 @@ public class AuthenticationInterceptor e
                         modifyContext.addResponseControl( responseControl );
                     }
 
-                    throw new LdapNoPermissionException( "Password should be reset before
making any changes to this entry" );
+                    throw new LdapNoPermissionException(
+                        "Password should be reset before making any changes to this entry"
);
                 }
             }
 
@@ -888,12 +876,12 @@ public class AuthenticationInterceptor e
             }
 
             Entry entry = modifyContext.getEntry();
-            
+
             boolean removeFromPwdResetSet = false;
-            
+
             List<Modification> mods = new ArrayList<Modification>();
-            
-            if( pwdModDetails.isAddOrReplace() )
+
+            if ( pwdModDetails.isAddOrReplace() )
             {
                 if ( isPwdTooYoung( entry, policyConfig ) )
                 {
@@ -901,16 +889,17 @@ public class AuthenticationInterceptor e
                     {
                         PasswordPolicyDecorator responseControl =
                             new PasswordPolicyDecorator( directoryService.getLdapCodecService(),
true );
-                        responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG
);
+                        responseControl.getResponse().setPasswordPolicyError(
+                            PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG );
                         modifyContext.addResponseControl( responseControl );
                     }
-                    
+
                     throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION,
                         "password is too young to update" );
                 }
-                
+
                 byte[] newPassword = pwdModDetails.getNewPwd();
-                
+
                 try
                 {
                     String userName = entry.getDn().getRdn().getValue().getString();
@@ -926,33 +915,33 @@ public class AuthenticationInterceptor e
                             PasswordPolicyErrorEnum.get( e.getErrorCode() ) );
                         modifyContext.addResponseControl( responseControl );
                     }
-                    
+
                     // throw exception if userPassword quality checks fail
                     throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION,
e.getMessage(), e );
                 }
-                
+
                 int histSize = policyConfig.getPwdInHistory();
                 Modification pwdRemHistMod = null;
                 Modification pwdAddHistMod = null;
                 String pwdChangedTime = DateUtils.getGeneralizedTime();
-                
+
                 if ( histSize > 0 )
                 {
                     Attribute pwdHistoryAt = entry.get( AT_PWD_HISTORY );
-                    
+
                     if ( pwdHistoryAt == null )
                     {
                         pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
                     }
-                    
+
                     List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
-                    
+
                     for ( Value<?> value : pwdHistoryAt )
                     {
                         PasswordHistory pwdh = new PasswordHistory( Strings.utf8ToString(
value.getBytes() ) );
-                        
+
                         boolean matched = Arrays.equals( newPassword, pwdh.getPassword()
);
-                        
+
                         if ( matched )
                         {
                             if ( isPPolicyReqCtrlPresent )
@@ -963,39 +952,39 @@ public class AuthenticationInterceptor e
                                     PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY );
                                 modifyContext.addResponseControl( responseControl );
                             }
-                            
+
                             throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION,
                                 "invalid reuse of password present in password history" );
                         }
-                        
+
                         pwdHistLst.add( pwdh );
                     }
-                    
+
                     if ( pwdHistLst.size() >= histSize )
                     {
                         // see the javadoc of PasswordHistory
                         Collections.sort( pwdHistLst );
-                        
+
                         // remove the oldest value
                         PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize
- 1];
                         Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
                         tempAt.add( remPwdHist.getHistoryValue() );
                         pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt
);
                     }
-                    
+
                     PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword
);
                     pwdHistoryAt.add( newPwdHist.getHistoryValue() );
                     pwdAddHistMod = new DefaultModification( REPLACE_ATTRIBUTE, pwdHistoryAt
);
                 }
-                
+
                 next( modifyContext );
-                
+
                 invalidateAuthenticatorCaches( modifyContext.getDn() );
-                
+
                 LookupOperationContext lookupContext = new LookupOperationContext( adminSession,
modifyContext.getDn(),
                     SchemaConstants.ALL_ATTRIBUTES_ARRAY );
                 entry = directoryService.getPartitionNexus().lookup( lookupContext );
-                
+
                 if ( ( policyConfig.getPwdMinAge() > 0 ) || ( policyConfig.getPwdMaxAge()
> 0 ) )
                 {
                     Attribute pwdChangedTimeAt = new DefaultAttribute( AT_PWD_CHANGED_TIME
);
@@ -1003,22 +992,22 @@ public class AuthenticationInterceptor e
                     Modification pwdChangedTimeMod = new DefaultModification( REPLACE_ATTRIBUTE,
pwdChangedTimeAt );
                     mods.add( pwdChangedTimeMod );
                 }
-                
+
                 if ( pwdAddHistMod != null )
                 {
                     mods.add( pwdAddHistMod );
                 }
-                
+
                 if ( pwdRemHistMod != null )
                 {
                     mods.add( pwdRemHistMod );
                 }
-                
+
                 if ( policyConfig.isPwdMustChange() )
                 {
                     Attribute pwdMustChangeAt = new DefaultAttribute( AT_PWD_RESET );
                     Modification pwdMustChangeMod = null;
-                    
+
                     if ( modifyContext.getSession().isAnAdministrator() )
                     {
                         pwdMustChangeAt.add( "TRUE" );
@@ -1029,7 +1018,7 @@ public class AuthenticationInterceptor e
                         pwdMustChangeMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdMustChangeAt
);
                         removeFromPwdResetSet = true;
                     }
-                    
+
                     mods.add( pwdMustChangeMod );
                 }
             }
@@ -1049,28 +1038,28 @@ public class AuthenticationInterceptor e
                 mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdGraceUseTimeAt )
);
             }
 
-            if( pwdModDetails.isDelete() )
+            if ( pwdModDetails.isDelete() )
             {
                 Attribute pwdHistory = entry.get( AT_PWD_HISTORY );
-                if( pwdHistory != null )
+                if ( pwdHistory != null )
                 {
                     mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdHistory ) );
                 }
-                
+
                 Attribute pwdChangedTimeAt = entry.get( AT_PWD_CHANGED_TIME );
-                if( pwdChangedTimeAt != null )
+                if ( pwdChangedTimeAt != null )
                 {
                     mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdChangedTimeAt
) );
                 }
-                
+
                 Attribute pwdMustChangeAt = entry.get( AT_PWD_RESET );
-                if( pwdMustChangeAt != null )
+                if ( pwdMustChangeAt != null )
                 {
                     mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdMustChangeAt
) );
                 }
-                
+
                 Attribute pwdAccountLockedTimeAt = entry.get( AT_PWD_ACCOUNT_LOCKED_TIME
);
-                if( pwdAccountLockedTimeAt != null )
+                if ( pwdAccountLockedTimeAt != null )
                 {
                     mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdAccountLockedTimeAt
) );
                 }
@@ -1081,7 +1070,7 @@ public class AuthenticationInterceptor e
             internalModifyCtx.setModItems( mods );
 
             directoryService.getPartitionNexus().modify( internalModifyCtx );
-            
+
             if ( removeFromPwdResetSet || pwdModDetails.isDelete() )
             {
                 pwdResetSet.remove( userDn.getNormName() );
@@ -1316,7 +1305,7 @@ public class AuthenticationInterceptor e
         }
 
         Attribute pwdChangedTimeAt = userEntry.get( AT_PWD_CHANGED_TIME );
-        long changedTime = DateUtils.getDate(pwdChangedTimeAt.getString()).getTime();
+        long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
 
         long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
         int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
@@ -1460,7 +1449,6 @@ public class AuthenticationInterceptor e
         }
     }
 
-
     private static class PwdModDetailsHolder
     {
         private boolean pwdModPresent = false;
@@ -1627,7 +1615,7 @@ public class AuthenticationInterceptor e
         long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
 
         Iterator<Value<?>> itr = pwdFailTimeAt.iterator();
-        
+
         while ( itr.hasNext() )
         {
             Value<?> value = itr.next();

Modified: directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java?rev=1446503&r1=1446502&r2=1446503&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java
(original)
+++ directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java
Fri Feb 15 10:45:29 2013
@@ -19,11 +19,12 @@
  */
 package org.apache.directory.server.protocol.shared.kerberos;
 
+
 import java.nio.ByteBuffer;
 
-import org.apache.directory.api.ldap.model.entry.StringValue;
 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
 import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.entry.StringValue;
 import org.apache.directory.api.ldap.model.entry.Value;
 import org.apache.directory.api.ldap.model.filter.EqualityNode;
 import org.apache.directory.api.ldap.model.filter.ExprNode;
@@ -50,9 +51,11 @@ import org.slf4j.LoggerFactory;
  */
 public class StoreUtils
 {
+    /** Loggers for this class */
     private static final Logger LOG = LoggerFactory.getLogger( StoreUtils.class );
-    
-    
+    private static final Logger LOG_KRB = LoggerFactory.getLogger( "KERBEROS" );
+
+
     /**
      * Creates a Entry for a PrincipalStoreEntry, doing what a state 
      * factory does but for Entry instead of Attributes.
@@ -67,11 +70,11 @@ public class StoreUtils
         throws Exception
     {
         Entry outAttrs = session.getDirectoryService().newEntry( dn );
-        
+
         // process the objectClass attribute
-        outAttrs.add( SchemaConstants.OBJECT_CLASS_AT, 
-            SchemaConstants.TOP_OC, SchemaConstants.UID_OBJECT_AT, 
-            "uidObject", SchemaConstants.EXTENSIBLE_OBJECT_OC, 
+        outAttrs.add( SchemaConstants.OBJECT_CLASS_AT,
+            SchemaConstants.TOP_OC, SchemaConstants.UID_OBJECT_AT,
+            "uidObject", SchemaConstants.EXTENSIBLE_OBJECT_OC,
             SchemaConstants.PERSON_OC, SchemaConstants.ORGANIZATIONAL_PERSON_OC,
             SchemaConstants.INET_ORG_PERSON_OC, SchemaConstants.KRB5_PRINCIPAL_OC,
             "krb5KDCEntry" );
@@ -80,9 +83,9 @@ public class StoreUtils
         outAttrs.add( KerberosAttribute.APACHE_SAM_TYPE_AT, "7" );
         outAttrs.add( SchemaConstants.SN_AT, principalEntry.getUserId() );
         outAttrs.add( SchemaConstants.CN_AT, principalEntry.getCommonName() );
-        
+
         EncryptionKey encryptionKey = principalEntry.getKeyMap().get( EncryptionType.DES_CBC_MD5
);
-        
+
         ByteBuffer buffer = ByteBuffer.allocate( encryptionKey.computeLength() );
         outAttrs.add( KerberosAttribute.KRB5_KEY_AT, encryptionKey.encode( buffer ).array()
);
 
@@ -93,8 +96,8 @@ public class StoreUtils
 
         return outAttrs;
     }
-    
-    
+
+
     /**
      * Constructs a filter expression tree for the filter used to search the 
      * directory.
@@ -110,7 +113,7 @@ public class StoreUtils
         Value<String> value = new StringValue( type, principal );
         return new EqualityNode<String>( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT,
value );
     }
-    
+
 
     /**
      * Finds the Entry associated with the Kerberos principal name.
@@ -125,29 +128,32 @@ public class StoreUtils
         throws Exception
     {
         EntryFilteringCursor cursor = null;
-        
+
         try
         {
             SchemaManager schemaManager = session.getDirectoryService().getSchemaManager();
-            cursor = session.search( searchBaseDn, SearchScope.SUBTREE, 
+            cursor = session.search( searchBaseDn, SearchScope.SUBTREE,
                 getFilter( schemaManager, principal ), AliasDerefMode.DEREF_ALWAYS, null
);
-    
+
             cursor.beforeFirst();
             if ( cursor.next() )
             {
                 Entry entry = cursor.get();
                 LOG.debug( "Found entry {} for kerberos principal name {}", entry, principal
);
-                
+                LOG_KRB.debug( "Found entry {} for kerberos principal name {}", entry, principal
);
+
                 while ( cursor.next() )
                 {
                     LOG.error( I18n.err( I18n.ERR_149, principal, cursor.next() ) );
                 }
-                
+
                 return entry;
             }
             else
             {
                 LOG.warn( "No server entry found for kerberos principal name {}", principal
);
+                LOG_KRB.warn( "No server entry found for kerberos principal name {}", principal
);
+
                 return null;
             }
         }

Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java?rev=1446503&r1=1446502&r2=1446503&view=diff
==============================================================================
--- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java
(original)
+++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java
Fri Feb 15 10:45:29 2013
@@ -21,6 +21,7 @@ package org.apache.directory.server.oper
 
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -45,6 +46,7 @@ import netscape.ldap.LDAPException;
 import netscape.ldap.LDAPSearchResults;
 import netscape.ldap.LDAPUrl;
 
+import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
 import org.apache.directory.junit.tools.MultiThreadedMultiInvoker;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
@@ -52,6 +54,12 @@ import org.apache.directory.server.annot
 import org.apache.directory.server.annotations.CreateTransport;
 import org.apache.directory.server.core.annotations.ApplyLdifs;
 import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.api.InterceptorEnum;
+import org.apache.directory.server.core.authn.AnonymousAuthenticator;
+import org.apache.directory.server.core.authn.AuthenticationInterceptor;
+import org.apache.directory.server.core.authn.Authenticator;
+import org.apache.directory.server.core.authn.SimpleAuthenticator;
+import org.apache.directory.server.core.authn.StrongAuthenticator;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
 import org.junit.Rule;
@@ -455,4 +463,62 @@ public class SimpleBindIT extends Abstra
         assertTrue( connection.isAuthenticated() );
         connection.close();
     }
+
+
+    /**
+     * Tests bind operation on a server where the SimpleAuthenticator is disabled
+     */
+    @Test
+    public void testBindSimpleAuthenticatorDisabled() throws Exception
+    {
+        LdapConnection connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort()
);
+        connection.setTimeOut( 0 );
+
+        try
+        {
+            connection.bind( "uid=hacker", "badsecret" );
+            fail();
+        }
+        catch ( LdapAuthenticationException lae )
+        {
+            //Expected
+        }
+
+        assertFalse( connection.isAuthenticated() );
+
+        AuthenticationInterceptor authInterceptor = ( AuthenticationInterceptor ) ldapServer.getDirectoryService()
+            .getInterceptor( InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName() );
+        authInterceptor.destroy();
+        authInterceptor.setAuthenticators( new Authenticator[]
+            { new StrongAuthenticator() } );
+
+        try
+        {
+            connection.bind( "uid=hacker", "badsecret" );
+            fail();
+        }
+        catch ( LdapAuthenticationException lae )
+        {
+            //Expected
+        }
+
+        // Try with an existing user
+        try
+        {
+            connection.bind( "uid=admin,ou=system", "secret" );
+            fail();
+        }
+        catch ( LdapAuthenticationException lae )
+        {
+            //Expected
+        }
+
+        assertFalse( connection.isAuthenticated() );
+        connection.close();
+
+        // Reset the authenticators
+        authInterceptor.destroy();
+        authInterceptor.setAuthenticators( new Authenticator[]
+            { new StrongAuthenticator(), new SimpleAuthenticator(), new AnonymousAuthenticator()
} );
+    }
 }



Mime
View raw message