directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1675730 - in /directory/apacheds/trunk: core-annotations/src/main/java/org/apache/directory/server/core/annotations/ core-annotations/src/main/java/org/apache/directory/server/core/factory/ core-annotations/src/test/java/org/apache/directo...
Date Thu, 23 Apr 2015 22:57:51 GMT
Author: elecharny
Date: Thu Apr 23 22:57:50 2015
New Revision: 1675730

URL: http://svn.apache.org/r1675730
Log:
o Added a baseDn filed in the AbstractAuthenticator class
o Made all the authenticators have a base DN from which they will be active
o Added authenticator constructors that take a baseDn as a parameter
o Added a selectAuthenticator() method in the AuthenticationInterceptor
o Removed the AuthenticationInterceptorTest test
o 

Removed:
    directory/apacheds/trunk/interceptors/authn/src/test/java/org/apache/directory/server/core/authn/AuthenticationInterceptorTest.java
Modified:
    directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
    directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java
    directory/apacheds/trunk/core-annotations/src/test/java/org/apache/directory/server/core/factory/DirectoryServiceAnnotationTest.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java
    directory/apacheds/trunk/interceptors/authn/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticatorOneWayEncryptedTest.java
    directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/AuthenticatorBean.java
    directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/DelegatingAuthenticatorBean.java
    directory/apacheds/trunk/server-config/src/main/resources/config.ldif
    directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java
    directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java

Modified: directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
(original)
+++ directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
Thu Apr 23 22:57:50 2015
@@ -57,8 +57,8 @@ public @interface CreateAuthenticator
     int delegatePort() default -1;
 
 
-    /** The base DN from which we will delegate authentication */
-    String delegateBaseDn() default "";
+    /** The base DN from which we will do authentication */
+    String baseDn() default "";
 
 
     /** Tells if we use SSL to connect */

Modified: directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java
(original)
+++ directory/apacheds/trunk/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java
Thu Apr 23 22:57:50 2015
@@ -128,7 +128,7 @@ public class DSAnnotationProcessor
                     dauth.setDelegatePort( createAuthenticator.delegatePort() );
                     dauth.setDelegateSsl( createAuthenticator.delegateSsl() );
                     dauth.setDelegateTls( createAuthenticator.delegateTls() );
-                    dauth.setDelegateBaseDn( createAuthenticator.delegateBaseDn() );
+                    dauth.setBaseDn( service.getDnFactory().create( createAuthenticator.baseDn()
) );
                     dauth.setDelegateSslTrustManagerFQCN( createAuthenticator.delegateSslTrustManagerFQCN()
);
                     dauth.setDelegateTlsTrustManagerFQCN( createAuthenticator.delegateTlsTrustManagerFQCN()
);
                 }

Modified: directory/apacheds/trunk/core-annotations/src/test/java/org/apache/directory/server/core/factory/DirectoryServiceAnnotationTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-annotations/src/test/java/org/apache/directory/server/core/factory/DirectoryServiceAnnotationTest.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/core-annotations/src/test/java/org/apache/directory/server/core/factory/DirectoryServiceAnnotationTest.java
(original)
+++ directory/apacheds/trunk/core-annotations/src/test/java/org/apache/directory/server/core/factory/DirectoryServiceAnnotationTest.java
Thu Apr 23 22:57:50 2015
@@ -223,7 +223,7 @@ public class DirectoryServiceAnnotationT
     {
         protected DummyAuthenticator()
         {
-            super( AuthenticationLevel.SIMPLE );
+            super( AuthenticationLevel.SIMPLE, Dn.ROOT_DSE );
         }
 
 

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
Thu Apr 23 22:57:50 2015
@@ -67,6 +67,9 @@ public abstract class AbstractAuthentica
     /** authenticator type */
     private final AuthenticationLevel authenticatorType;
 
+    /** The base DN which will be the starting point from which we use the authenticator
*/
+    private Dn baseDn;
+
 
     /**
      * Creates a new instance.
@@ -76,6 +79,20 @@ public abstract class AbstractAuthentica
     protected AbstractAuthenticator( AuthenticationLevel type )
     {
         this.authenticatorType = type;
+        this.baseDn = Dn.ROOT_DSE;
+    }
+
+
+    /**
+     * Creates a new instance.
+     *
+     * @param type the type of this authenticator (e.g. <tt>'simple'</tt>, <tt>'none'</tt>...)
+     * @param baseDn The base DN for this authenticator
+     */
+    protected AbstractAuthenticator( AuthenticationLevel type, Dn baseDn )
+    {
+        this.authenticatorType = type;
+        this.baseDn = baseDn;
     }
 
 
@@ -153,6 +170,34 @@ public abstract class AbstractAuthentica
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isValid( Dn bindDn )
+    {
+        // The authenticator is valid if the baseDn is null or if it's a parent of the bindDn
+        return ( baseDn == null ) || ( baseDn.isAncestorOf( bindDn ) );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public Dn getBaseDn()
+    {
+        return baseDn;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setBaseDn( Dn baseDn )
+    {
+        this.baseDn = baseDn;
+    }
+
+
     /**
      * {@inheritDoc}
      */

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AnonymousAuthenticator.java
Thu Apr 23 22:57:50 2015
@@ -24,6 +24,7 @@ import java.net.SocketAddress;
 
 import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
 import org.apache.directory.api.ldap.model.exception.LdapNoPermissionException;
+import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.server.core.api.LdapPrincipal;
 import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
 import org.apache.directory.server.i18n.I18n;
@@ -47,6 +48,15 @@ public class AnonymousAuthenticator exte
     }
 
 
+    /**
+     * Creates a new instance.
+     */
+    public AnonymousAuthenticator( Dn baseDn )
+    {
+        super( AuthenticationLevel.NONE, baseDn );
+    }
+
+
     /**
      * If the context is not configured to allow anonymous connections,
      * this method throws a {@link javax.naming.NoPermissionException}.

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Thu Apr 23 22:57:50 2015
@@ -198,9 +198,9 @@ public class AuthenticationInterceptor e
         }
 
         authenticators.clear();
-        authenticators.add( new AnonymousAuthenticator() );
-        authenticators.add( new SimpleAuthenticator() );
-        authenticators.add( new StrongAuthenticator() );
+        authenticators.add( new AnonymousAuthenticator( Dn.ROOT_DSE ) );
+        authenticators.add( new SimpleAuthenticator( Dn.ROOT_DSE ) );
+        authenticators.add( new StrongAuthenticator( Dn.ROOT_DSE ) );
     }
 
 
@@ -412,6 +412,63 @@ public class AuthenticationInterceptor e
 
 
     /**
+     * Return the selected authenticator given the DN and the level required.
+     */
+    private Authenticator selectAuthenticator( Dn bindDn, AuthenticationLevel level )
+        throws LdapUnwillingToPerformException, LdapAuthenticationException
+    {
+        Authenticator selectedAuthenticator = null;
+        Collection<Authenticator> authenticators = authenticatorsMapByType.get( level
);
+
+        if ( ( authenticators == null ) || ( authenticators.size() == 0 ) )
+        {
+            // No authenticators associated with this level : get out
+            throw new LdapAuthenticationException( "Cannot Bind for Dn "
+                + bindDn.getName() + ", no authenticator for the requested level " + level
);
+        }
+
+        if ( authenticators.size() == 1 )
+        {
+            // Just pick the existing one
+            for ( Authenticator authenticator : authenticators )
+            {
+                // Check that the bindDN fits
+                if ( authenticator.isValid( bindDn ) )
+                {
+                    return authenticator;
+                }
+                else
+                {
+                    throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM,
+                        "Cannot Bind for Dn "
+                            + bindDn.getName() + ", its not a descendant of the authenticator
base DN '"
+                            + authenticator.getBaseDn() + "'" );
+                }
+            }
+        }
+
+        // We have more than one authenticator. Let's loop on all of them and
+        // select the one that fits the bindDN
+        Dn innerDn = Dn.ROOT_DSE;
+
+        for ( Authenticator authenticator : authenticators )
+        {
+            if ( authenticator.isValid( bindDn ) )
+            {
+                // We have found a valid authenticator, let's check if it's the inner one
+                if ( innerDn.isAncestorOf( authenticator.getBaseDn() ) )
+                {
+                    innerDn = authenticator.getBaseDn();
+                    selectedAuthenticator = authenticator;
+                }
+            }
+        }
+
+        return selectedAuthenticator;
+    }
+
+
+    /**
      * {@inheritDoc}
      */
     public void bind( BindOperationContext bindContext ) throws LdapException
@@ -421,10 +478,13 @@ public class AuthenticationInterceptor e
             LOG.debug( "Operation Context: {}", bindContext );
         }
 
-        if ( ( bindContext.getSession() != null ) &&
-            ( bindContext.getSession().getEffectivePrincipal() != null ) &&
-            ( !bindContext.getSession().isAnonymous() ) &&
-            ( !bindContext.getSession().isAdministrator() ) )
+        CoreSession session = bindContext.getSession();
+        Dn bindDn = bindContext.getDn();
+
+        if ( ( session != null ) &&
+            ( session.getEffectivePrincipal() != null ) &&
+            ( !session.isAnonymous() ) &&
+            ( !session.isAdministrator() ) )
         {
             // null out the credentials
             bindContext.setCredentials( null );
@@ -439,66 +499,51 @@ public class AuthenticationInterceptor e
             // We don't check the Dn, we just return a UnwillingToPerform error
             // Cf RFC 4513, chap. 5.1.2
             throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM,
"Cannot Bind for Dn "
-                + bindContext.getDn().getName() );
+                + bindDn.getName() );
         }
 
-        Collection<Authenticator> authenticators = getAuthenticators( level );
         PasswordPolicyException ppe = null;
         boolean isPPolicyReqCtrlPresent = bindContext.hasRequestControl( PasswordPolicy.OID
);
         PasswordPolicyDecorator pwdRespCtrl =
             new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
         boolean authenticated = false;
 
-        if ( authenticators == null )
-        {
-            LOG.warn( "Cannot find any authenticator for level {} : {}", level );
-        }
-        else
-        {
-            // TODO : we should refactor that.
-            // try each authenticator
-            for ( Authenticator authenticator : authenticators )
-            {
-                try
-                {
-                    // perform the authentication
-                    LdapPrincipal principal = authenticator.authenticate( bindContext );
+        Authenticator authenticator = selectAuthenticator( bindDn, level );
 
-                    if ( principal != null )
-                    {
-                        LdapPrincipal clonedPrincipal = ( LdapPrincipal ) ( principal.clone()
);
+        try
+        {
+            // perform the authentication
+            LdapPrincipal principal = authenticator.authenticate( bindContext );
 
-                        // remove creds so there is no security risk
-                        bindContext.setCredentials( null );
-                        clonedPrincipal.setUserPassword( StringConstants.EMPTY_BYTES );
+            if ( principal != null )
+            {
+                LdapPrincipal clonedPrincipal = ( LdapPrincipal ) ( principal.clone() );
 
-                        // authentication was successful
-                        CoreSession session = new DefaultCoreSession( clonedPrincipal, directoryService
);
-                        bindContext.setSession( session );
+                // remove creds so there is no security risk
+                bindContext.setCredentials( null );
+                clonedPrincipal.setUserPassword( StringConstants.EMPTY_BYTES );
 
-                        authenticated = true;
+                // authentication was successful
+                CoreSession newSession = new DefaultCoreSession( clonedPrincipal, directoryService
);
+                bindContext.setSession( newSession );
 
-                        // break out of the loop if the authentication succeeded
-                        break;
-                    }
-                }
-                catch ( PasswordPolicyException e )
-                {
-                    ppe = e;
-                    break;
-                }
-                catch ( LdapAuthenticationException e )
-                {
-                    // authentication failed, try the next authenticator
-                    LOG.info( "Authenticator {} failed to authenticate: {}", authenticator,
bindContext );
-                }
-                catch ( Exception e )
-                {
-                    // Log other exceptions than LdapAuthenticationException
-                    LOG.info( "Unexpected failure for Authenticator {} : {}", authenticator,
bindContext );
-                }
+                authenticated = true;
             }
         }
+        catch ( PasswordPolicyException e )
+        {
+            ppe = e;
+        }
+        catch ( LdapAuthenticationException e )
+        {
+            // authentication failed, try the next authenticator
+            LOG.info( "Authenticator {} failed to authenticate: {}", authenticator, bindContext
);
+        }
+        catch ( Exception e )
+        {
+            // Log other exceptions than LdapAuthenticationException
+            LOG.info( "Unexpected failure for Authenticator {} : {}", authenticator, bindContext
);
+        }
 
         if ( ppe != null )
         {
@@ -511,7 +556,6 @@ public class AuthenticationInterceptor e
             throw ppe;
         }
 
-        Dn dn = bindContext.getDn();
         Entry userEntry = bindContext.getEntry();
 
         PasswordPolicyConfiguration policyConfig = getPwdPolicy( userEntry );
@@ -519,7 +563,7 @@ public class AuthenticationInterceptor e
         // load the user entry again if ppolicy is enabled, cause the authenticator might
have modified the entry
         if ( policyConfig != null )
         {
-            LookupOperationContext lookupContext = new LookupOperationContext( adminSession,
bindContext.getDn(),
+            LookupOperationContext lookupContext = new LookupOperationContext( adminSession,
bindDn,
                 SchemaConstants.ALL_ATTRIBUTES_ARRAY );
             userEntry = directoryService.getPartitionNexus().lookup( lookupContext );
         }
@@ -603,7 +647,7 @@ public class AuthenticationInterceptor e
                     {
                         LOG.warn(
                             "Interrupted while delaying to send the failed authentication
response for the user {}",
-                            dn, e );
+                            bindDn, e );
                     }
                 }
 
@@ -614,7 +658,7 @@ public class AuthenticationInterceptor e
                     mods.add( csnMod );
 
                     ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession
);
-                    bindModCtx.setDn( dn );
+                    bindModCtx.setDn( bindDn );
                     bindModCtx.setEntry( userEntry );
                     bindModCtx.setModItems( mods );
                     bindModCtx.setPushToEvtInterceptor( true );
@@ -623,7 +667,7 @@ public class AuthenticationInterceptor e
                 }
             }
 
-            String upDn = ( dn == null ? "" : dn.getName() );
+            String upDn = ( bindDn == null ? "" : bindDn.getName() );
             throw new LdapAuthenticationException( I18n.err( I18n.ERR_229, upDn ) );
         }
         else if ( policyConfig != null )
@@ -695,7 +739,7 @@ public class AuthenticationInterceptor e
                 mods.add( csnMod );
 
                 ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession
);
-                bindModCtx.setDn( dn );
+                bindModCtx.setDn( bindDn );
                 bindModCtx.setEntry( userEntry );
                 bindModCtx.setModItems( mods );
                 bindModCtx.setPushToEvtInterceptor( true );
@@ -715,7 +759,7 @@ public class AuthenticationInterceptor e
                 if ( isPwdMustReset( userEntry ) )
                 {
                     pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET
);
-                    pwdResetSet.add( dn.getNormName() );
+                    pwdResetSet.add( bindDn.getNormName() );
                 }
 
                 bindContext.addResponseControl( pwdRespCtrl );

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/Authenticator.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
Thu Apr 23 22:57:50 2015
@@ -28,8 +28,8 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.api.LdapPrincipal;
-import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
 import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyException;
+import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
 import org.apache.directory.server.core.shared.partition.DefaultPartitionNexus;
 
 
@@ -99,6 +99,30 @@ public interface Authenticator
      */
     void checkPwdPolicy( Entry userEntry ) throws LdapException;
 
+
+    /**
+     * Check that this selector is a valid one. The DN we want to authenticate has to be

+     * part of the DIT selection associated with teh Authenticator
+     *
+     * @param bindDn The DN we want to authenticate
+     * @return <code>true</code> if the Auhenticator is supporting the DN
+     */
+    boolean isValid( Dn bindDn );
+
+
+    /**
+     * @return The Authenticator base DN
+     */
+    Dn getBaseDn();
+
+
+    /**
+     * Set the baseDN into the Authenticator
+     * 
+     * @param baseDn The Base DN to set
+     */
+    public void setBaseDn( Dn baseDn );
+
     /**
      * Performs an unbind on the given context
      * 

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
Thu Apr 23 22:57:50 2015
@@ -59,9 +59,6 @@ public class DelegatingAuthenticator ext
     /** Tells if we use StartTLS to connect */
     private boolean delegateTls;
 
-    /** The base DN which will be the starting point from which we use the delegator authenticator
*/
-    private String delegateBaseDn;
-
     /** The SSL TrustManager FQCN to use */
     private String delegateSslTrustManagerFQCN;
 
@@ -71,7 +68,6 @@ public class DelegatingAuthenticator ext
 
     /**
      * Creates a new instance.
-     * @see AbstractAuthenticator
      */
     public DelegatingAuthenticator()
     {
@@ -80,13 +76,23 @@ public class DelegatingAuthenticator ext
 
 
     /**
+     * Creates a new instance.
+     * @see AbstractAuthenticator
+     */
+    public DelegatingAuthenticator( Dn baseDn )
+    {
+        super( AuthenticationLevel.SIMPLE, baseDn );
+    }
+
+
+    /**
      * Creates a new instance, for a specific authentication level.
      * @see AbstractAuthenticator
      * @param type The relevant AuthenticationLevel
      */
-    protected DelegatingAuthenticator( AuthenticationLevel type )
+    protected DelegatingAuthenticator( AuthenticationLevel type, Dn baseDn )
     {
-        super( type );
+        super( type, baseDn );
     }
 
 
@@ -149,16 +155,7 @@ public class DelegatingAuthenticator ext
      */
     public String getDelegateBaseDn()
     {
-        return delegateBaseDn;
-    }
-
-
-    /**
-     * @param delegateBaseDn the delegateBaseDn to set
-     */
-    public void setDelegateBaseDn( String delegateBaseDn )
-    {
-        this.delegateBaseDn = delegateBaseDn;
+        return getBaseDn().toString();
     }
 
 
@@ -234,7 +231,7 @@ public class DelegatingAuthenticator ext
 
         // Don't authenticate using this authenticator if the Bind ND is not a descendant
of the
         // configured delegate base DN (or if it's null)
-        if ( ( delegateBaseDn == null ) || ( !bindDn.isDescendantOf( delegateBaseDn ) ) )
+        if ( ( getBaseDn() == null ) || ( !bindDn.isDescendantOf( getBaseDn() ) ) )
         {
             return null;
         }

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Thu Apr 23 22:57:50 2015
@@ -91,7 +91,6 @@ public class SimpleAuthenticator extends
 
     /**
      * Creates a new instance.
-     * @see AbstractAuthenticator
      */
     public SimpleAuthenticator()
     {
@@ -101,12 +100,35 @@ public class SimpleAuthenticator extends
 
 
     /**
+     * Creates a new instance.
+     * @see AbstractAuthenticator
+     */
+    public SimpleAuthenticator( Dn baseDn )
+    {
+        super( AuthenticationLevel.SIMPLE, baseDn );
+        credentialCache = new LRUMap( DEFAULT_CACHE_SIZE );
+    }
+
+
+    /**
      * Creates a new instance, with an initial cache size
      * @param cacheSize the size of the credential cache
      */
     public SimpleAuthenticator( int cacheSize )
     {
-        super( AuthenticationLevel.SIMPLE );
+        super( AuthenticationLevel.SIMPLE, Dn.ROOT_DSE );
+
+        credentialCache = new LRUMap( cacheSize > 0 ? cacheSize : DEFAULT_CACHE_SIZE );
+    }
+
+
+    /**
+     * Creates a new instance, with an initial cache size
+     * @param cacheSize the size of the credential cache
+     */
+    public SimpleAuthenticator( int cacheSize, Dn baseDn )
+    {
+        super( AuthenticationLevel.SIMPLE, baseDn );
 
         credentialCache = new LRUMap( cacheSize > 0 ? cacheSize : DEFAULT_CACHE_SIZE );
     }

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/StrongAuthenticator.java
Thu Apr 23 22:57:50 2015
@@ -24,6 +24,7 @@ import java.net.SocketAddress;
 
 import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
 import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
+import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.server.core.api.LdapPrincipal;
 import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
 import org.apache.mina.core.session.IoSession;
@@ -40,7 +41,7 @@ import org.apache.mina.core.session.IoSe
 public class StrongAuthenticator extends AbstractAuthenticator
 {
     /**
-     * Creates a new instance of SaslAuthenticator.
+     * Creates a new instance.
      */
     public StrongAuthenticator()
     {
@@ -48,6 +49,15 @@ public class StrongAuthenticator extends
     }
 
 
+    /**
+     * Creates a new instance of SaslAuthenticator.
+     */
+    public StrongAuthenticator( Dn baseDn )
+    {
+        super( AuthenticationLevel.STRONG, baseDn );
+    }
+
+
     /**
      * User has already been authenticated during SASL negotiation. Set the authentication
level
      * to strong and return an {@link LdapPrincipal}.

Modified: directory/apacheds/trunk/interceptors/authn/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticatorOneWayEncryptedTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticatorOneWayEncryptedTest.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticatorOneWayEncryptedTest.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticatorOneWayEncryptedTest.java
Thu Apr 23 22:57:50 2015
@@ -23,14 +23,15 @@ package org.apache.directory.server.core
 
 import static org.junit.Assert.assertEquals;
 
-import com.mycila.junit.concurrent.Concurrency;
-import com.mycila.junit.concurrent.ConcurrentJunitRunner;
-
+import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.api.util.Strings;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import com.mycila.junit.concurrent.Concurrency;
+import com.mycila.junit.concurrent.ConcurrentJunitRunner;
+
 
 /**
  * Test case for helper methods within SimpleAuthenticator.
@@ -48,7 +49,7 @@ public class SimpleAuthenticatorOneWayEn
     public static void setUp() throws Exception
     {
 
-        auth = new SimpleAuthenticator();
+        auth = new SimpleAuthenticator( Dn.ROOT_DSE );
     }
 
 

Modified: directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/AuthenticatorBean.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/AuthenticatorBean.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/AuthenticatorBean.java
(original)
+++ directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/AuthenticatorBean.java
Thu Apr 23 22:57:50 2015
@@ -34,6 +34,10 @@ public abstract class AuthenticatorBean
     @ConfigurationElement(attributeType = "ads-authenticatorId", isRdn = true)
     private String authenticatorId;
 
+    /** The base DN which will be the starting point from which we use the authenticator
*/
+    @ConfigurationElement(attributeType = "ads-baseDn")
+    protected String baseDn;
+
 
     /**
      * @return the authenticatorId
@@ -51,4 +55,22 @@ public abstract class AuthenticatorBean
     {
         this.authenticatorId = authenticatorId;
     }
+
+
+    /**
+     * @return the baseDn
+     */
+    public String getBaseDn()
+    {
+        return baseDn;
+    }
+
+
+    /**
+     * @param baseDn the baseDn to set
+     */
+    public void setBaseDn( String baseDn )
+    {
+        this.baseDn = baseDn;
+    }
 }

Modified: directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/DelegatingAuthenticatorBean.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/DelegatingAuthenticatorBean.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/DelegatingAuthenticatorBean.java
(original)
+++ directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/DelegatingAuthenticatorBean.java
Thu Apr 23 22:57:50 2015
@@ -42,10 +42,6 @@ public class DelegatingAuthenticatorBean
     @ConfigurationElement(attributeType = "ads-delegateSsl", isOptional = true)
     private boolean delegateSsl;
 
-    /** The base DN which will be the starting point from which we use the delegator authenticator
*/
-    @ConfigurationElement(attributeType = "ads-delegateBaseDn")
-    private String delegateBaseDn;
-
 
     /**
      * @return the delegateHost
@@ -95,7 +91,7 @@ public class DelegatingAuthenticatorBean
 
         sb.append( tabs ).append( "  delegate host : " ).append( delegateHost ).append( '\n'
);
         sb.append( tabs ).append( "  delegate port : " ).append( delegatePort ).append( '\n'
);
-        sb.append( tabs ).append( "  delegate base DN : " ).append( delegateBaseDn ).append(
'\n' );
+        sb.append( tabs ).append( "  delegate base DN : " ).append( baseDn ).append( '\n'
);
         sb.append( tabs ).append( "  delegate SSL : " ).append( delegateSsl ).append( '\n'
);
 
         return sb.toString();

Modified: directory/apacheds/trunk/server-config/src/main/resources/config.ldif
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-config/src/main/resources/config.ldif?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/server-config/src/main/resources/config.ldif (original)
+++ directory/apacheds/trunk/server-config/src/main/resources/config.ldif Thu Apr 23 22:57:50
2015
@@ -71,6 +71,7 @@ objectclass: ads-base
 objectClass: ads-authenticator
 objectClass: ads-authenticatorImpl
 ads-authenticatorClass: org.apache.directory.server.core.authn.AnonymousAuthenticator
+ads-baseDn: 
 ads-enabled: TRUE
 
 dn: ads-authenticatorid=simpleauthenticator,ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
@@ -80,6 +81,7 @@ objectclass: ads-base
 objectClass: ads-authenticator
 objectClass: ads-authenticatorImpl
 ads-authenticatorClass: org.apache.directory.server.core.authn.SimpleAuthenticator
+ads-baseDn: 
 ads-enabled: TRUE
 
 dn: ads-authenticatorid=strongauthenticator,ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
@@ -89,6 +91,7 @@ objectclass: ads-base
 objectClass: ads-authenticator
 objectClass: ads-authenticatorImpl
 ads-authenticatorClass: org.apache.directory.server.core.authn.StrongAuthenticator
+ads-baseDn: 
 ads-enabled: TRUE
 
 dn: ads-authenticatorid=delegatingauthenticator,ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
@@ -98,6 +101,7 @@ objectclass: ads-base
 objectClass: ads-authenticator
 objectClass: ads-authenticatorImpl
 ads-authenticatorClass: org.apache.directory.server.core.authn.DelegatingAuthenticator
+ads-baseDn: 
 ads-enabled: FALSE
 
 dn: ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config

Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java
(original)
+++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SimpleBindIT.java
Thu Apr 23 22:57:50 2015
@@ -47,6 +47,7 @@ import netscape.ldap.LDAPSearchResults;
 import netscape.ldap.LDAPUrl;
 
 import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
+import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.directory.server.annotations.CreateLdapServer;
@@ -485,7 +486,7 @@ public class SimpleBindIT extends Abstra
             .getInterceptor( InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName() );
         authInterceptor.destroy();
         authInterceptor.setAuthenticators( new Authenticator[]
-            { new StrongAuthenticator() } );
+            { new StrongAuthenticator( Dn.ROOT_DSE ) } );
 
         try
         {
@@ -514,6 +515,9 @@ public class SimpleBindIT extends Abstra
         // Reset the authenticators
         authInterceptor.destroy();
         authInterceptor.setAuthenticators( new Authenticator[]
-            { new StrongAuthenticator(), new SimpleAuthenticator(), new AnonymousAuthenticator()
} );
+            {
+                new StrongAuthenticator( Dn.ROOT_DSE ),
+                new SimpleAuthenticator( Dn.ROOT_DSE ),
+                new AnonymousAuthenticator( Dn.ROOT_DSE ) } );
     }
 }

Modified: directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java?rev=1675730&r1=1675729&r2=1675730&view=diff
==============================================================================
--- directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java
(original)
+++ directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java
Thu Apr 23 22:57:50 2015
@@ -41,6 +41,7 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.api.ldap.model.message.ExtendedRequest;
 import org.apache.directory.api.ldap.model.message.ExtendedResponse;
 import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.api.ldap.model.schema.AttributeType;
 import org.apache.directory.api.ldap.model.schema.SchemaManager;
 import org.apache.directory.api.util.Strings;
@@ -500,7 +501,20 @@ public class ServiceBuilder
 
         if ( authenticatorBean instanceof DelegatingAuthenticatorBean )
         {
-            authenticator = new DelegatingAuthenticator();
+            try
+            {
+                authenticator = new DelegatingAuthenticator(
+                    new Dn(
+                        ( ( DelegatingAuthenticatorBean ) authenticatorBean ).getBaseDn()
) );
+            }
+            catch ( LdapInvalidDnException e )
+            {
+                String errorMsg = "Failed to instantiate the configured authenticator "
+                    + authenticatorBean.getAuthenticatorId();
+                LOG.warn( errorMsg );
+                throw new ConfigurationException( errorMsg, e );
+            }
+
             ( ( DelegatingAuthenticator ) authenticator )
                 .setDelegateHost( ( ( DelegatingAuthenticatorBean ) authenticatorBean ).getDelegateHost()
);
             ( ( DelegatingAuthenticator ) authenticator )



Mime
View raw message