qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rob...@apache.org
Subject svn commit: r1414257 - /qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
Date Tue, 27 Nov 2012 16:42:31 GMT
Author: robbie
Date: Tue Nov 27 16:42:30 2012
New Revision: 1414257

URL: http://svn.apache.org/viewvc?rev=1414257&view=rev
Log:
QPID-4476: ensure that the Principal in the AuthenticationResult has the same format (the
username) in both sasl and non-sasl cases, reworking handling of authentication success/failure/error
to improve user experience slightly

Modified:
    qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java

Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java?rev=1414257&r1=1414256&r2=1414257&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
(original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
Tue Nov 27 16:42:30 2012
@@ -23,6 +23,8 @@ import java.io.IOException;
 import java.security.Principal;
 import java.util.HashMap;
 import java.util.Hashtable;
+
+import javax.naming.AuthenticationException;
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
@@ -40,6 +42,7 @@ import javax.security.sasl.SaslException
 import javax.security.sasl.SaslServer;
 import org.apache.log4j.Logger;
 import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
 import org.apache.qpid.server.security.auth.UsernamePrincipal;
 import org.apache.qpid.server.security.auth.sasl.plain.PlainPasswordCallback;
 
@@ -119,33 +122,74 @@ public class SimpleLDAPAuthenticationMan
     @Override
     public AuthenticationResult authenticate(String username, String password)
     {
-
         try
         {
-            return doLDAPNameAuthentication(getNameFromId(username), password);
+            AuthenticationResult result = doLDAPNameAuthentication(getNameFromId(username),
password);
+            if(result.getStatus() == AuthenticationStatus.SUCCESS)
+            {
+                //Return a result based on the supplied username rather than the search name
+                return new AuthenticationResult(new UsernamePrincipal(username));
+            }
+            else
+            {
+                return result;
+            }
         }
         catch (NamingException e)
         {
-
             return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
e);
-
         }
     }
 
-    private AuthenticationResult doLDAPNameAuthentication(String username, String password)
throws NamingException
+    private AuthenticationResult doLDAPNameAuthentication(String name, String password)
     {
+        if(name == null)
+        {
+            //The search didn't return anything, class as not-authenticated before it NPEs
below
+            return new AuthenticationResult(AuthenticationStatus.CONTINUE);
+        }
+
         Hashtable<Object,Object> env = new Hashtable<Object,Object>();
         env.put(Context.INITIAL_CONTEXT_FACTORY, _ldapContextFactory);
         env.put(Context.PROVIDER_URL, _providerAuthURL);
 
         env.put(Context.SECURITY_AUTHENTICATION, "simple");
 
-        env.put(Context.SECURITY_PRINCIPAL, username);
+        env.put(Context.SECURITY_PRINCIPAL, name);
         env.put(Context.SECURITY_CREDENTIALS, password);
-        DirContext ctx = new InitialDirContext(env);
-        ctx.close();
 
-        return new AuthenticationResult(new UsernamePrincipal(username));
+        DirContext ctx = null;
+        try
+        {
+            ctx = new InitialDirContext(env);
+
+            //Authentication succeeded
+            return new AuthenticationResult(new UsernamePrincipal(name));
+        }
+        catch(AuthenticationException ae)
+        {
+            //Authentication failed
+            return new AuthenticationResult(AuthenticationStatus.CONTINUE);
+        }
+        catch (NamingException e)
+        {
+            //Some other failure
+            return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
e);
+        }
+        finally
+        {
+            if(ctx != null)
+            {
+                try
+                {
+                    ctx.close();
+                }
+                catch (Exception e)
+                {
+                    _logger.warn("Exception closing InitialDirContext", e);
+                }
+            }
+        }
     }
 
     @Override
@@ -190,19 +234,11 @@ public class SimpleLDAPAuthenticationMan
                     }
                     catch (NamingException e)
                     {
-                        _logger.info("SASL Authentication Error", e);
+                        _logger.warn("SASL Authentication Exception", e);
                     }
                     if(password != null)
                     {
-                        try
-                        {
-                            authenticated = doLDAPNameAuthentication(name, password);
-
-                        }
-                        catch (NamingException e)
-                        {
-                            authenticated = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
e);
-                        }
+                        authenticated = doLDAPNameAuthentication(name, password);
                     }
                 }
                 else if (callback instanceof PlainPasswordCallback)
@@ -210,17 +246,10 @@ public class SimpleLDAPAuthenticationMan
                     password = ((PlainPasswordCallback)callback).getPlainPassword();
                     if(name != null)
                     {
-                        try
-                        {
-                            authenticated = doLDAPNameAuthentication(name, password);
-                            if(authenticated.getStatus()== AuthenticationResult.AuthenticationStatus.SUCCESS)
-                            {
-                                ((PlainPasswordCallback)callback).setAuthenticated(true);
-                            }
-                        }
-                        catch (NamingException e)
+                        authenticated = doLDAPNameAuthentication(name, password);
+                        if(authenticated.getStatus()== AuthenticationResult.AuthenticationStatus.SUCCESS)
                         {
-                            authenticated = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
e);
+                            ((PlainPasswordCallback)callback).setAuthenticated(true);
                         }
                     }
                 }
@@ -242,7 +271,6 @@ public class SimpleLDAPAuthenticationMan
         env.put(Context.INITIAL_CONTEXT_FACTORY, _ldapContextFactory);
         env.put(Context.PROVIDER_URL, _providerSearchURL);
 
-
         env.put(Context.SECURITY_AUTHENTICATION, "none");
         DirContext ctx = null;
 
@@ -267,7 +295,14 @@ public class SimpleLDAPAuthenticationMan
         }
         finally
         {
-            ctx.close();
+            try
+            {
+                ctx.close();
+            }
+            catch (Exception e)
+            {
+                _logger.warn("Exception closing InitialDirContext", e);
+            }
         }
 
     }



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message