diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
| commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
| tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java | |
| parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
| download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip | |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java | 294 |
1 files changed, 140 insertions, 154 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java index 6bc32edbd..116054181 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; + // ldap java sdk import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -52,14 +53,15 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** * uid/pwd/pin directory based authentication manager * <P> - * + * * @version $Revision$, $Date$ */ public class UidPwdPinDirAuthentication extends DirBasedAuthentication - implements IExtendedPluginInfo, IProfileAuthenticator { + implements IExtendedPluginInfo, IProfileAuthenticator { /* required credentials to authenticate. uid and pwd are strings. */ public static final String CRED_UID = "uid"; @@ -77,43 +79,54 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication protected static final byte SENTINEL_MD5 = 1; protected static final byte SENTINEL_NONE = 0x2d; - /* - * Holds configuration parameters accepted by this implementation. This list - * is passed to the configuration console so configuration for instances of - * this implementation can be configured through the console. + /* Holds configuration parameters accepted by this implementation. + * This list is passed to the configuration console so configuration + * for instances of this implementation can be configured through the + * console. */ - protected static String[] mConfigParams = new String[] { PROP_REMOVE_PIN, - PROP_PIN_ATTR, PROP_DNPATTERN, PROP_LDAPSTRINGATTRS, - PROP_LDAPBYTEATTRS, "ldap.ldapconn.host", "ldap.ldapconn.port", - "ldap.ldapconn.secureConn", "ldap.ldapconn.version", - "ldap.ldapauth.bindDN", "ldap.ldapauth.bindPWPrompt", - "ldap.ldapauth.clientCertNickname", "ldap.ldapauth.authtype", - "ldap.basedn", "ldap.minConns", "ldap.maxConns", }; + protected static String[] mConfigParams = + new String[] { PROP_REMOVE_PIN, + PROP_PIN_ATTR, + PROP_DNPATTERN, + PROP_LDAPSTRINGATTRS, + PROP_LDAPBYTEATTRS, + "ldap.ldapconn.host", + "ldap.ldapconn.port", + "ldap.ldapconn.secureConn", + "ldap.ldapconn.version", + "ldap.ldapauth.bindDN", + "ldap.ldapauth.bindPWPrompt", + "ldap.ldapauth.clientCertNickname", + "ldap.ldapauth.authtype", + "ldap.basedn", + "ldap.minConns", + "ldap.maxConns", + }; static { - mExtendedPluginInfo.add(PROP_REMOVE_PIN - + ";boolean;SEE DOCUMENTATION for pin removal"); - mExtendedPluginInfo.add(PROP_PIN_ATTR - + ";string;directory attribute to use for pin (default 'pin')"); - mExtendedPluginInfo - .add("ldap.ldapauth.bindDN;string;DN to bind as for pin removal. " - + "For example 'CN=PinRemoval User'"); - mExtendedPluginInfo - .add("ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " - + "the above user"); - mExtendedPluginInfo - .add("ldap.ldapauth.clientCertNickname;string;If you want to use " - + "SSL client auth to the directory, set the client " - + "cert nickname here"); - mExtendedPluginInfo - .add("ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;" - + "How to bind to the directory (for pin removal only)"); + mExtendedPluginInfo.add( + PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal"); + mExtendedPluginInfo.add( + PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')"); + mExtendedPluginInfo.add( + "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. " + + "For example 'CN=PinRemoval User'"); + mExtendedPluginInfo.add( + "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " + + "the above user"); + mExtendedPluginInfo.add( + "ldap.ldapauth.clientCertNickname;string;If you want to use " + + "SSL client auth to the directory, set the client " + + "cert nickname here"); + mExtendedPluginInfo.add( + "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;" + + "How to bind to the directory (for pin removal only)"); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT - + ";Authenticate the username, password and pin provided " - + "by the user against an LDAP directory. Works with the " - + "Dir/Pin Based Enrollment HTML form"); - mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN - + ";configuration-authrules-uidpwdpindirauth"); + + ";Authenticate the username, password and pin provided " + + "by the user against an LDAP directory. Works with the " + + "Dir/Pin Based Enrollment HTML form"); + mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + + ";configuration-authrules-uidpwdpindirauth"); } @@ -122,12 +135,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication protected MessageDigest mSHADigest = null; protected MessageDigest mMD5Digest = null; - private String mBindDN = null; - private String mBindPassword = null; + private String mBindDN = null; + private String mBindPassword = null; - private ILdapConnFactory removePinLdapFactory = null; - private LDAPConnection removePinLdapConnection = null; - private IConfigStore removePinLdapConfigStore = null; + private ILdapConnFactory removePinLdapFactory = null; + private LDAPConnection removePinLdapConnection = null; + private IConfigStore removePinLdapConfigStore = null; /** * Default constructor, initialization must follow. @@ -136,11 +149,13 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication super(); } - public void init(String name, String implName, IConfigStore config) - throws EBaseException { + public void init(String name, String implName, IConfigStore config) + throws EBaseException { super.init(name, implName, config); - mRemovePin = config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN); - mPinAttr = config.getString(PROP_PIN_ATTR, DEF_PIN_ATTR); + mRemovePin = + config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN); + mPinAttr = + config.getString(PROP_PIN_ATTR, DEF_PIN_ATTR); if (mPinAttr.equals("")) { mPinAttr = DEF_PIN_ATTR; } @@ -151,19 +166,18 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication removePinLdapFactory.init(removePinLdapConfigStore); removePinLdapConnection = removePinLdapFactory.getConn(); } - + try { mSHADigest = MessageDigest.getInstance("SHA1"); mMD5Digest = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { - throw new EAuthException(CMS.getUserMessage( - "CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage())); + throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage())); } } protected void verifyPassword(String Password) { - } + } /** * Authenticates a user based on its uid, pwd, pin in the directory. @@ -171,74 +185,66 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication * @param authCreds The authentication credentials with uid, pwd, pin. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected String authenticate(LDAPConnection conn, - IAuthCredentials authCreds, AuthToken token) throws EBaseException { + protected String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, + AuthToken token) + throws EBaseException { String userdn = null; - String uid = null; - String pwd = null; - String pin = null; + String uid = null; + String pwd = null; + String pin = null; try { // get the uid. uid = (String) authCreds.get(CRED_UID); if (uid == null) { - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } - + // get the password. pwd = (String) authCreds.get(CRED_PWD); if (pwd == null) { - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD)); } if (pwd.equals("")) { // anonymous binding not allowed - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } // get the pin. pin = (String) authCreds.get(CRED_PIN); if (pin == null) { - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PIN)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PIN)); } if (pin.equals("")) { // empty pin not allowed - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMS_AUTH_EMPTY_PIN", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_EMPTY_PIN", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } // get user dn. - LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, - "(uid=" + uid + ")", null, false); + LDAPSearchResults res = conn.search(mBaseDN, + LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false); if (res.hasMoreElements()) { LDAPEntry entry = (LDAPEntry) res.nextElement(); userdn = entry.getDN(); } else { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } // bind as user dn and pwd - authenticates user with pwd. conn.authenticate(userdn, pwd); - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid)); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid)); // log(ILogger.LL_SECURITY, "found user : " + userdn); - // check pin. + // check pin. checkpin(conn, userdn, uid, pin); // set uid in the token. @@ -246,151 +252,132 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication return userdn; } catch (ELdapException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString())); throw e; } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.LDAP_PARTIAL_RESULTS: - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.LDAP_PARTIAL_RESULTS: + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); case LDAPException.INVALID_CREDENTIALS: - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); case LDAPException.SERVER_DOWN: log(ILogger.LL_SECURITY, CMS.getLogMessage("LDAP_SERVER_DOWN")); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); - - default: - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.getMessage())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_OTHER_LDAP_EXCEPTION", e.errorCodeToString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + + default: + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", + e.errorCodeToString())); } - } + } } - protected void checkpin(LDAPConnection conn, String userdn, String uid, - String pin) throws EBaseException, LDAPException { + protected void checkpin(LDAPConnection conn, String userdn, + String uid, String pin) + throws EBaseException, LDAPException { LDAPSearchResults res = null; LDAPEntry entry = null; // get pin. - res = conn.search(userdn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { mPinAttr }, false); + res = conn.search(userdn, LDAPv2.SCOPE_BASE, + "(objectclass=*)", new String[] { mPinAttr }, false); if (res.hasMoreElements()) { entry = (LDAPEntry) res.nextElement(); } else { - log(ILogger.LL_SECURITY, CMS.getLogMessage( - "CMS_AUTH_NO_ENTRY_RETURNED", uid, userdn)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_ENTRY_RETURNED", uid, userdn)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } LDAPAttribute pinAttr = entry.getAttribute(mPinAttr); if (pinAttr == null) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } Enumeration pinValues = pinAttr.getByteValues(); if (!pinValues.hasMoreElements()) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - byte[] entrypin = (byte[]) pinValues.nextElement(); + byte[] entrypin = (byte[]) pinValues.nextElement(); // compare value digest. if (entrypin == null || entrypin.length < 2) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - + byte hashtype = entrypin[0]; byte[] pinDigest = null; String toBeDigested = userdn + pin; if (hashtype == SENTINEL_SHA) { - + pinDigest = mSHADigest.digest(toBeDigested.getBytes()); } else if (hashtype == SENTINEL_MD5) { pinDigest = mMD5Digest.digest(toBeDigested.getBytes()); } else if (hashtype == SENTINEL_NONE) { pinDigest = toBeDigested.getBytes(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMS_AUTH_UKNOWN_ENCODING_TYPE", mPinAttr, "*", userdn)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_UKNOWN_ENCODING_TYPE", mPinAttr, "*", userdn)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } if (pinDigest.length != (entrypin.length - 1)) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_LENGTH_NOT_MATCHED", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_LENGTH_NOT_MATCHED", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } int i; for (i = 0; i < (entrypin.length - 1); i++) { - if (pinDigest[i] != entrypin[i + 1]) + if (pinDigest[i] != entrypin[i + 1]) break; } if (i != (entrypin.length - 1)) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } // pin ok. remove pin if so configured // Note that this means that a policy may reject this request later, // but the user will not be able to enroll again as his pin is gone. - + // We remove the pin using a different connection which is bound as // a more privileged user. if (mRemovePin) { try { - removePinLdapConnection.modify(userdn, new LDAPModification( - LDAPModification.DELETE, new LDAPAttribute(mPinAttr, - entrypin))); + removePinLdapConnection.modify(userdn, + new LDAPModification( + LDAPModification.DELETE, + new LDAPAttribute(mPinAttr, entrypin))); } catch (LDAPException e) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMS_AUTH_CANT_REMOVE_PIN", userdn)); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_CANT_REMOVE_PIN", userdn)); } } } /** - * Returns a list of configuration parameter names. The list is passed to - * the configuration console so instances of this implementation can be - * configured through the console. - * + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of + * this implementation can be configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -399,7 +386,6 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication /** * Returns array of required credentials for this authentication manager. - * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -409,23 +395,21 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication // Profile-related methods public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { } /** * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_LDAP_UID_PIN_NAME"); + return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID_PIN_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_LDAP_UID_PIN_TEXT"); + return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID_PIN_TEXT"); } /** @@ -450,7 +434,8 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(CRED_UID)) { @@ -468,7 +453,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication } public void populate(IAuthToken token, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, token.getInString(USER_DN)); } @@ -477,3 +462,4 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication return false; } } + |