summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java145
1 files changed, 73 insertions, 72 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
index e97fee8b..9619e20f 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
// ldap java sdk
import java.util.Enumeration;
import java.util.Locale;
@@ -47,46 +46,38 @@ import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
* uid/pwd directory based authentication manager
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
-public class UidPwdDirAuthentication extends DirBasedAuthentication
- implements IProfileAuthenticator {
+public class UidPwdDirAuthentication extends DirBasedAuthentication implements
+ IProfileAuthenticator {
/* required credentials to authenticate. uid and pwd are strings. */
public static final String CRED_UID = "uid";
public static final String CRED_PWD = "pwd";
protected static String[] mRequiredCreds = { CRED_UID, CRED_PWD };
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+ /*
+ * Holds configuration parameters accepted by this implementation. This list
+ * is passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] { PROP_DNPATTERN,
- PROP_LDAPSTRINGATTRS,
- PROP_LDAPBYTEATTRS,
- "ldap.ldapconn.host",
- "ldap.ldapconn.port",
- "ldap.ldapconn.secureConn",
- "ldap.ldapconn.version",
- "ldap.basedn",
- "ldap.minConns",
- "ldap.maxConns",
- };
+ protected static String[] mConfigParams = new String[] { PROP_DNPATTERN,
+ PROP_LDAPSTRINGATTRS, PROP_LDAPBYTEATTRS, "ldap.ldapconn.host",
+ "ldap.ldapconn.port", "ldap.ldapconn.secureConn",
+ "ldap.ldapconn.version", "ldap.basedn", "ldap.minConns",
+ "ldap.maxConns", };
static {
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
- ";Authenticate the username and password provided " +
- "by the user against an LDAP directory. Works with the " +
- "Dir Based Enrollment HTML form");
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-authrules-uidpwddirauth");
+ mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT
+ + ";Authenticate the username and password provided "
+ + "by the user against an LDAP directory. Works with the "
+ + "Dir Based Enrollment HTML form");
+ mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-authrules-uidpwddirauth");
};
/**
@@ -102,12 +93,10 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
* @param authCreds The authentication credentials.
* @return The user's ldap entry dn.
* @exception EInvalidCredentials If the uid and password are not valid
- * @exception EBaseException If an internal error occurs.
+ * @exception EBaseException If an internal error occurs.
*/
- protected String authenticate(LDAPConnection conn,
- IAuthCredentials authCreds,
- AuthToken token)
- throws EBaseException {
+ protected String authenticate(LDAPConnection conn,
+ IAuthCredentials authCreds, AuthToken token) throws EBaseException {
String userdn = null;
String uid = null;
@@ -117,36 +106,42 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
uid = (String) authCreds.get(CRED_UID);
CMS.debug("Authenticating UID=" + uid);
if (uid == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
}
-
+
// get the password.
String pwd = (String) authCreds.get(CRED_PWD);
if (pwd == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_PWD));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
}
if (pwd.equals("")) {
// anonymous binding not allowed
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// get user dn.
- CMS.debug("Authenticating: Searching for UID=" + uid +
- " base DN=" + mBaseDN);
- LDAPSearchResults res = conn.search(mBaseDN,
- LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
+ CMS.debug("Authenticating: Searching for UID=" + uid + " base DN="
+ + mBaseDN);
+ LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
+ "(uid=" + uid + ")", null, false);
if (res.hasMoreElements()) {
- //LDAPEntry entry = (LDAPEntry)res.nextElement();
+ // LDAPEntry entry = (LDAPEntry)res.nextElement();
LDAPEntry entry = res.next();
userdn = entry.getDN();
CMS.debug("Authenticating: Found User DN=" + userdn);
} else {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// bind as user dn and pwd - authenticates user with pwd.
@@ -156,38 +151,44 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
return userdn;
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString()));
throw e;
} catch (LDAPException e) {
switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- case LDAPException.LDAP_PARTIAL_RESULTS:
- log(ILogger.LL_SECURITY, CMS.getLogMessage("USER_NOT_EXIST", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ case LDAPException.NO_SUCH_OBJECT:
+ case LDAPException.LDAP_PARTIAL_RESULTS:
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("USER_NOT_EXIST", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
case LDAPException.INVALID_CREDENTIALS:
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
case LDAPException.SERVER_DOWN:
log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_SERVER_DOWN"));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
- default:
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
- e.errorCodeToString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
+
+ default:
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_OTHER_LDAP_EXCEPTION", e.errorCodeToString()));
}
- }
+ }
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
@@ -196,6 +197,7 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
/**
* Returns array of required credentials for this authentication manager.
+ *
* @return Array of required credentials.
*/
public String[] getRequiredCreds() {
@@ -203,9 +205,9 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
}
// Profile-related methods
-
+
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
}
/**
@@ -243,23 +245,22 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
- if (name.equals(CRED_UID)) {
+ if (name.equals(CRED_UID)) {
return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID"));
} else if (name.equals(CRED_PWD)) {
return new Descriptor(IDescriptor.PASSWORD, null, null,
CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_PWD"));
-
+
}
return null;
}
- public void populate(IAuthToken token, IRequest request)
- throws EProfileException {
+ public void populate(IAuthToken token, IRequest request)
+ throws EProfileException {
request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
token.getInString(USER_DN));
}
generated by cgit (git 2.34.1) at 2024-05-05 12:05:56 +0000