diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java | 130 |
1 files changed, 56 insertions, 74 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java index 95ddada8..88dc7296 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPEntry; import netscape.ldap.LDAPException; @@ -42,12 +43,13 @@ import com.netscape.cmscore.ldapconn.LdapConnInfo; import com.netscape.cmscore.usrgrp.UGSubsystem; import com.netscape.cmscore.util.Debug; + /** - * Certificate Server admin authentication. Used to authenticate administrators - * in the Certificate Server Console. Authentications by checking the uid and - * password against the database. + * Certificate Server admin authentication. + * Used to authenticate administrators in the Certificate Server Console. + * Authentications by checking the uid and password against the + * database. * <P> - * * @author lhsiao, cfu * @version $Revision$, $Date$ */ @@ -79,16 +81,15 @@ public class PasswdUserDBAuthentication implements IAuthManager { /** * initializes the PasswdUserDBAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing all available - * authentication managers. - * + * called by AuthSubsystem init() method, when initializing + * all available authentication managers. * @param name - Name assigned to this authentication manager instance. * @param implName - Name of the authentication plugin. - * @param config - The configuration store used by the authentication - * subsystem. + * @param config - The configuration store used by the + * authentication subsystem. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -100,8 +101,7 @@ public class PasswdUserDBAuthentication implements IAuthManager { return; mBaseDN = dbs.getBaseDN(); - mConnFactory = new LdapBoundConnFactory(3, 20, ldapinfo, - dbs.getLdapAuthInfo()); + mConnFactory = new LdapBoundConnFactory(3, 20, ldapinfo, dbs.getLdapAuthInfo()); mAnonConnFactory = new LdapAnonConnFactory(3, 20, ldapinfo); log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_INIT_AUTH", mName)); @@ -110,47 +110,40 @@ public class PasswdUserDBAuthentication implements IAuthManager { /** * authenticates administratrators by LDAP uid/pwd * <p> - * called by other subsystems or their servlets to authenticate - * administrators - * - * @param authCred Authentication credentials. "uid" and "pwd" are required. + * called by other subsystems or their servlets to authenticate administrators + * @param authCred Authentication credentials. + * "uid" and "pwd" are required. * @return the authentication token (authToken) that contains the following - * userdn = [userdn, in case of success]<br> - * authMgrName = [authMgrName]<br> - * @exception com.netscape.certsrv.base.MissingCredential If either "uid" or - * "pwd" is missing from the given credentials. - * @exception com.netscape.certsrv.base.InvalidCredentials If the the - * credentials failed to authenticate. - * @exception com.netscape.certsrv.base.EBaseException If an internal error - * occurred. + * userdn = [userdn, in case of success]<br> + * authMgrName = [authMgrName]<br> + * @exception com.netscape.certsrv.base.MissingCredential If either + * "uid" or "pwd" is missing from the given credentials. + * @exception com.netscape.certsrv.base.InvalidCredentials If the + * the credentials failed to authenticate. + * @exception com.netscape.certsrv.base.EBaseException If an internal + * error occurred. */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { AuthToken authToken = new AuthToken(this); - // make sure the required credentials are provided + // make sure the required credentials are provided String uid = (String) authCred.get(CRED_UID); CMS.debug("Authentication: UID=" + uid); if (uid == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_MISSING_UID")); - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_MISSING_UID")); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } String pwd = (String) authCred.get(CRED_PWD); if (pwd == null) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NULL_PW", uid)); - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD)); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NULL_PW", uid)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD)); } // don't allow anonymous binding if (pwd == "") { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_ADMIN_EMPTY_PW", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_EMPTY_PW", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } String userdn = null; @@ -160,8 +153,8 @@ public class PasswdUserDBAuthentication implements IAuthManager { try { conn = mConnFactory.getConn(); // do anonymous search for the user's dn. - LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, - "(uid=" + uid + ")", null, false); + LDAPSearchResults res = conn.search(mBaseDN, + LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false); if (res.hasMoreElements()) { LDAPEntry entry = (LDAPEntry) res.nextElement(); @@ -169,49 +162,41 @@ public class PasswdUserDBAuthentication implements IAuthManager { userdn = entry.getDN(); } if (userdn == null) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NOT_FOUND", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NOT_FOUND", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } anonConn = mAnonConnFactory.getConn(); anonConn.authenticate(userdn, pwd); } catch (LDAPException e) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid, - e.toString())); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid, e.toString())); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } finally { - if (conn != null) + if (conn != null) mConnFactory.returnConn(conn); - if (anonConn != null) + if (anonConn != null) mAnonConnFactory.returnConn(anonConn); } UGSubsystem ug = UGSubsystem.getInstance(); authToken.set(TOKEN_USERDN, userdn); - authToken.set(CRED_UID, uid); // return original uid for info + authToken.set(CRED_UID, uid); // return original uid for info IUser user = null; try { user = ug.getUser(uid); } catch (EBaseException e) { - if (Debug.ON) + if (Debug.ON) e.printStackTrace(); - // not a user in our user/group database. - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, - e.toString())); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + // not a user in our user/group database. + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString())); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } authToken.set(TOKEN_USERDN, user.getUserDN()); authToken.set(TOKEN_USERID, user.getUserID()); log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid)); - + return authToken; } @@ -230,11 +215,10 @@ public class PasswdUserDBAuthentication implements IAuthManager { } /** - * get the list of authentication credential attribute names required by - * this authentication manager. Generally used by servlets that use this - * authentication manager, to retrieve required credentials from the user - * (e.g. Javascript form data) - * + * get the list of authentication credential attribute names + * required by this authentication manager. Generally used by + * servlets that use this authentication manager, to retrieve + * required credentials from the user (e.g. Javascript form data) * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -242,10 +226,9 @@ public class PasswdUserDBAuthentication implements IAuthManager { } /** - * Get the list of configuration parameter names required by this - * authentication manager. In this case, an empty list. - * - * @return String array of configuration parameters. + * Get the list of configuration parameter names + * required by this authentication manager. In this case, an empty list. + * @return String array of configuration parameters. */ public String[] getConfigParams() { return (mConfigParams); @@ -265,8 +248,8 @@ public class PasswdUserDBAuthentication implements IAuthManager { } /** - * gets the configuretion substore used by this authentication manager - * + * gets the configuretion substore used by this authentication + * manager * @return configuration store */ public IConfigStore getConfigStore() { @@ -275,14 +258,13 @@ public class PasswdUserDBAuthentication implements IAuthManager { /** * Log a message. - * * @param level The logging level. * @param msg The message to log. */ private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, - msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, + level, msg); } } |