[
http://issues.apache.org/jira/browse/DIRLDAP-77?page=comments#action_12359767 ]
Luke Taylor commented on DIRLDAP-77:
------------------------------------
Ok, the following test should do it when added to CompareAuthorizationTest in
core-tests (probably not the best place but I can't find somewhere that just
tests a compare operation):
public void testPasswordCompare() throws NamingException {
DirContext adminCtx = getContextAsAdmin();
Attributes user = new BasicAttributes( "uid", "bob", true );
user.put( "userPassword", "bobspassword".getBytes() );
Attribute objectClass = new BasicAttribute( "objectClass" );
user.put( objectClass );
objectClass.add( "top" );
objectClass.add( "person" );
objectClass.add( "organizationalPerson" );
objectClass.add( "inetOrgPerson" );
user.put( "sn", "bob" );
user.put( "cn", "bob" );
adminCtx.createSubcontext( "uid=bob,ou=users", user );
ServerLdapContext ctx = ( ServerLdapContext ) adminCtx.lookup( "" );
assertTrue(ctx.compare(new LdapName( "uid=bob,ou=users,ou=system"),
"userPassword", "bobspassword"));
}
in the original example, the password *is* being passed as a byte array from
the remote client, but somehow it ends up as a String in the compare method of
DefaultDirectoryPartitionNexus. I don't know why that is or if it's correct
behaviour.
Just running this test though, if I change the last line to
assertTrue(ctx.compare(new LdapName( "uid=bob,ou=users,ou=system"),
"userPassword", "bobspassword".getBytes()));
then it will arrive in the compare method as a byte array. The initial check
on whether the attribute contains the value succeeds and none of the additional
code we've discussed is called. So..... I don't know exactly what needs to be
done :)
> ClassCastException when performing 'compare' on userPassword
> ------------------------------------------------------------
>
> Key: DIRLDAP-77
> URL: http://issues.apache.org/jira/browse/DIRLDAP-77
> Project: Directory LDAP
> Type: Bug
> Reporter: Luke Taylor
>
> Using the latest 0.9.4 snapshots and also code checked out and built today -
> (but had to include an older version of Mina with the latter due to
> ClassNotFoundExceptions for MessageHandler ):
> I'm making a call to apache-ds to perform a comparison operation on a user's
> password and I'm get a ClassCastException at line 369 of
> DefaultDirectoryPartitionNexus:
> String attrVal = ( String ) normalizer.normalize( attr.get( ii )
> );
> when attr is userPassword (a byte array) and the normalizer is a no-op, so
> the cast to String fails.
> javax.naming.NamingException: [LDAP: error code 1 - failed to compare entry
> cn=Bob,ou=people,dc=acegisecurity,dc=org:
> org.apache.ldap.server.interceptor.InterceptorException: Unexpected
> exception. [Root exception is java.lang.ClassCastException: [B]
> at
> org.apache.ldap.server.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1368)
> at
> org.apache.ldap.server.interceptor.InterceptorChain.access$700(InterceptorChain.java:49)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:983)
> at
> org.apache.ldap.server.interceptor.BaseInterceptor.compare(BaseInterceptor.java:210)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> at
> org.apache.ldap.server.interceptor.BaseInterceptor.compare(BaseInterceptor.java:210)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> at
> org.apache.ldap.server.interceptor.BaseInterceptor.compare(BaseInterceptor.java:210)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> at
> org.apache.ldap.server.interceptor.BaseInterceptor.compare(BaseInterceptor.java:210)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> at
> org.apache.ldap.server.interceptor.BaseInterceptor.compare(BaseInterceptor.java:210)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> at
> org.apache.ldap.server.interceptor.BaseInterceptor.compare(BaseInterceptor.java:210)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> at
> org.apache.ldap.server.interceptor.BaseInterceptor.compare(BaseInterceptor.java:210)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> at
> org.apache.ldap.server.authz.AuthorizationService.compare(AuthorizationService.java:917)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> at
> org.apache.ldap.server.interceptor.BaseInterceptor.compare(BaseInterceptor.java:210)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> at
> org.apache.ldap.server.normalization.NormalizationService.compare(NormalizationService.java:236)
> at
> org.apache.ldap.server.interceptor.InterceptorChain.compare(InterceptorChain.java:564)
> at
> org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.compare(DirectoryPartitionNexusProxy.java:232)
> at
> org.apache.ldap.server.partition.DirectoryPartitionNexusProxy.compare(DirectoryPartitionNexusProxy.java:221)
> at
> org.apache.ldap.server.jndi.ServerLdapContext.compare(ServerLdapContext.java:168)
> at
> org.apache.ldap.server.protocol.support.CompareHandler.messageReceived(CompareHandler.java:61)
> at
> org.apache.mina.handler.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:95)
> at
> org.apache.ldap.server.protocol.LdapProtocolProvider$LdapProtocolHandler.messageReceived(LdapProtocolProvider.java:396)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:189)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:494)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:761)
> at
> org.apache.mina.filter.LoggingFilter.messageReceived(LoggingFilter.java:87)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:494)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:761)
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:91)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:494)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:761)
> at
> org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:665)
> at
> org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:421)
> at
> org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:376)
> Caused by: java.lang.ClassCastException: [B
> at
> org.apache.ldap.server.partition.DefaultDirectoryPartitionNexus.compare(DefaultDirectoryPartitionNexus.java:369)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$1.compare(InterceptorChain.java:71)
> at
> org.apache.ldap.server.interceptor.InterceptorChain$Entry$1.compare(InterceptorChain.java:975)
> ... 41 more
> ]; remaining name 'cn=Bob,ou=people'
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3025)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1803)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1748)
> at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:394)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
> at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> at
> org.acegisecurity.providers.ldap.authenticator.PasswordComparisonAuthenticator.doPasswordCompare(PasswordComparisonAuthenticator.java:117)
> at
> org.acegisecurity.providers.ldap.authenticator.PasswordComparisonAuthenticator.authenticate(PasswordComparisonAuthenticator.java:81)
> at
> org.acegisecurity.providers.ldap.authenticator.PasswordComparisonAuthenticatorTests.testLdapCompareSucceedsWithCorrectPassword(PasswordComparisonAuthenticatorTests.java:35)
> Client code is:
> SearchControls ctls = new SearchControls();
> ctls.setReturningAttributes(new String[0]);
> ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
> String filter = "(userPassword={0})";
> NamingEnumeration results = ctx.search(dn, filter, new
> Object[]{password.getBytes()}, ctls);
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
