Author: ate
Date: Fri Feb 2 14:46:10 2007
New Revision: 502784
URL: http://svn.apache.org/viewvc?view=rev&rev=502784
Log:
Fix authenticating ldap user which is/can be stored somewhere in a subtree
(also need searchScope sub-tree for that).
Just appending a userFilterBase won't work in that case (and probably other
features either, but so far I only need authentication).
The simple solution is using the returned dn from lookupUid which will have the
correct user dn (if found).
Modified:
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
Modified:
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java?view=diff&rev=502784&r1=502783&r2=502784
==============================================================================
---
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
(original)
+++
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
Fri Feb 2 14:46:10 2007
@@ -116,20 +116,18 @@
//String savedPassword =
String.valueOf(getPassword(uid));
String oldCredential =
(String)env.get(Context.SECURITY_CREDENTIALS);
String oldUsername =
(String)env.get(Context.SECURITY_PRINCIPAL);
-
-
- String principal = getEntryPrefix() + "=" + uid;
-
- if (!StringUtils.isEmpty(getUserFilterBase()))
- principal+="," + getUserFilterBase();
- if (!StringUtils.isEmpty(getRootContext()))
- principal+="," + getRootContext();
-
- if (lookupByUid(uid)==null)
+
+ String dn = lookupByUid(uid);
+ if ( dn == null )
throw new SecurityException(new
KeyedMessage("User " + uid + " not found"));
+
+ // Build user dn using lookup value, just appending the user
filter after the uid won't work when users
+ // are/can be stored in a subtree (searchScope sub-tree)
+ // The looked up dn though is/should always be correct, just need
to append the root context.
+ if (!StringUtils.isEmpty(getRootContext()))
+ dn +="," + getRootContext();
-
- env.put(Context.SECURITY_PRINCIPAL,principal);
+ env.put(Context.SECURITY_PRINCIPAL,dn);
env.put(Context.SECURITY_CREDENTIALS,password);
new InitialContext(env);
env.put(Context.SECURITY_PRINCIPAL,oldUsername);
@@ -244,25 +242,34 @@
*/
private char[] convertRawPassword(Attribute attr) throws NamingException
{
- byte[] rawPass = (byte[]) attr.getAll().next();
- char[] charPass = new char[rawPass.length];
-
- for (int i = 0; i < rawPass.length; i++)
+ char[] charPass = null;
+
+ if ( attr != null )
{
- if (logger.isDebugEnabled())
- {
- logger.debug(new String("password byte[" + i + "]:" +
rawPass[i]));
- }
-
- Byte passByte = new Byte(rawPass[i]);
+ byte[] rawPass = (byte[]) attr.getAll().next();
+ charPass = new char[rawPass.length];
- logger.debug("password byte[" + i + "] short value:" +
passByte.shortValue());
- // I know I lose the sign and this is only good for ascii text.
- charPass[i] = (char) rawPass[i];
- if (logger.isDebugEnabled())
+ for (int i = 0; i < rawPass.length; i++)
{
- logger.debug("passchar char[" + i + "]:" + charPass[i]);
+ if (logger.isDebugEnabled())
+ {
+ logger.debug(new String("password byte[" + i + "]:" +
rawPass[i]));
+ }
+
+ Byte passByte = new Byte(rawPass[i]);
+
+ logger.debug("password byte[" + i + "] short value:" +
passByte.shortValue());
+ // I know I lose the sign and this is only good for ascii text.
+ charPass[i] = (char) rawPass[i];
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("passchar char[" + i + "]:" + charPass[i]);
+ }
}
+ }
+ else
+ {
+ charPass = new char[0];
}
return charPass;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
