1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.ldap.server.authn;
18
19
20 import javax.naming.Context;
21 import javax.naming.NamingException;
22 import javax.naming.directory.Attribute;
23 import javax.naming.directory.Attributes;
24
25 import org.apache.ldap.common.exception.LdapAuthenticationException;
26 import org.apache.ldap.common.exception.LdapNameNotFoundException;
27 import org.apache.ldap.common.name.LdapName;
28 import org.apache.ldap.common.util.ArrayUtils;
29 import org.apache.ldap.server.jndi.ServerContext;
30 import org.apache.ldap.server.partition.ContextPartitionNexus;
31
32
33 /***
34 * A simple {@link Authenticator} that authenticates clear text passwords
35 * contained within the <code>userPassword</code> attribute in DIT.
36 *
37 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
38 */
39 public class SimpleAuthenticator extends AbstractAuthenticator
40 {
41 /***
42 * Creates a new instance.
43 */
44 public SimpleAuthenticator( )
45 {
46 super( "simple" );
47 }
48
49 /***
50 * Looks up <tt>userPassword</tt> attribute of the entry whose name is
51 * the value of {@link Context#SECURITY_PRINCIPAL} environment variable,
52 * and authenticates a user with the plain-text password.
53 */
54 public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
55 {
56
57
58 Object creds = ctx.getEnvironment().get( Context.SECURITY_CREDENTIALS );
59
60 if ( creds == null )
61 {
62 creds = ArrayUtils.EMPTY_BYTE_ARRAY;
63 }
64 else if ( creds instanceof String )
65 {
66 creds = ( ( String ) creds ).getBytes();
67 }
68
69
70
71 String principal;
72
73 if ( ! ctx.getEnvironment().containsKey( Context.SECURITY_PRINCIPAL ) )
74 {
75 throw new LdapAuthenticationException();
76 }
77 else
78 {
79 principal = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
80
81 if ( principal == null )
82 {
83 throw new LdapAuthenticationException();
84 }
85 }
86
87
88
89 LdapName principalDn = new LdapName( principal );
90
91 ContextPartitionNexus nexus = getFactoryConfiguration().getPartitionNexus();
92 Attributes userEntry = nexus.lookup( principalDn );
93
94 if ( userEntry == null )
95 {
96 throw new LdapNameNotFoundException();
97 }
98
99 Object userPassword;
100
101 Attribute userPasswordAttr = userEntry.get( "userPassword" );
102
103
104
105 if ( userPasswordAttr == null )
106 {
107 userPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
108 }
109 else
110 {
111 userPassword = userPasswordAttr.get();
112
113 if ( userPassword instanceof String )
114 {
115 userPassword = ( ( String ) userPassword ).getBytes();
116 }
117 }
118
119 if ( ! ArrayUtils.isEquals( creds, userPassword ) )
120 {
121 throw new LdapAuthenticationException();
122 }
123
124 return new LdapPrincipal( principalDn );
125 }
126 }