View Javadoc

1   /*
2    *   Copyright 2004 The Apache Software Foundation
3    *
4    *   Licensed under the Apache License, Version 2.0 (the "License");
5    *   you may not use this file except in compliance with the License.
6    *   You may obtain a copy of the License at
7    *
8    *       http://www.apache.org/licenses/LICENSE-2.0
9    *
10   *   Unless required by applicable law or agreed to in writing, software
11   *   distributed under the License is distributed on an "AS IS" BASIS,
12   *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *   See the License for the specific language governing permissions and
14   *   limitations under the License.
15   *
16   */
17  package org.apache.ldap.server.authn;
18  
19  
20  import org.apache.ldap.common.exception.LdapAuthenticationException;
21  import org.apache.ldap.common.exception.LdapNameNotFoundException;
22  import org.apache.ldap.common.name.LdapName;
23  import org.apache.ldap.common.util.ArrayUtils;
24  import org.apache.ldap.server.PartitionNexus;
25  import org.apache.ldap.server.jndi.ServerContext;
26  
27  import javax.naming.Context;
28  import javax.naming.NamingException;
29  import javax.naming.directory.Attribute;
30  import javax.naming.directory.Attributes;
31  
32  
33  /***
34   * A simple AuthenticationService that just authenticates clear text passwords
35   * contained within the <code>userPassword</code> attribute.
36   *
37   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
38   */
39  public class SimpleAuthenticator extends AbstractAuthenticator
40  {
41      /***
42       * Creates a simple authenticator for clear text passwords in
43       * userPassword attributes.
44       */
45      public SimpleAuthenticator( )
46      {
47          super( "simple" );
48      }
49  
50  
51      /***
52       * Uses the userPassword field of the user to authenticate.
53       *
54       * @see org.apache.ldap.server.authn.Authenticator#authenticate(org.apache.ldap.server.jndi.ServerContext)
55       */
56      public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
57      {
58          // ---- extract password from JNDI environment
59  
60          Object creds = ctx.getEnvironment().get( Context.SECURITY_CREDENTIALS );
61  
62          if ( creds == null )
63          {
64              creds = ArrayUtils.EMPTY_BYTE_ARRAY;
65          }
66          else if ( creds instanceof String )
67          {
68              creds = ( ( String ) creds ).getBytes();
69          }
70  
71          // ---- extract principal from JNDI environment
72  
73          String principal;
74  
75          if ( ! ctx.getEnvironment().containsKey( Context.SECURITY_PRINCIPAL ) )
76          {
77              throw new LdapAuthenticationException();
78          }
79          else
80          {
81              principal = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
82  
83              if ( principal == null )
84              {
85                  throw new LdapAuthenticationException();
86              }
87          }
88  
89          // ---- lookup the principal entry's userPassword attribute
90  
91          LdapName principalDn = new LdapName( principal );
92  
93          PartitionNexus rootNexus = getAuthenticatorContext().getPartitionNexus();
94  
95          Attributes userEntry = rootNexus.lookup( principalDn );
96  
97          if ( userEntry == null )
98          {
99              throw new LdapNameNotFoundException();
100         }
101 
102         Object userPassword;
103 
104         Attribute userPasswordAttr = userEntry.get( "userPassword" );
105 
106         // ---- assert that credentials match
107 
108         if ( userPasswordAttr == null )
109         {
110             userPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
111         }
112         else
113         {
114             userPassword = userPasswordAttr.get();
115 
116             if ( userPassword instanceof String )
117             {
118                 userPassword = ( ( String ) userPassword ).getBytes();
119             }
120         }
121 
122         if ( ! ArrayUtils.isEquals( creds, userPassword ) )
123         {
124             throw new LdapAuthenticationException();
125         }
126 
127         return new LdapPrincipal( principalDn );
128     }
129 }