1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.ldap.server.authn;
18
19
20 import org.apache.ldap.common.exception.LdapAuthenticationException;
21 import org.apache.ldap.common.exception.LdapNameNotFoundException;
22 import org.apache.ldap.common.name.LdapName;
23 import org.apache.ldap.common.util.ArrayUtils;
24 import org.apache.ldap.server.PartitionNexus;
25 import org.apache.ldap.server.jndi.ServerContext;
26
27 import javax.naming.Context;
28 import javax.naming.NamingException;
29 import javax.naming.directory.Attribute;
30 import javax.naming.directory.Attributes;
31
32
33 /***
34 * A simple AuthenticationService that just authenticates clear text passwords
35 * contained within the <code>userPassword</code> attribute.
36 *
37 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
38 */
39 public class SimpleAuthenticator extends AbstractAuthenticator
40 {
41 /***
42 * Creates a simple authenticator for clear text passwords in
43 * userPassword attributes.
44 */
45 public SimpleAuthenticator( )
46 {
47 super( "simple" );
48 }
49
50
51 /***
52 * Uses the userPassword field of the user to authenticate.
53 *
54 * @see org.apache.ldap.server.authn.Authenticator#authenticate(org.apache.ldap.server.jndi.ServerContext)
55 */
56 public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
57 {
58
59
60 Object creds = ctx.getEnvironment().get( Context.SECURITY_CREDENTIALS );
61
62 if ( creds == null )
63 {
64 creds = ArrayUtils.EMPTY_BYTE_ARRAY;
65 }
66 else if ( creds instanceof String )
67 {
68 creds = ( ( String ) creds ).getBytes();
69 }
70
71
72
73 String principal;
74
75 if ( ! ctx.getEnvironment().containsKey( Context.SECURITY_PRINCIPAL ) )
76 {
77 throw new LdapAuthenticationException();
78 }
79 else
80 {
81 principal = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
82
83 if ( principal == null )
84 {
85 throw new LdapAuthenticationException();
86 }
87 }
88
89
90
91 LdapName principalDn = new LdapName( principal );
92
93 PartitionNexus rootNexus = getAuthenticatorContext().getPartitionNexus();
94
95 Attributes userEntry = rootNexus.lookup( principalDn );
96
97 if ( userEntry == null )
98 {
99 throw new LdapNameNotFoundException();
100 }
101
102 Object userPassword;
103
104 Attribute userPasswordAttr = userEntry.get( "userPassword" );
105
106
107
108 if ( userPasswordAttr == null )
109 {
110 userPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
111 }
112 else
113 {
114 userPassword = userPasswordAttr.get();
115
116 if ( userPassword instanceof String )
117 {
118 userPassword = ( ( String ) userPassword ).getBytes();
119 }
120 }
121
122 if ( ! ArrayUtils.isEquals( creds, userPassword ) )
123 {
124 throw new LdapAuthenticationException();
125 }
126
127 return new LdapPrincipal( principalDn );
128 }
129 }