1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.ldap.server.authn;
18
19
20 import javax.naming.Context;
21 import javax.naming.NamingException;
22 import javax.naming.directory.Attribute;
23 import javax.naming.directory.Attributes;
24
25 import org.apache.ldap.common.exception.LdapAuthenticationException;
26 import org.apache.ldap.common.name.LdapName;
27 import org.apache.ldap.common.util.ArrayUtils;
28 import org.apache.ldap.server.jndi.ServerContext;
29 import org.apache.ldap.server.partition.ContextPartitionNexus;
30
31
32 /***
33 * A simple {@link Authenticator} that authenticates clear text passwords
34 * contained within the <code>userPassword</code> attribute in DIT.
35 *
36 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
37 */
38 public class SimpleAuthenticator extends AbstractAuthenticator
39 {
40 /***
41 * Creates a new instance.
42 */
43 public SimpleAuthenticator( )
44 {
45 super( "simple" );
46 }
47
48 /***
49 * Looks up <tt>userPassword</tt> attribute of the entry whose name is
50 * the value of {@link Context#SECURITY_PRINCIPAL} environment variable,
51 * and authenticates a user with the plain-text password.
52 */
53 public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
54 {
55
56
57 Object creds = ctx.getEnvironment().get( Context.SECURITY_CREDENTIALS );
58
59 if ( creds == null )
60 {
61 creds = ArrayUtils.EMPTY_BYTE_ARRAY;
62 }
63 else if ( creds instanceof String )
64 {
65 creds = ( ( String ) creds ).getBytes();
66 }
67
68
69
70 String principal;
71
72 if ( ! ctx.getEnvironment().containsKey( Context.SECURITY_PRINCIPAL ) )
73 {
74 throw new LdapAuthenticationException();
75 }
76 else
77 {
78 principal = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
79
80 if ( principal == null )
81 {
82 throw new LdapAuthenticationException();
83 }
84 }
85
86
87
88 LdapName principalDn = new LdapName( principal );
89
90 ContextPartitionNexus nexus = getFactoryConfiguration().getPartitionNexus();
91 Attributes userEntry;
92
93 try
94 {
95 userEntry = nexus.lookup( principalDn );
96 if ( userEntry == null )
97 {
98 throw new LdapAuthenticationException();
99 }
100 }
101 catch( Exception e )
102 {
103 throw new LdapAuthenticationException();
104 }
105
106
107 Object userPassword;
108
109 Attribute userPasswordAttr = userEntry.get( "userPassword" );
110
111
112
113 if ( userPasswordAttr == null )
114 {
115 userPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
116 }
117 else
118 {
119 userPassword = userPasswordAttr.get();
120
121 if ( userPassword instanceof String )
122 {
123 userPassword = ( ( String ) userPassword ).getBytes();
124 }
125 }
126
127 if ( ! ArrayUtils.isEquals( creds, userPassword ) )
128 {
129 throw new LdapAuthenticationException();
130 }
131
132 return new LdapPrincipal( principalDn );
133 }
134 }