Clean up code to conform to basic checkstyle
Issue gh-3746
This commit is contained in:
Rob Winch
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+27
-11
@@ -1,11 +1,28 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.ServerSocket;
|
||||
|
||||
import org.junit.*;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.junit.runners.Suite;
|
||||
|
||||
import org.springframework.security.ldap.authentication.BindAuthenticatorTests;
|
||||
import org.springframework.security.ldap.authentication.PasswordComparisonAuthenticatorTests;
|
||||
import org.springframework.security.ldap.search.FilterBasedLdapUserSearchTests;
|
||||
@@ -69,27 +86,26 @@ public final class ApacheDSServerIntegrationTests {
|
||||
/*
|
||||
* @After public final void reloadServerDataIfDirty() throws Exception {
|
||||
* ClassPathResource ldifs = new ClassPathResource("test-server.ldif");
|
||||
*
|
||||
* if (!ldifs.getFile().exists()) { throw new
|
||||
* IllegalStateException("Ldif file not found: " + ldifs.getFile().getAbsolutePath());
|
||||
* }
|
||||
*
|
||||
*
|
||||
* if (!ldifs.getFile().exists()) { throw new IllegalStateException(
|
||||
* "Ldif file not found: " + ldifs.getFile().getAbsolutePath()); }
|
||||
*
|
||||
* DirContext ctx = getContextSource().getReadWriteContext();
|
||||
*
|
||||
*
|
||||
* // First of all, make sure the database is empty. Name startingPoint = new
|
||||
* DistinguishedName("dc=springframework,dc=org");
|
||||
*
|
||||
*
|
||||
* try { clearSubContexts(ctx, startingPoint); LdifFileLoader loader = new
|
||||
* LdifFileLoader(server.getService().getAdminSession(),
|
||||
* ldifs.getFile().getAbsolutePath()); loader.execute(); } finally { ctx.close(); } }
|
||||
*
|
||||
*
|
||||
* private void clearSubContexts(DirContext ctx, Name name) throws NamingException {
|
||||
*
|
||||
*
|
||||
* NamingEnumeration<Binding> enumeration = null; try { enumeration =
|
||||
* ctx.listBindings(name); while (enumeration.hasMore()) { Binding element =
|
||||
* enumeration.next(); DistinguishedName childName = new
|
||||
* DistinguishedName(element.getName()); childName.prepend((DistinguishedName) name);
|
||||
*
|
||||
*
|
||||
* try { ctx.destroySubcontext(childName); } catch (ContextNotEmptyException e) {
|
||||
* clearSubContexts(ctx, childName); ctx.destroySubcontext(childName); } } }
|
||||
* catch(NameNotFoundException ignored) { } catch (NamingException e) {
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+42
-36
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
@@ -15,9 +16,9 @@
|
||||
|
||||
package org.springframework.security.ldap.authentication;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.junit.*;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
@@ -26,6 +27,9 @@ import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
import org.springframework.security.ldap.AbstractLdapIntegrationTests;
|
||||
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.fail;
|
||||
|
||||
/**
|
||||
* Tests for {@link BindAuthenticator}.
|
||||
*
|
||||
@@ -43,34 +47,35 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
authenticator = new BindAuthenticator(getContextSource());
|
||||
authenticator.setMessageSource(new SpringSecurityMessageSource());
|
||||
bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
|
||||
this.authenticator = new BindAuthenticator(getContextSource());
|
||||
this.authenticator.setMessageSource(new SpringSecurityMessageSource());
|
||||
this.bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
|
||||
|
||||
}
|
||||
|
||||
@Test(expected = BadCredentialsException.class)
|
||||
public void emptyPasswordIsRejected() {
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("jen", ""));
|
||||
this.authenticator
|
||||
.authenticate(new UsernamePasswordAuthenticationToken("jen", ""));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthenticationWithCorrectPasswordSucceeds() {
|
||||
authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people",
|
||||
"cn={0},ou=people" });
|
||||
this.authenticator.setUserDnPatterns(
|
||||
new String[] { "uid={0},ou=people", "cn={0},ou=people" });
|
||||
|
||||
DirContextOperations user = authenticator.authenticate(bob);
|
||||
DirContextOperations user = this.authenticator.authenticate(this.bob);
|
||||
assertThat(user.getStringAttribute("uid")).isEqualTo("bob");
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
"mouse, jerry", "jerryspassword"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthenticationWithInvalidUserNameFails() {
|
||||
authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
|
||||
this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
|
||||
|
||||
try {
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
"nonexistentsuser", "password"));
|
||||
fail("Shouldn't be able to bind with invalid username");
|
||||
}
|
||||
@@ -82,26 +87,26 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||
public void testAuthenticationWithUserSearch() throws Exception {
|
||||
// DirContextAdapter ctx = new DirContextAdapter(new
|
||||
// DistinguishedName("uid=bob,ou=people"));
|
||||
authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people",
|
||||
this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people",
|
||||
"(uid={0})", getContextSource()));
|
||||
authenticator.afterPropertiesSet();
|
||||
authenticator.authenticate(bob);
|
||||
this.authenticator.afterPropertiesSet();
|
||||
this.authenticator.authenticate(this.bob);
|
||||
// SEC-1444
|
||||
authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people",
|
||||
this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people",
|
||||
"(cn={0})", getContextSource()));
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
"mouse, jerry", "jerryspassword"));
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("slash/guy",
|
||||
"slashguyspassword"));
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
"slash/guy", "slashguyspassword"));
|
||||
// SEC-1661
|
||||
authenticator.setUserSearch(new FilterBasedLdapUserSearch(
|
||||
this.authenticator.setUserSearch(new FilterBasedLdapUserSearch(
|
||||
"ou=\\\"quoted people\\\"", "(cn={0})", getContextSource()));
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy",
|
||||
"quoteguyspassword"));
|
||||
authenticator.setUserSearch(new FilterBasedLdapUserSearch("", "(cn={0})",
|
||||
getContextSource()));
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy",
|
||||
"quoteguyspassword"));
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
"quote\"guy", "quoteguyspassword"));
|
||||
this.authenticator.setUserSearch(
|
||||
new FilterBasedLdapUserSearch("", "(cn={0})", getContextSource()));
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
"quote\"guy", "quoteguyspassword"));
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -112,26 +117,26 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||
* env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
||||
* env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=springsource,dc=com");
|
||||
* env.put(Context.SECURITY_CREDENTIALS, "password");
|
||||
*
|
||||
*
|
||||
* InitialDirContext idc = new InitialDirContext(env); SearchControls searchControls =
|
||||
* new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
||||
* DistinguishedName baseDn = new DistinguishedName("ou=\\\"quoted people\\\"");
|
||||
* NamingEnumeration<SearchResult> matches = idc.search(baseDn, "(cn=*)", new Object[]
|
||||
* {"quoteguy"}, searchControls);
|
||||
*
|
||||
*
|
||||
* while(matches.hasMore()) { SearchResult match = matches.next(); DistinguishedName
|
||||
* dn = new DistinguishedName(match.getName()); System.out.println("**** Match: " +
|
||||
* match.getName() + " ***** " + dn);
|
||||
*
|
||||
*
|
||||
* } }
|
||||
*/
|
||||
@Test
|
||||
public void testAuthenticationWithWrongPasswordFails() {
|
||||
authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
|
||||
this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
|
||||
|
||||
try {
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob",
|
||||
"wrongpassword"));
|
||||
this.authenticator.authenticate(
|
||||
new UsernamePasswordAuthenticationToken("bob", "wrongpassword"));
|
||||
fail("Shouldn't be able to bind with wrong password");
|
||||
}
|
||||
catch (BadCredentialsException expected) {
|
||||
@@ -140,7 +145,8 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||
|
||||
@Test
|
||||
public void testUserDnPatternReturnsCorrectDn() {
|
||||
authenticator.setUserDnPatterns(new String[] { "cn={0},ou=people" });
|
||||
assertThat(authenticator.getUserDns("Joe").get(0)).isEqualTo("cn=Joe,ou=people");
|
||||
this.authenticator.setUserDnPatterns(new String[] { "cn={0},ou=people" });
|
||||
assertThat(this.authenticator.getUserDns("Joe").get(0))
|
||||
.isEqualTo("cn=Joe,ou=people");
|
||||
}
|
||||
}
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap;
|
||||
|
||||
import org.springframework.ldap.core.DistinguishedName;
|
||||
|
||||
+33
-14
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap;
|
||||
|
||||
import java.util.ArrayList;
|
||||
@@ -7,6 +22,7 @@ import java.util.StringTokenizer;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.ldap.core.support.DirContextAuthenticationStrategy;
|
||||
import org.springframework.ldap.core.support.LdapContextSource;
|
||||
import org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy;
|
||||
@@ -40,7 +56,8 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
|
||||
* you want to use more than one server for fail-over, rather use the
|
||||
* {@link #DefaultSpringSecurityContextSource(List, String)} constructor.
|
||||
*
|
||||
* @param providerUrl an LDAP URL of the form <code>ldap://localhost:389/base_dn</code>
|
||||
* @param providerUrl an LDAP URL of the form
|
||||
* <code>ldap://localhost:389/base_dn</code>
|
||||
*/
|
||||
public DefaultSpringSecurityContextSource(String providerUrl) {
|
||||
Assert.hasLength(providerUrl, "An LDAP connection URL must be supplied.");
|
||||
@@ -56,19 +73,19 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
|
||||
|
||||
urls.add(url.substring(0, url.lastIndexOf(urlRootDn)));
|
||||
|
||||
logger.info(" URL '" + url + "', root DN is '" + urlRootDn + "'");
|
||||
this.logger.info(" URL '" + url + "', root DN is '" + urlRootDn + "'");
|
||||
|
||||
if (rootDn == null) {
|
||||
rootDn = urlRootDn;
|
||||
if (this.rootDn == null) {
|
||||
this.rootDn = urlRootDn;
|
||||
}
|
||||
else if (!rootDn.equals(urlRootDn)) {
|
||||
else if (!this.rootDn.equals(urlRootDn)) {
|
||||
throw new IllegalArgumentException(
|
||||
"Root DNs must be the same when using multiple URLs");
|
||||
}
|
||||
}
|
||||
|
||||
setUrls(urls.toArray(new String[urls.size()]));
|
||||
setBase(rootDn);
|
||||
setBase(this.rootDn);
|
||||
setPooled(true);
|
||||
setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy() {
|
||||
@Override
|
||||
@@ -77,8 +94,10 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
|
||||
super.setupEnvironment(env, dn, password);
|
||||
// Remove the pooling flag unless we are authenticating as the 'manager'
|
||||
// user.
|
||||
if (!userDn.equals(dn) && env.containsKey(SUN_LDAP_POOLING_FLAG)) {
|
||||
logger.debug("Removing pooling flag for user " + dn);
|
||||
if (!DefaultSpringSecurityContextSource.this.userDn.equals(dn)
|
||||
&& env.containsKey(SUN_LDAP_POOLING_FLAG)) {
|
||||
DefaultSpringSecurityContextSource.this.logger
|
||||
.debug("Removing pooling flag for user " + dn);
|
||||
env.remove(SUN_LDAP_POOLING_FLAG);
|
||||
}
|
||||
}
|
||||
@@ -94,11 +113,11 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
|
||||
* well, given that Spring Security is able to connect to the server. Note that these
|
||||
* <b>URLs must not include the base DN</b>!
|
||||
* @param baseDn The common Base DN for all provided servers, e.g.
|
||||
*
|
||||
*
|
||||
* <pre>
|
||||
* dc=company,dc=com
|
||||
* </pre>
|
||||
*
|
||||
*
|
||||
* .
|
||||
*/
|
||||
public DefaultSpringSecurityContextSource(List<String> urls, String baseDn) {
|
||||
@@ -111,19 +130,19 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
|
||||
* it needs to be supplied only once.
|
||||
*
|
||||
* @param urls A list of string values which are LDAP server URLs. An example would be
|
||||
*
|
||||
*
|
||||
* <pre>
|
||||
* ldap://ldap.company.com:389
|
||||
* </pre>
|
||||
*
|
||||
*
|
||||
* . LDAPS URLs may be used as well, given that Spring Security is able to connect to
|
||||
* the server.
|
||||
* @param baseDn The common Base DN for all provided servers, e.g.
|
||||
*
|
||||
*
|
||||
* <pre>
|
||||
* dc=company,dc=com
|
||||
* </pre>
|
||||
*
|
||||
*
|
||||
* .
|
||||
* @return A Spring Security/Spring LDAP-compliant Provider URL string.
|
||||
*/
|
||||
|
||||
@@ -20,12 +20,12 @@ import org.springframework.ldap.BadLdapGrammarException;
|
||||
|
||||
/**
|
||||
* Helper class to encode and decode ldap names and values.
|
||||
*
|
||||
*
|
||||
* <p>
|
||||
* NOTE: This is a copy from Spring LDAP so that both Spring LDAP 1.x and 2.x can be
|
||||
* supported without reflection.
|
||||
* </p>
|
||||
*
|
||||
*
|
||||
* @author Adam Skogman
|
||||
* @author Mattias Hellborg Arthursson
|
||||
*/
|
||||
@@ -91,14 +91,15 @@ final class LdapEncoder {
|
||||
|
||||
/**
|
||||
* Escape a value for use in a filter.
|
||||
*
|
||||
*
|
||||
* @param value the value to escape.
|
||||
* @return a properly escaped representation of the supplied value.
|
||||
*/
|
||||
public static String filterEncode(String value) {
|
||||
|
||||
if (value == null)
|
||||
if (value == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// make buffer roomy
|
||||
StringBuilder encodedValue = new StringBuilder(value.length() * 2);
|
||||
@@ -123,7 +124,7 @@ final class LdapEncoder {
|
||||
|
||||
/**
|
||||
* LDAP Encodes a value for use with a DN. Escapes for LDAP, not JNDI!
|
||||
*
|
||||
*
|
||||
* <br/>
|
||||
* Escapes:<br/>
|
||||
* ' ' [space] - "\ " [if first or last] <br/>
|
||||
@@ -136,14 +137,15 @@ final class LdapEncoder {
|
||||
* '>' [greater than] - "\>" <br/>
|
||||
* '"' [double quote] - "\"" <br/>
|
||||
* '\' [backslash] - "\\" <br/>
|
||||
*
|
||||
*
|
||||
* @param value the value to escape.
|
||||
* @return The escaped value.
|
||||
*/
|
||||
public static String nameEncode(String value) {
|
||||
|
||||
if (value == null)
|
||||
if (value == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// make buffer roomy
|
||||
StringBuilder encodedValue = new StringBuilder(value.length() * 2);
|
||||
@@ -181,7 +183,7 @@ final class LdapEncoder {
|
||||
|
||||
/**
|
||||
* Decodes a value. Converts escaped chars to ordinary chars.
|
||||
*
|
||||
*
|
||||
* @param value Trimmed value, so no leading an trailing blanks, except an escaped
|
||||
* space last.
|
||||
* @return The decoded value as a string.
|
||||
@@ -189,8 +191,9 @@ final class LdapEncoder {
|
||||
*/
|
||||
static public String nameDecode(String value) throws BadLdapGrammarException {
|
||||
|
||||
if (value == null)
|
||||
if (value == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// make buffer same size
|
||||
StringBuilder decoded = new StringBuilder(value.length());
|
||||
@@ -201,8 +204,8 @@ final class LdapEncoder {
|
||||
if (currentChar == '\\') {
|
||||
if (value.length() <= i + 1) {
|
||||
// Ending with a single backslash is not allowed
|
||||
throw new BadLdapGrammarException("Unexpected end of value "
|
||||
+ "unterminated '\\'");
|
||||
throw new BadLdapGrammarException(
|
||||
"Unexpected end of value " + "unterminated '\\'");
|
||||
}
|
||||
else {
|
||||
char nextChar = value.charAt(i + 1);
|
||||
@@ -217,7 +220,8 @@ final class LdapEncoder {
|
||||
else {
|
||||
if (value.length() <= i + 2) {
|
||||
throw new BadLdapGrammarException("Unexpected end of value "
|
||||
+ "expected special or hex, found '" + nextChar + "'");
|
||||
+ "expected special or hex, found '" + nextChar
|
||||
+ "'");
|
||||
}
|
||||
else {
|
||||
// This should be a hex value
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap;
|
||||
|
||||
import org.springframework.ldap.core.DistinguishedName;
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+20
-17
@@ -12,10 +12,14 @@
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/package org.springframework.security.ldap.authentication;
|
||||
*/
|
||||
package org.springframework.security.ldap.authentication;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.context.MessageSourceAware;
|
||||
import org.springframework.context.support.MessageSourceAccessor;
|
||||
@@ -35,8 +39,6 @@ import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
* Base class for the standard {@code LdapAuthenticationProvider} and the
|
||||
* {@code ActiveDirectoryLdapAuthenticationProvider}.
|
||||
@@ -44,8 +46,8 @@ import java.util.*;
|
||||
* @author Luke Taylor
|
||||
* @since 3.1
|
||||
*/
|
||||
public abstract class AbstractLdapAuthenticationProvider implements
|
||||
AuthenticationProvider, MessageSourceAware {
|
||||
public abstract class AbstractLdapAuthenticationProvider
|
||||
implements AuthenticationProvider, MessageSourceAware {
|
||||
protected final Log logger = LogFactory.getLog(getClass());
|
||||
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
||||
private boolean useAuthenticationRequestCredentials = true;
|
||||
@@ -55,7 +57,7 @@ public abstract class AbstractLdapAuthenticationProvider implements
|
||||
public Authentication authenticate(Authentication authentication)
|
||||
throws AuthenticationException {
|
||||
Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
|
||||
messages.getMessage("LdapAuthenticationProvider.onlySupports",
|
||||
this.messages.getMessage("LdapAuthenticationProvider.onlySupports",
|
||||
"Only UsernamePasswordAuthenticationToken is supported"));
|
||||
|
||||
final UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken) authentication;
|
||||
@@ -63,26 +65,26 @@ public abstract class AbstractLdapAuthenticationProvider implements
|
||||
String username = userToken.getName();
|
||||
String password = (String) authentication.getCredentials();
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Processing authentication request for user: " + username);
|
||||
if (this.logger.isDebugEnabled()) {
|
||||
this.logger.debug("Processing authentication request for user: " + username);
|
||||
}
|
||||
|
||||
if (!StringUtils.hasLength(username)) {
|
||||
throw new BadCredentialsException(messages.getMessage(
|
||||
throw new BadCredentialsException(this.messages.getMessage(
|
||||
"LdapAuthenticationProvider.emptyUsername", "Empty Username"));
|
||||
}
|
||||
|
||||
if (!StringUtils.hasLength(password)) {
|
||||
throw new BadCredentialsException(messages.getMessage(
|
||||
"AbstractLdapAuthenticationProvider.emptyPassword", "Empty Password"));
|
||||
throw new BadCredentialsException(this.messages.getMessage(
|
||||
"AbstractLdapAuthenticationProvider.emptyPassword",
|
||||
"Empty Password"));
|
||||
}
|
||||
|
||||
Assert.notNull(password, "Null password was supplied in authentication token");
|
||||
|
||||
DirContextOperations userData = doAuthentication(userToken);
|
||||
|
||||
UserDetails user = userDetailsContextMapper.mapUserFromContext(
|
||||
userData,
|
||||
UserDetails user = this.userDetailsContextMapper.mapUserFromContext(userData,
|
||||
authentication.getName(),
|
||||
loadUserAuthorities(userData, authentication.getName(),
|
||||
(String) authentication.getCredentials()));
|
||||
@@ -107,11 +109,12 @@ public abstract class AbstractLdapAuthenticationProvider implements
|
||||
*/
|
||||
protected Authentication createSuccessfulAuthentication(
|
||||
UsernamePasswordAuthenticationToken authentication, UserDetails user) {
|
||||
Object password = useAuthenticationRequestCredentials ? authentication
|
||||
.getCredentials() : user.getPassword();
|
||||
Object password = this.useAuthenticationRequestCredentials
|
||||
? authentication.getCredentials() : user.getPassword();
|
||||
|
||||
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
|
||||
user, password, authoritiesMapper.mapAuthorities(user.getAuthorities()));
|
||||
user, password,
|
||||
this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
|
||||
result.setDetails(authentication.getDetails());
|
||||
|
||||
return result;
|
||||
@@ -164,6 +167,6 @@ public abstract class AbstractLdapAuthenticationProvider implements
|
||||
* by subclasses.
|
||||
*/
|
||||
protected UserDetailsContextMapper getUserDetailsContextMapper() {
|
||||
return userDetailsContextMapper;
|
||||
return this.userDetailsContextMapper;
|
||||
}
|
||||
}
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+24
-26
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
@@ -15,6 +16,8 @@
|
||||
|
||||
package org.springframework.security.ldap.authentication;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.ldap.NamingException;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
@@ -26,12 +29,8 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.ldap.ppolicy.PasswordPolicyException;
|
||||
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
|
||||
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
|
||||
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
|
||||
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
* An {@link org.springframework.security.authentication.AuthenticationProvider}
|
||||
* implementation that authenticates against an LDAP server.
|
||||
@@ -40,9 +39,9 @@ import java.util.*;
|
||||
* delegates most of its responsibilities to two separate strategy interfaces,
|
||||
* {@link LdapAuthenticator} and {@link LdapAuthoritiesPopulator}.
|
||||
*
|
||||
* <h3>LdapAuthenticator</h3>
|
||||
* This interface is responsible for performing the user authentication and retrieving the
|
||||
* user's information from the directory. Example implementations are
|
||||
* <h3>LdapAuthenticator</h3> This interface is responsible for performing the user
|
||||
* authentication and retrieving the user's information from the directory. Example
|
||||
* implementations are
|
||||
* {@link org.springframework.security.ldap.authentication.BindAuthenticator
|
||||
* BindAuthenticator} which authenticates the user by "binding" as that user, and
|
||||
* {@link org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
|
||||
@@ -54,12 +53,11 @@ import java.util.*;
|
||||
* for example, if binding as the user, it may be necessary to read them with the user's
|
||||
* own permissions (using the same context used for the bind operation).
|
||||
*
|
||||
* <h3>LdapAuthoritiesPopulator</h3>
|
||||
* Once the user has been authenticated, this interface is called to obtain the set of
|
||||
* granted authorities for the user. The {@link DefaultLdapAuthoritiesPopulator
|
||||
* DefaultLdapAuthoritiesPopulator} can be configured to obtain user role information from
|
||||
* the user's attributes and/or to perform a search for "groups" that the user is a member
|
||||
* of and map these to roles.
|
||||
* <h3>LdapAuthoritiesPopulator</h3> Once the user has been authenticated, this interface
|
||||
* is called to obtain the set of granted authorities for the user. The
|
||||
* {@link DefaultLdapAuthoritiesPopulator DefaultLdapAuthoritiesPopulator} can be
|
||||
* configured to obtain user role information from the user's attributes and/or to perform
|
||||
* a search for "groups" that the user is a member of and map these to roles.
|
||||
*
|
||||
* <p>
|
||||
* A custom implementation could obtain the roles from a completely different source, for
|
||||
@@ -68,7 +66,7 @@ import java.util.*;
|
||||
* <h3>Configuration</h3>
|
||||
*
|
||||
* A simple configuration might be as follows:
|
||||
*
|
||||
*
|
||||
* <pre>
|
||||
* <bean id="contextSource"
|
||||
* class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
|
||||
@@ -76,7 +74,7 @@ import java.util.*;
|
||||
* <property name="userDn" value="cn=manager,dc=springframework,dc=org"/>
|
||||
* <property name="password" value="password"/>
|
||||
* </bean>
|
||||
*
|
||||
*
|
||||
* <bean id="ldapAuthProvider"
|
||||
* class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
|
||||
* <constructor-arg>
|
||||
@@ -109,9 +107,9 @@ import java.util.*;
|
||||
* anonymous bind operation with an empty password, even if a DN is supplied. In practice
|
||||
* this means that if the LDAP directory is configured to allow unauthenticated access, it
|
||||
* might be possible to authenticate as <i>any</i> user just by supplying an empty
|
||||
* password. More information on the misuse of unauthenticated access can be found in <a
|
||||
* href="http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt">
|
||||
* draft-ietf-ldapbis-authmeth-19.txt</a>.
|
||||
* password. More information on the misuse of unauthenticated access can be found in
|
||||
* <a href="http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-19.txt"> draft
|
||||
* -ietf-ldapbis-authmeth-19.txt</a>.
|
||||
*
|
||||
*
|
||||
* @author Luke Taylor
|
||||
@@ -165,7 +163,7 @@ public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvid
|
||||
}
|
||||
|
||||
private LdapAuthenticator getAuthenticator() {
|
||||
return authenticator;
|
||||
return this.authenticator;
|
||||
}
|
||||
|
||||
private void setAuthoritiesPopulator(LdapAuthoritiesPopulator authoritiesPopulator) {
|
||||
@@ -175,7 +173,7 @@ public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvid
|
||||
}
|
||||
|
||||
protected LdapAuthoritiesPopulator getAuthoritiesPopulator() {
|
||||
return authoritiesPopulator;
|
||||
return this.authoritiesPopulator;
|
||||
}
|
||||
|
||||
public void setHideUserNotFoundExceptions(boolean hideUserNotFoundExceptions) {
|
||||
@@ -191,12 +189,12 @@ public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvid
|
||||
catch (PasswordPolicyException ppe) {
|
||||
// The only reason a ppolicy exception can occur during a bind is that the
|
||||
// account is locked.
|
||||
throw new LockedException(messages.getMessage(ppe.getStatus().getErrorCode(),
|
||||
ppe.getStatus().getDefaultMessage()));
|
||||
throw new LockedException(this.messages.getMessage(
|
||||
ppe.getStatus().getErrorCode(), ppe.getStatus().getDefaultMessage()));
|
||||
}
|
||||
catch (UsernameNotFoundException notFound) {
|
||||
if (hideUserNotFoundExceptions) {
|
||||
throw new BadCredentialsException(messages.getMessage(
|
||||
if (this.hideUserNotFoundExceptions) {
|
||||
throw new BadCredentialsException(this.messages.getMessage(
|
||||
"LdapAuthenticationProvider.badCredentials", "Bad credentials"));
|
||||
}
|
||||
else {
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+16
-12
@@ -20,12 +20,12 @@ import org.springframework.ldap.BadLdapGrammarException;
|
||||
|
||||
/**
|
||||
* Helper class to encode and decode ldap names and values.
|
||||
*
|
||||
*
|
||||
* <p>
|
||||
* NOTE: This is a copy from Spring LDAP so that both Spring LDAP 1.x and 2.x can be
|
||||
* supported without reflection.
|
||||
* </p>
|
||||
*
|
||||
*
|
||||
* @author Adam Skogman
|
||||
* @author Mattias Hellborg Arthursson
|
||||
*/
|
||||
@@ -91,14 +91,15 @@ final class LdapEncoder {
|
||||
|
||||
/**
|
||||
* Escape a value for use in a filter.
|
||||
*
|
||||
*
|
||||
* @param value the value to escape.
|
||||
* @return a properly escaped representation of the supplied value.
|
||||
*/
|
||||
public static String filterEncode(String value) {
|
||||
|
||||
if (value == null)
|
||||
if (value == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// make buffer roomy
|
||||
StringBuilder encodedValue = new StringBuilder(value.length() * 2);
|
||||
@@ -123,7 +124,7 @@ final class LdapEncoder {
|
||||
|
||||
/**
|
||||
* LDAP Encodes a value for use with a DN. Escapes for LDAP, not JNDI!
|
||||
*
|
||||
*
|
||||
* <br/>
|
||||
* Escapes:<br/>
|
||||
* ' ' [space] - "\ " [if first or last] <br/>
|
||||
@@ -136,14 +137,15 @@ final class LdapEncoder {
|
||||
* '>' [greater than] - "\>" <br/>
|
||||
* '"' [double quote] - "\"" <br/>
|
||||
* '\' [backslash] - "\\" <br/>
|
||||
*
|
||||
*
|
||||
* @param value the value to escape.
|
||||
* @return The escaped value.
|
||||
*/
|
||||
public static String nameEncode(String value) {
|
||||
|
||||
if (value == null)
|
||||
if (value == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// make buffer roomy
|
||||
StringBuilder encodedValue = new StringBuilder(value.length() * 2);
|
||||
@@ -181,7 +183,7 @@ final class LdapEncoder {
|
||||
|
||||
/**
|
||||
* Decodes a value. Converts escaped chars to ordinary chars.
|
||||
*
|
||||
*
|
||||
* @param value Trimmed value, so no leading an trailing blanks, except an escaped
|
||||
* space last.
|
||||
* @return The decoded value as a string.
|
||||
@@ -189,8 +191,9 @@ final class LdapEncoder {
|
||||
*/
|
||||
static public String nameDecode(String value) throws BadLdapGrammarException {
|
||||
|
||||
if (value == null)
|
||||
if (value == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// make buffer same size
|
||||
StringBuilder decoded = new StringBuilder(value.length());
|
||||
@@ -201,8 +204,8 @@ final class LdapEncoder {
|
||||
if (currentChar == '\\') {
|
||||
if (value.length() <= i + 1) {
|
||||
// Ending with a single backslash is not allowed
|
||||
throw new BadLdapGrammarException("Unexpected end of value "
|
||||
+ "unterminated '\\'");
|
||||
throw new BadLdapGrammarException(
|
||||
"Unexpected end of value " + "unterminated '\\'");
|
||||
}
|
||||
else {
|
||||
char nextChar = value.charAt(i + 1);
|
||||
@@ -217,7 +220,8 @@ final class LdapEncoder {
|
||||
else {
|
||||
if (value.length() <= i + 2) {
|
||||
throw new BadLdapGrammarException("Unexpected end of value "
|
||||
+ "expected special or hex, found '" + nextChar + "'");
|
||||
+ "expected special or hex, found '" + nextChar
|
||||
+ "'");
|
||||
}
|
||||
else {
|
||||
// This should be a hex value
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.authentication;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.authentication;
|
||||
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.authentication;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
+10
-7
@@ -1,14 +1,17 @@
|
||||
/*
|
||||
* Copyright 2002-2012 the original author or authors.
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.authentication.ad;
|
||||
|
||||
|
||||
+10
-7
@@ -1,14 +1,17 @@
|
||||
/*
|
||||
* Copyright 2002-2015 the original author or authors.
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.authentication.ad;
|
||||
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/**
|
||||
* The LDAP authentication provider package. Interfaces are provided for
|
||||
* both authentication and retrieval of user roles from an LDAP server.
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/**
|
||||
* Spring Security's LDAP module.
|
||||
*/
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.ppolicy;
|
||||
|
||||
import java.util.Hashtable;
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.ppolicy;
|
||||
|
||||
import javax.naming.directory.DirContext;
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.ppolicy;
|
||||
|
||||
/**
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.ppolicy;
|
||||
|
||||
/**
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.ppolicy;
|
||||
|
||||
/**
|
||||
|
||||
+38
-31
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
@@ -27,9 +28,9 @@ import netscape.ldap.ber.stream.BERIntegral;
|
||||
import netscape.ldap.ber.stream.BERSequence;
|
||||
import netscape.ldap.ber.stream.BERTag;
|
||||
import netscape.ldap.ber.stream.BERTagDecoder;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.dao.DataRetrievalFailureException;
|
||||
|
||||
/**
|
||||
@@ -70,7 +71,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
|
||||
/**
|
||||
* Decodes the Ber encoded control data. The ASN.1 value of the control data is:
|
||||
*
|
||||
*
|
||||
* <pre>
|
||||
* PasswordPolicyResponseValue ::= SEQUENCE { warning [0] CHOICE {
|
||||
* timeBeforeExpiration [0] INTEGER (0 .. maxInt),
|
||||
@@ -104,12 +105,13 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
* Returns the unchanged value of the response control. Returns the unchanged value of
|
||||
* the response control as byte array.
|
||||
*/
|
||||
@Override
|
||||
public byte[] getEncodedValue() {
|
||||
return encodedValue;
|
||||
return this.encodedValue;
|
||||
}
|
||||
|
||||
public PasswordPolicyErrorStatus getErrorStatus() {
|
||||
return errorStatus;
|
||||
return this.errorStatus;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -118,7 +120,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
* @return Returns the graceLoginsRemaining.
|
||||
*/
|
||||
public int getGraceLoginsRemaining() {
|
||||
return graceLoginsRemaining;
|
||||
return this.graceLoginsRemaining;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -127,7 +129,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
* @return Returns the time before expiration in seconds
|
||||
*/
|
||||
public int getTimeBeforeExpiration() {
|
||||
return timeBeforeExpiration;
|
||||
return this.timeBeforeExpiration;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -136,7 +138,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
* @return true, if an error is present
|
||||
*/
|
||||
public boolean hasError() {
|
||||
return errorStatus != null;
|
||||
return this.errorStatus != null;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -145,20 +147,20 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
* @return true, if a warning is present
|
||||
*/
|
||||
public boolean hasWarning() {
|
||||
return (graceLoginsRemaining != Integer.MAX_VALUE)
|
||||
|| (timeBeforeExpiration != Integer.MAX_VALUE);
|
||||
return (this.graceLoginsRemaining != Integer.MAX_VALUE)
|
||||
|| (this.timeBeforeExpiration != Integer.MAX_VALUE);
|
||||
}
|
||||
|
||||
public boolean isExpired() {
|
||||
return errorStatus == PasswordPolicyErrorStatus.PASSWORD_EXPIRED;
|
||||
return this.errorStatus == PasswordPolicyErrorStatus.PASSWORD_EXPIRED;
|
||||
}
|
||||
|
||||
public boolean isChangeAfterReset() {
|
||||
return errorStatus == PasswordPolicyErrorStatus.CHANGE_AFTER_RESET;
|
||||
return this.errorStatus == PasswordPolicyErrorStatus.CHANGE_AFTER_RESET;
|
||||
}
|
||||
|
||||
public boolean isUsingGraceLogins() {
|
||||
return graceLoginsRemaining < Integer.MAX_VALUE;
|
||||
return this.graceLoginsRemaining < Integer.MAX_VALUE;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -167,7 +169,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
* @return true if the account is locked.
|
||||
*/
|
||||
public boolean isLocked() {
|
||||
return errorStatus == PasswordPolicyErrorStatus.ACCOUNT_LOCKED;
|
||||
return this.errorStatus == PasswordPolicyErrorStatus.ACCOUNT_LOCKED;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -176,21 +178,22 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
*
|
||||
* @return error and warning messages
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder("PasswordPolicyResponseControl");
|
||||
|
||||
if (hasError()) {
|
||||
sb.append(", error: ").append(errorStatus.getDefaultMessage());
|
||||
sb.append(", error: ").append(this.errorStatus.getDefaultMessage());
|
||||
}
|
||||
|
||||
if (graceLoginsRemaining != Integer.MAX_VALUE) {
|
||||
sb.append(", warning: ").append(graceLoginsRemaining)
|
||||
if (this.graceLoginsRemaining != Integer.MAX_VALUE) {
|
||||
sb.append(", warning: ").append(this.graceLoginsRemaining)
|
||||
.append(" grace logins remain");
|
||||
}
|
||||
|
||||
if (timeBeforeExpiration != Integer.MAX_VALUE) {
|
||||
sb.append(", warning: time before expiration is ").append(
|
||||
timeBeforeExpiration);
|
||||
if (this.timeBeforeExpiration != Integer.MAX_VALUE) {
|
||||
sb.append(", warning: time before expiration is ")
|
||||
.append(this.timeBeforeExpiration);
|
||||
}
|
||||
|
||||
if (!hasError() && !hasWarning()) {
|
||||
@@ -216,9 +219,11 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
private class NetscapeDecoder implements PPolicyDecoder {
|
||||
public void decode() throws IOException {
|
||||
int[] bread = { 0 };
|
||||
BERSequence seq = (BERSequence) BERElement.getElement(
|
||||
new SpecificTagDecoder(), new ByteArrayInputStream(encodedValue),
|
||||
bread);
|
||||
BERSequence seq = (BERSequence) BERElement
|
||||
.getElement(new SpecificTagDecoder(),
|
||||
new ByteArrayInputStream(
|
||||
PasswordPolicyResponseControl.this.encodedValue),
|
||||
bread);
|
||||
|
||||
int size = seq.size();
|
||||
|
||||
@@ -239,15 +244,16 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
int value = ((BERInteger) content.getValue()).getValue();
|
||||
|
||||
if ((content.getTag() & 0x1F) == 0) {
|
||||
timeBeforeExpiration = value;
|
||||
PasswordPolicyResponseControl.this.timeBeforeExpiration = value;
|
||||
}
|
||||
else {
|
||||
graceLoginsRemaining = value;
|
||||
PasswordPolicyResponseControl.this.graceLoginsRemaining = value;
|
||||
}
|
||||
}
|
||||
else if (tag == 1) {
|
||||
BERIntegral error = (BERIntegral) elt.getValue();
|
||||
errorStatus = PasswordPolicyErrorStatus.values()[error.getValue()];
|
||||
PasswordPolicyResponseControl.this.errorStatus = PasswordPolicyErrorStatus
|
||||
.values()[error.getValue()];
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -256,15 +262,16 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
/** Allows us to remember which of the two options we're decoding */
|
||||
private Boolean inChoice = null;
|
||||
|
||||
@Override
|
||||
public BERElement getElement(BERTagDecoder decoder, int tag,
|
||||
InputStream stream, int[] bytesRead, boolean[] implicit)
|
||||
throws IOException {
|
||||
throws IOException {
|
||||
tag &= 0x1F;
|
||||
implicit[0] = false;
|
||||
|
||||
if (tag == 0) {
|
||||
// Either the choice or the time before expiry within it
|
||||
if (inChoice == null) {
|
||||
if (this.inChoice == null) {
|
||||
setInChoice(true);
|
||||
|
||||
// Read the choice length from the stream (ignored)
|
||||
@@ -285,14 +292,14 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
||||
}
|
||||
else if (tag == 1) {
|
||||
// Either the graceLogins or the error enumeration.
|
||||
if (inChoice == null) {
|
||||
if (this.inChoice == null) {
|
||||
// The enumeration
|
||||
setInChoice(false);
|
||||
|
||||
return new BEREnumerated(stream, bytesRead);
|
||||
}
|
||||
else {
|
||||
if (inChoice.booleanValue()) {
|
||||
if (this.inChoice.booleanValue()) {
|
||||
// graceLogins
|
||||
return new BERInteger(stream, bytesRead);
|
||||
}
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/**
|
||||
* Implementation of password policy functionality based on the
|
||||
* <a href="http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt">
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/**
|
||||
* {@code LdapUserSearch} implementations. These may be used to locate the user in the directory.
|
||||
*/
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/**
|
||||
* Embedded Apache Directory Server implementation, as used by the configuration namespace.
|
||||
*/
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.userdetails;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
+24
-22
@@ -15,23 +15,27 @@
|
||||
*/
|
||||
package org.springframework.security.ldap.userdetails;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.ldap.core.ContextSource;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
* A LDAP authority populator that can recursively search static nested groups.
|
||||
* <p>
|
||||
* An example of nested groups can be
|
||||
*
|
||||
*
|
||||
* <pre>
|
||||
* #Nested groups data
|
||||
*
|
||||
*
|
||||
* dn: uid=javadude,ou=people,dc=springframework,dc=org
|
||||
* objectclass: top
|
||||
* objectclass: person
|
||||
@@ -41,7 +45,7 @@ import java.util.*;
|
||||
* sn: Dude
|
||||
* uid: javadude
|
||||
* userPassword: javadudespassword
|
||||
*
|
||||
*
|
||||
* dn: uid=groovydude,ou=people,dc=springframework,dc=org
|
||||
* objectclass: top
|
||||
* objectclass: person
|
||||
@@ -51,7 +55,7 @@ import java.util.*;
|
||||
* sn: Dude
|
||||
* uid: groovydude
|
||||
* userPassword: groovydudespassword
|
||||
*
|
||||
*
|
||||
* dn: uid=closuredude,ou=people,dc=springframework,dc=org
|
||||
* objectclass: top
|
||||
* objectclass: person
|
||||
@@ -61,7 +65,7 @@ import java.util.*;
|
||||
* sn: Dude
|
||||
* uid: closuredude
|
||||
* userPassword: closuredudespassword
|
||||
*
|
||||
*
|
||||
* dn: uid=scaladude,ou=people,dc=springframework,dc=org
|
||||
* objectclass: top
|
||||
* objectclass: person
|
||||
@@ -71,14 +75,14 @@ import java.util.*;
|
||||
* sn: Dude
|
||||
* uid: scaladude
|
||||
* userPassword: scaladudespassword
|
||||
*
|
||||
*
|
||||
* dn: cn=j-developers,ou=jdeveloper,dc=springframework,dc=org
|
||||
* objectclass: top
|
||||
* objectclass: groupOfNames
|
||||
* cn: j-developers
|
||||
* ou: jdeveloper
|
||||
* member: cn=java-developers,ou=groups,dc=springframework,dc=org
|
||||
*
|
||||
*
|
||||
* dn: cn=java-developers,ou=jdeveloper,dc=springframework,dc=org
|
||||
* objectclass: top
|
||||
* objectclass: groupOfNames
|
||||
@@ -87,7 +91,7 @@ import java.util.*;
|
||||
* member: cn=groovy-developers,ou=groups,dc=springframework,dc=org
|
||||
* member: cn=scala-developers,ou=groups,dc=springframework,dc=org
|
||||
* member: uid=javadude,ou=people,dc=springframework,dc=org
|
||||
*
|
||||
*
|
||||
* dn: cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org
|
||||
* objectclass: top
|
||||
* objectclass: groupOfNames
|
||||
@@ -95,14 +99,14 @@ import java.util.*;
|
||||
* ou: jdeveloper
|
||||
* member: cn=closure-developers,ou=groups,dc=springframework,dc=org
|
||||
* member: uid=groovydude,ou=people,dc=springframework,dc=org
|
||||
*
|
||||
*
|
||||
* dn: cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org
|
||||
* objectclass: top
|
||||
* objectclass: groupOfNames
|
||||
* cn: java-developers
|
||||
* ou: jdeveloper
|
||||
* member: uid=closuredude,ou=people,dc=springframework,dc=org
|
||||
*
|
||||
*
|
||||
* dn: cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org
|
||||
* objectclass: top
|
||||
* objectclass: groupOfNames
|
||||
@@ -173,8 +177,8 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Search aborted, max depth reached,"
|
||||
+ " for roles for user '" + username + "', DN = " + "'" + userDn
|
||||
+ "', with filter " + getGroupSearchFilter()
|
||||
+ " in search base '" + getGroupSearchBase() + "'");
|
||||
+ "', with filter " + getGroupSearchFilter() + " in search base '"
|
||||
+ getGroupSearchBase() + "'");
|
||||
}
|
||||
return;
|
||||
}
|
||||
@@ -194,12 +198,10 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
||||
}
|
||||
|
||||
Set<Map<String, List<String>>> userRoles = getLdapTemplate()
|
||||
.searchForMultipleAttributeValues(
|
||||
getGroupSearchBase(),
|
||||
getGroupSearchFilter(),
|
||||
new String[] { userDn, username },
|
||||
getAttributeNames().toArray(
|
||||
new String[getAttributeNames().size()]));
|
||||
.searchForMultipleAttributeValues(getGroupSearchBase(),
|
||||
getGroupSearchFilter(), new String[] { userDn, username },
|
||||
getAttributeNames()
|
||||
.toArray(new String[getAttributeNames().size()]));
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Roles from search: " + userRoles);
|
||||
@@ -238,7 +240,7 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
||||
* @return the attribute names or null for all
|
||||
*/
|
||||
private Set<String> getAttributeNames() {
|
||||
return attributeNames;
|
||||
return this.attributeNames;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -257,7 +259,7 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
||||
* @return the max search depth, default is 10
|
||||
*/
|
||||
private int getMaxSearchDepth() {
|
||||
return maxSearchDepth;
|
||||
return this.maxSearchDepth;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.userdetails;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/**
|
||||
* LDAP-focused {@code UserDetails} implementations which map from a ubset of the data
|
||||
* contained in some of the standard LDAP types (such as {@code InetOrgPerson}).
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap;
|
||||
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+10
-7
@@ -1,14 +1,17 @@
|
||||
/*
|
||||
* Copyright 2002-2015 the original author or authors.
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.authentication.ad;
|
||||
|
||||
|
||||
+19
-5
@@ -1,4 +1,18 @@
|
||||
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.ppolicy;
|
||||
|
||||
/**
|
||||
@@ -6,7 +20,7 @@ package org.springframework.security.ldap.ppolicy;
|
||||
* <p>
|
||||
* Run the script in the module root to start the server and import the data before
|
||||
* running.
|
||||
*
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @since 3.0
|
||||
*/
|
||||
@@ -18,13 +32,13 @@ public class OpenLDAPIntegrationTestSuite {
|
||||
* PasswordPolicyAwareContextSource("ldap://localhost:22389/dc=springsource,dc=com");
|
||||
* cs.setUserDn("cn=admin,dc=springsource,dc=com"); cs.setPassword("password");
|
||||
* cs.afterPropertiesSet(); }
|
||||
*
|
||||
*
|
||||
* @Test public void simpleBindSucceeds() throws Exception { BindAuthenticator
|
||||
* authenticator = new BindAuthenticator(cs); authenticator.setUserDnPatterns(new
|
||||
* String[] {"uid={0},ou=users"}); LdapAuthenticationProvider provider = new
|
||||
* LdapAuthenticationProvider(authenticator); provider.authenticate(new
|
||||
* UsernamePasswordAuthenticationToken("luke","password")); }
|
||||
*
|
||||
*
|
||||
* @Test(expected=LockedException.class) public void
|
||||
* repeatedBindWithWrongPasswordLocksAccount() throws Exception { BindAuthenticator
|
||||
* authenticator = new BindAuthenticator(cs); authenticator.setUserDnPatterns(new
|
||||
@@ -35,7 +49,7 @@ public class OpenLDAPIntegrationTestSuite {
|
||||
* (LdapUserDetailsImpl) a.getPrincipal(); assertTrue(ud.getTimeBeforeExpiration() <
|
||||
* Integer.MAX_VALUE && ud.getTimeBeforeExpiration() > 0); } catch
|
||||
* (BadCredentialsException expected) { } } }
|
||||
*
|
||||
*
|
||||
* @Test public void passwordExpiryTimeIsDetectedCorrectly() throws Exception {
|
||||
* BindAuthenticator authenticator = new BindAuthenticator(cs);
|
||||
* authenticator.setUserDnPatterns(new String[] {"uid={0},ou=users"});
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.ppolicy;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.ppolicy;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.userdetails;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.userdetails;
|
||||
|
||||
import org.junit.Before;
|
||||
|
||||
+3
-2
@@ -1,10 +1,11 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.userdetails;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
|
||||
+15
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ldap.userdetails;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
|
||||
Reference in New Issue
Block a user