Example 1 with ContextExecutor
use of org.springframework.ldap.core.ContextExecutor in project spring-security by spring-projects.
the class LdapUserDetailsManager method changePassword.
/**
* Changes the password for the current user. The username is obtained from the
* security context.
* <p>
* If the old password is supplied, the update will be made by rebinding as the user,
* thus modifying the password using the user's permissions. If
* <code>oldPassword</code> is null, the update will be attempted using a standard
* read/write context supplied by the context source.
* </p>
*
* @param oldPassword the old password
* @param newPassword the new value of the password.
*/
public void changePassword(final String oldPassword, final String newPassword) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Assert.notNull(authentication, "No authentication object found in security context. Can't change current user's password!");
String username = authentication.getName();
logger.debug("Changing password for user '" + username);
final DistinguishedName dn = usernameMapper.buildDn(username);
final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) };
if (oldPassword == null) {
template.modifyAttributes(dn, passwordChange);
return;
}
template.executeReadWrite(new ContextExecutor() {
public Object executeWithContext(DirContext dirCtx) throws NamingException {
LdapContext ctx = (LdapContext) dirCtx;
ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(dn, ctx).toString());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword);
// TODO: reconnect doesn't appear to actually change the credentials
try {
ctx.reconnect(null);
} catch (javax.naming.AuthenticationException e) {
throw new BadCredentialsException("Authentication for password change failed.");
}
ctx.modifyAttributes(dn, passwordChange);
return null;
}
});
}
Also used :
BasicAttribute(javax.naming.directory.BasicAttribute)
DistinguishedName(org.springframework.ldap.core.DistinguishedName)
DirContext(javax.naming.directory.DirContext)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
ContextExecutor(org.springframework.ldap.core.ContextExecutor)
ModificationItem(javax.naming.directory.ModificationItem)
Authentication(org.springframework.security.core.Authentication)
NamingException(javax.naming.NamingException)
LdapContext(javax.naming.ldap.LdapContext)
Example 2 with ContextExecutor
use of org.springframework.ldap.core.ContextExecutor in project spring-security by spring-projects.
the class SpringSecurityLdapTemplate method compare.
// ~ Methods
// ========================================================================================================
/**
* Performs an LDAP compare operation of the value of an attribute for a particular
* directory entry.
*
* @param dn the entry who's attribute is to be used
* @param attributeName the attribute who's value we want to compare
* @param value the value to be checked against the directory value
*
* @return true if the supplied value matches that in the directory
*/
public boolean compare(final String dn, final String attributeName, final Object value) {
final String comparisonFilter = "(" + attributeName + "={0})";
class LdapCompareCallback implements ContextExecutor {
public Object executeWithContext(DirContext ctx) throws NamingException {
SearchControls ctls = new SearchControls();
ctls.setReturningAttributes(NO_ATTRS);
ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
NamingEnumeration<SearchResult> results = ctx.search(dn, comparisonFilter, new Object[] { value }, ctls);
Boolean match = Boolean.valueOf(results.hasMore());
LdapUtils.closeEnumeration(results);
return match;
}
}
Boolean matches = (Boolean) executeReadOnly(new LdapCompareCallback());
return matches.booleanValue();
}
Also used :
SearchControls(javax.naming.directory.SearchControls)
SearchResult(javax.naming.directory.SearchResult)
DirContext(javax.naming.directory.DirContext)
ContextExecutor(org.springframework.ldap.core.ContextExecutor)
Example 3 with ContextExecutor
use of org.springframework.ldap.core.ContextExecutor in project spring-security by spring-projects.
the class SpringSecurityLdapTemplateITests method namingExceptionIsTranslatedCorrectly.
// @Test
// public void testNameExistsForInValidNameFails() {
// assertThat(template.nameExists("ou=doesntexist,dc=springframework,dc=org")).isFalse();
// }
//
// @Test
// public void testNameExistsForValidNameSucceeds() {
// assertThat(template.nameExists("ou=groups,dc=springframework,dc=org")).isTrue();
// }
@Test
public void namingExceptionIsTranslatedCorrectly() {
try {
template.executeReadOnly(new ContextExecutor() {
public Object executeWithContext(DirContext dirContext) throws NamingException {
throw new NamingException();
}
});
fail("Expected UncategorizedLdapException on NamingException");
} catch (UncategorizedLdapException expected) {
}
}
Also used :
NamingException(javax.naming.NamingException)
DirContext(javax.naming.directory.DirContext)
UncategorizedLdapException(org.springframework.ldap.UncategorizedLdapException)
ContextExecutor(org.springframework.ldap.core.ContextExecutor)
Aggregations
DirContext (javax.naming.directory.DirContext)3
ContextExecutor (org.springframework.ldap.core.ContextExecutor)3
NamingException (javax.naming.NamingException)2
BasicAttribute (javax.naming.directory.BasicAttribute)1
ModificationItem (javax.naming.directory.ModificationItem)1
SearchControls (javax.naming.directory.SearchControls)1
SearchResult (javax.naming.directory.SearchResult)1
LdapContext (javax.naming.ldap.LdapContext)1
UncategorizedLdapException (org.springframework.ldap.UncategorizedLdapException)1
DistinguishedName (org.springframework.ldap.core.DistinguishedName)1
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1
Authentication (org.springframework.security.core.Authentication)1
