Search in sources :

Example 21 with PLAINBindRequest

use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.

the class AuthRateThread method run.

/**
 * Performs all search processing for this thread.
 */
@Override()
public void run() {
    try {
        authThread.set(currentThread());
        runningThreads.incrementAndGet();
        try {
            startBarrier.await();
        } catch (final Exception e) {
            Debug.debugException(e);
        }
        while (!stopRequested.get()) {
            if (searchConnection == null) {
                try {
                    searchConnection = authRate.getConnection();
                } catch (final LDAPException le) {
                    Debug.debugException(le);
                    errorCounter.incrementAndGet();
                    final ResultCode rc = le.getResultCode();
                    rcCounter.increment(rc);
                    resultCode.compareAndSet(null, rc);
                    if (fixedRateBarrier != null) {
                        fixedRateBarrier.await();
                    }
                    continue;
                }
            }
            if (bindConnection == null) {
                try {
                    bindConnection = authRate.getConnection();
                } catch (final LDAPException le) {
                    Debug.debugException(le);
                    errorCounter.incrementAndGet();
                    final ResultCode rc = le.getResultCode();
                    rcCounter.increment(rc);
                    resultCode.compareAndSet(null, rc);
                    if (fixedRateBarrier != null) {
                        fixedRateBarrier.await();
                    }
                    continue;
                }
            }
            if (!bindOnly) {
                try {
                    searchRequest.setBaseDN(baseDN.nextValue());
                    searchRequest.setFilter(filter.nextValue());
                } catch (final LDAPException le) {
                    Debug.debugException(le);
                    errorCounter.incrementAndGet();
                    final ResultCode rc = le.getResultCode();
                    rcCounter.increment(rc);
                    resultCode.compareAndSet(null, rc);
                    continue;
                }
            }
            // wait until starting the next authorization.
            if (fixedRateBarrier != null) {
                fixedRateBarrier.await();
            }
            final long startTime = System.nanoTime();
            try {
                final String bindDN;
                if (bindOnly) {
                    bindDN = baseDN.nextValue();
                } else {
                    final SearchResult r = searchConnection.search(searchRequest);
                    switch(r.getEntryCount()) {
                        case 0:
                            errorCounter.incrementAndGet();
                            rcCounter.increment(ResultCode.NO_RESULTS_RETURNED);
                            resultCode.compareAndSet(null, ResultCode.NO_RESULTS_RETURNED);
                            continue;
                        case 1:
                            // This is acceptable, and we can continue processing.
                            bindDN = r.getSearchEntries().get(0).getDN();
                            break;
                        default:
                            errorCounter.incrementAndGet();
                            rcCounter.increment(ResultCode.MORE_RESULTS_TO_RETURN);
                            resultCode.compareAndSet(null, ResultCode.MORE_RESULTS_TO_RETURN);
                            continue;
                    }
                }
                BindRequest bindRequest = null;
                switch(authType) {
                    case AUTH_TYPE_SIMPLE:
                        bindRequest = new SimpleBindRequest(bindDN, userPassword, bindControls);
                        break;
                    case AUTH_TYPE_CRAM_MD5:
                        bindRequest = new CRAMMD5BindRequest("dn:" + bindDN, userPassword, bindControls);
                        break;
                    case AUTH_TYPE_DIGEST_MD5:
                        bindRequest = new DIGESTMD5BindRequest("dn:" + bindDN, null, userPassword, null, bindControls);
                        break;
                    case AUTH_TYPE_PLAIN:
                        bindRequest = new PLAINBindRequest("dn:" + bindDN, userPassword, bindControls);
                        break;
                }
                bindConnection.bind(bindRequest);
            } catch (final LDAPException le) {
                Debug.debugException(le);
                errorCounter.incrementAndGet();
                final ResultCode rc = le.getResultCode();
                rcCounter.increment(rc);
                resultCode.compareAndSet(null, rc);
                if (!le.getResultCode().isConnectionUsable()) {
                    searchConnection.close();
                    searchConnection = null;
                    bindConnection.close();
                    bindConnection = null;
                }
            } finally {
                authCounter.incrementAndGet();
                authDurations.addAndGet(System.nanoTime() - startTime);
            }
        }
    } finally {
        if (searchConnection != null) {
            searchConnection.close();
        }
        if (bindConnection != null) {
            bindConnection.close();
        }
        authThread.set(null);
        runningThreads.decrementAndGet();
    }
}
Also used : SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) LDAPException(com.unboundid.ldap.sdk.LDAPException) BindRequest(com.unboundid.ldap.sdk.BindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) DIGESTMD5BindRequest(com.unboundid.ldap.sdk.DIGESTMD5BindRequest) CRAMMD5BindRequest(com.unboundid.ldap.sdk.CRAMMD5BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) DIGESTMD5BindRequest(com.unboundid.ldap.sdk.DIGESTMD5BindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) SearchResult(com.unboundid.ldap.sdk.SearchResult) CRAMMD5BindRequest(com.unboundid.ldap.sdk.CRAMMD5BindRequest) LDAPException(com.unboundid.ldap.sdk.LDAPException) ResultCode(com.unboundid.ldap.sdk.ResultCode)

Example 22 with PLAINBindRequest

use of com.unboundid.ldap.sdk.PLAINBindRequest in project ssam by pingidentity.

the class LDAPAuthenticationProvider method authenticate.

/**
 * {@inheritDoc}
 */
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String searchBindFilter = settings.getSearchBindFilter();
    User userDetails = null;
    BindRequest request = null;
    // Get the username and password, making sure they're not empty
    String username = authentication.getName();
    String password = (String) authentication.getCredentials();
    if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
        throw new BadCredentialsException("Username and password must be provided");
    }
    // If a filter is available, perform 'Search and Bind'
    if (StringUtils.isNotEmpty(searchBindFilter)) {
        Entry entry;
        String filter = searchBindFilter.replace("$0", username);
        try {
            entry = pool.searchForEntry(settings.getBaseDN(), SearchScope.SUB, Filter.create(filter));
            if (entry == null) {
                throw new BadCredentialsException("Invalid credentials for user: " + username);
            }
        } catch (LDAPSearchException e) {
            throw new BadCredentialsException("An exception occurred while searching" + " for user: " + username, e);
        } catch (LDAPException e) {
            throw new BadCredentialsException("The filter string cannot be decoded " + "as a valid search filter for user: " + username, e);
        }
        // Obtain the bind DN and try to bind, retaining the identity of the
        // pooled connection
        request = new SimpleBindRequest(entry.getDN(), password, new RetainIdentityRequestControl());
        userDetails = new LDAPUser(entry.getDN(), username, password, EMPTY_AUTHORITIES);
    } else {
        // Construct a SASL PLAIN Bind Request since no filter is available for
        // 'Search and Bind'
        request = new PLAINBindRequest("u:" + username, password, new GetAuthorizationEntryRequestControl(false, true, "1.1"), new RetainIdentityRequestControl());
    }
    try {
        BindResult result = pool.bind(request);
        // Use a Response Control to obtain a DN for the authentication token
        if (request instanceof PLAINBindRequest) {
            GetAuthorizationEntryResponseControl responseControl = GetAuthorizationEntryResponseControl.get(result);
            if (responseControl == null) {
                // No entry returned, User will be used for the authentication token
                userDetails = new User(username, password, EMPTY_AUTHORITIES);
            } else {
                // Entry returned, LDAPUser will be used for the authentication token
                userDetails = new LDAPUser(responseControl.getAuthZEntry().getDN(), username, password, EMPTY_AUTHORITIES);
            }
        }
    } catch (LDAPException e) {
        throw new BadCredentialsException("Invalid credentials for user:  " + username, e);
    }
    // Construct the authentication token and return it
    return new UsernamePasswordAuthenticationToken(userDetails, password, EMPTY_AUTHORITIES);
}
Also used : User(org.springframework.security.core.userdetails.User) BindRequest(com.unboundid.ldap.sdk.BindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) Entry(com.unboundid.ldap.sdk.Entry) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) GetAuthorizationEntryResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl) LDAPException(com.unboundid.ldap.sdk.LDAPException) LDAPSearchException(com.unboundid.ldap.sdk.LDAPSearchException) BindResult(com.unboundid.ldap.sdk.BindResult) RetainIdentityRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RetainIdentityRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl)

Aggregations

PLAINBindRequest (com.unboundid.ldap.sdk.PLAINBindRequest)22 Test (org.testng.annotations.Test)18 SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)12 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)11 LDAPException (com.unboundid.ldap.sdk.LDAPException)8 BindRequest (com.unboundid.ldap.sdk.BindRequest)7 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)6 BindResult (com.unboundid.ldap.sdk.BindResult)6 CRAMMD5BindRequest (com.unboundid.ldap.sdk.CRAMMD5BindRequest)5 DN (com.unboundid.ldap.sdk.DN)5 DIGESTMD5BindRequest (com.unboundid.ldap.sdk.DIGESTMD5BindRequest)4 AuthorizationIdentityRequestControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)4 Control (com.unboundid.ldap.sdk.Control)3 EXTERNALBindRequest (com.unboundid.ldap.sdk.EXTERNALBindRequest)3 ModifyRequest (com.unboundid.ldap.sdk.ModifyRequest)3 ResultCode (com.unboundid.ldap.sdk.ResultCode)3 AuthorizationIdentityResponseControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)3 WhoAmIExtendedRequest (com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)3 InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)2 BindResponseProtocolOp (com.unboundid.ldap.protocol.BindResponseProtocolOp)2