Example 21 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class AuthRateThread method run.
/**
* Performs all search processing for this thread.
*/
@Override()
public void run() {
try {
authThread.set(currentThread());
runningThreads.incrementAndGet();
try {
startBarrier.await();
} catch (final Exception e) {
Debug.debugException(e);
}
while (!stopRequested.get()) {
if (searchConnection == null) {
try {
searchConnection = authRate.getConnection();
} catch (final LDAPException le) {
Debug.debugException(le);
errorCounter.incrementAndGet();
final ResultCode rc = le.getResultCode();
rcCounter.increment(rc);
resultCode.compareAndSet(null, rc);
if (fixedRateBarrier != null) {
fixedRateBarrier.await();
}
continue;
}
}
if (bindConnection == null) {
try {
bindConnection = authRate.getConnection();
} catch (final LDAPException le) {
Debug.debugException(le);
errorCounter.incrementAndGet();
final ResultCode rc = le.getResultCode();
rcCounter.increment(rc);
resultCode.compareAndSet(null, rc);
if (fixedRateBarrier != null) {
fixedRateBarrier.await();
}
continue;
}
}
if (!bindOnly) {
try {
searchRequest.setBaseDN(baseDN.nextValue());
searchRequest.setFilter(filter.nextValue());
} catch (final LDAPException le) {
Debug.debugException(le);
errorCounter.incrementAndGet();
final ResultCode rc = le.getResultCode();
rcCounter.increment(rc);
resultCode.compareAndSet(null, rc);
continue;
}
}
// wait until starting the next authorization.
if (fixedRateBarrier != null) {
fixedRateBarrier.await();
}
final long startTime = System.nanoTime();
try {
final String bindDN;
if (bindOnly) {
bindDN = baseDN.nextValue();
} else {
final SearchResult r = searchConnection.search(searchRequest);
switch(r.getEntryCount()) {
case 0:
errorCounter.incrementAndGet();
rcCounter.increment(ResultCode.NO_RESULTS_RETURNED);
resultCode.compareAndSet(null, ResultCode.NO_RESULTS_RETURNED);
continue;
case 1:
// This is acceptable, and we can continue processing.
bindDN = r.getSearchEntries().get(0).getDN();
break;
default:
errorCounter.incrementAndGet();
rcCounter.increment(ResultCode.MORE_RESULTS_TO_RETURN);
resultCode.compareAndSet(null, ResultCode.MORE_RESULTS_TO_RETURN);
continue;
}
}
BindRequest bindRequest = null;
switch(authType) {
case AUTH_TYPE_SIMPLE:
bindRequest = new SimpleBindRequest(bindDN, userPassword, bindControls);
break;
case AUTH_TYPE_CRAM_MD5:
bindRequest = new CRAMMD5BindRequest("dn:" + bindDN, userPassword, bindControls);
break;
case AUTH_TYPE_DIGEST_MD5:
bindRequest = new DIGESTMD5BindRequest("dn:" + bindDN, null, userPassword, null, bindControls);
break;
case AUTH_TYPE_PLAIN:
bindRequest = new PLAINBindRequest("dn:" + bindDN, userPassword, bindControls);
break;
}
bindConnection.bind(bindRequest);
} catch (final LDAPException le) {
Debug.debugException(le);
errorCounter.incrementAndGet();
final ResultCode rc = le.getResultCode();
rcCounter.increment(rc);
resultCode.compareAndSet(null, rc);
if (!le.getResultCode().isConnectionUsable()) {
searchConnection.close();
searchConnection = null;
bindConnection.close();
bindConnection = null;
}
} finally {
authCounter.incrementAndGet();
authDurations.addAndGet(System.nanoTime() - startTime);
}
}
} finally {
if (searchConnection != null) {
searchConnection.close();
}
if (bindConnection != null) {
bindConnection.close();
}
authThread.set(null);
runningThreads.decrementAndGet();
}
}
Also used :
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
BindRequest(com.unboundid.ldap.sdk.BindRequest)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
DIGESTMD5BindRequest(com.unboundid.ldap.sdk.DIGESTMD5BindRequest)
CRAMMD5BindRequest(com.unboundid.ldap.sdk.CRAMMD5BindRequest)
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
DIGESTMD5BindRequest(com.unboundid.ldap.sdk.DIGESTMD5BindRequest)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
SearchResult(com.unboundid.ldap.sdk.SearchResult)
CRAMMD5BindRequest(com.unboundid.ldap.sdk.CRAMMD5BindRequest)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
ResultCode(com.unboundid.ldap.sdk.ResultCode)
Example 22 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ssam by pingidentity.
the class LDAPAuthenticationProvider method authenticate.
/**
* {@inheritDoc}
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String searchBindFilter = settings.getSearchBindFilter();
User userDetails = null;
BindRequest request = null;
// Get the username and password, making sure they're not empty
String username = authentication.getName();
String password = (String) authentication.getCredentials();
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
throw new BadCredentialsException("Username and password must be provided");
}
// If a filter is available, perform 'Search and Bind'
if (StringUtils.isNotEmpty(searchBindFilter)) {
Entry entry;
String filter = searchBindFilter.replace("$0", username);
try {
entry = pool.searchForEntry(settings.getBaseDN(), SearchScope.SUB, Filter.create(filter));
if (entry == null) {
throw new BadCredentialsException("Invalid credentials for user: " + username);
}
} catch (LDAPSearchException e) {
throw new BadCredentialsException("An exception occurred while searching" + " for user: " + username, e);
} catch (LDAPException e) {
throw new BadCredentialsException("The filter string cannot be decoded " + "as a valid search filter for user: " + username, e);
}
// Obtain the bind DN and try to bind, retaining the identity of the
// pooled connection
request = new SimpleBindRequest(entry.getDN(), password, new RetainIdentityRequestControl());
userDetails = new LDAPUser(entry.getDN(), username, password, EMPTY_AUTHORITIES);
} else {
// Construct a SASL PLAIN Bind Request since no filter is available for
// 'Search and Bind'
request = new PLAINBindRequest("u:" + username, password, new GetAuthorizationEntryRequestControl(false, true, "1.1"), new RetainIdentityRequestControl());
}
try {
BindResult result = pool.bind(request);
// Use a Response Control to obtain a DN for the authentication token
if (request instanceof PLAINBindRequest) {
GetAuthorizationEntryResponseControl responseControl = GetAuthorizationEntryResponseControl.get(result);
if (responseControl == null) {
// No entry returned, User will be used for the authentication token
userDetails = new User(username, password, EMPTY_AUTHORITIES);
} else {
// Entry returned, LDAPUser will be used for the authentication token
userDetails = new LDAPUser(responseControl.getAuthZEntry().getDN(), username, password, EMPTY_AUTHORITIES);
}
}
} catch (LDAPException e) {
throw new BadCredentialsException("Invalid credentials for user: " + username, e);
}
// Construct the authentication token and return it
return new UsernamePasswordAuthenticationToken(userDetails, password, EMPTY_AUTHORITIES);
}
Also used :
User(org.springframework.security.core.userdetails.User)
BindRequest(com.unboundid.ldap.sdk.BindRequest)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Entry(com.unboundid.ldap.sdk.Entry)
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
GetAuthorizationEntryResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
LDAPSearchException(com.unboundid.ldap.sdk.LDAPSearchException)
BindResult(com.unboundid.ldap.sdk.BindResult)
RetainIdentityRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RetainIdentityRequestControl)
GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl)
Aggregations
PLAINBindRequest (com.unboundid.ldap.sdk.PLAINBindRequest)22
Test (org.testng.annotations.Test)18
SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)12
LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)11
LDAPException (com.unboundid.ldap.sdk.LDAPException)8
BindRequest (com.unboundid.ldap.sdk.BindRequest)7
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)6
BindResult (com.unboundid.ldap.sdk.BindResult)6
CRAMMD5BindRequest (com.unboundid.ldap.sdk.CRAMMD5BindRequest)5
DN (com.unboundid.ldap.sdk.DN)5
DIGESTMD5BindRequest (com.unboundid.ldap.sdk.DIGESTMD5BindRequest)4
AuthorizationIdentityRequestControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)4
Control (com.unboundid.ldap.sdk.Control)3
EXTERNALBindRequest (com.unboundid.ldap.sdk.EXTERNALBindRequest)3
ModifyRequest (com.unboundid.ldap.sdk.ModifyRequest)3
ResultCode (com.unboundid.ldap.sdk.ResultCode)3
AuthorizationIdentityResponseControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)3
WhoAmIExtendedRequest (com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)3
InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)2
BindResponseProtocolOp (com.unboundid.ldap.protocol.BindResponseProtocolOp)2
