Examples with RetainIdentityRequestControl com.unboundid.ldap.sdk.unboundidds.controls.RetainIdentityRequestControl used on opensource projects

Example 1 with RetainIdentityRequestControl

use of com.unboundid.ldap.sdk.unboundidds.controls.RetainIdentityRequestControl in project ssam by pingidentity.

the class LDAPAuthenticationProvider method authenticate.

/**
 * {@inheritDoc}
 */
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String searchBindFilter = settings.getSearchBindFilter();
    User userDetails = null;
    BindRequest request = null;
    // Get the username and password, making sure they're not empty
    String username = authentication.getName();
    String password = (String) authentication.getCredentials();
    if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
        throw new BadCredentialsException("Username and password must be provided");
    }
    // If a filter is available, perform 'Search and Bind'
    if (StringUtils.isNotEmpty(searchBindFilter)) {
        Entry entry;
        String filter = searchBindFilter.replace("$0", username);
        try {
            entry = pool.searchForEntry(settings.getBaseDN(), SearchScope.SUB, Filter.create(filter));
            if (entry == null) {
                throw new BadCredentialsException("Invalid credentials for user: " + username);
            }
        } catch (LDAPSearchException e) {
            throw new BadCredentialsException("An exception occurred while searching" + " for user: " + username, e);
        } catch (LDAPException e) {
            throw new BadCredentialsException("The filter string cannot be decoded " + "as a valid search filter for user: " + username, e);
        }
        // Obtain the bind DN and try to bind, retaining the identity of the
        // pooled connection
        request = new SimpleBindRequest(entry.getDN(), password, new RetainIdentityRequestControl());
        userDetails = new LDAPUser(entry.getDN(), username, password, EMPTY_AUTHORITIES);
    } else {
        // Construct a SASL PLAIN Bind Request since no filter is available for
        // 'Search and Bind'
        request = new PLAINBindRequest("u:" + username, password, new GetAuthorizationEntryRequestControl(false, true, "1.1"), new RetainIdentityRequestControl());
    }
    try {
        BindResult result = pool.bind(request);
        // Use a Response Control to obtain a DN for the authentication token
        if (request instanceof PLAINBindRequest) {
            GetAuthorizationEntryResponseControl responseControl = GetAuthorizationEntryResponseControl.get(result);
            if (responseControl == null) {
                // No entry returned, User will be used for the authentication token
                userDetails = new User(username, password, EMPTY_AUTHORITIES);
            } else {
                // Entry returned, LDAPUser will be used for the authentication token
                userDetails = new LDAPUser(responseControl.getAuthZEntry().getDN(), username, password, EMPTY_AUTHORITIES);
            }
        }
    } catch (LDAPException e) {
        throw new BadCredentialsException("Invalid credentials for user:  " + username, e);
    }
    // Construct the authentication token and return it
    return new UsernamePasswordAuthenticationToken(userDetails, password, EMPTY_AUTHORITIES);
}