use of javax.naming.AuthenticationNotSupportedException in project directory-ldap-api by apache.
the class WrappedPartialResultException method wrap.
/**
* Wraps a LDAP exception into a NaingException
*
* @param t The original exception
* @throws NamingException The wrapping JNDI exception
*/
public static void wrap(Throwable t) throws NamingException {
if (t instanceof NamingException) {
throw (NamingException) t;
}
NamingException ne;
if ((t instanceof LdapAffectMultipleDsaException) || (t instanceof LdapAliasDereferencingException) || (t instanceof LdapLoopDetectedException) || (t instanceof LdapAliasException) || (t instanceof LdapOperationErrorException) || (t instanceof LdapOtherException)) {
ne = new NamingException(t.getLocalizedMessage());
} else if (t instanceof LdapAttributeInUseException) {
ne = new AttributeInUseException(t.getLocalizedMessage());
} else if (t instanceof LdapAuthenticationException) {
ne = new AuthenticationException(t.getLocalizedMessage());
} else if (t instanceof LdapAuthenticationNotSupportedException) {
ne = new AuthenticationNotSupportedException(t.getLocalizedMessage());
} else if (t instanceof LdapContextNotEmptyException) {
ne = new ContextNotEmptyException(t.getLocalizedMessage());
} else if (t instanceof LdapEntryAlreadyExistsException) {
ne = new NameAlreadyBoundException(t.getLocalizedMessage());
} else if (t instanceof LdapInvalidAttributeTypeException) {
ne = new InvalidAttributeIdentifierException(t.getLocalizedMessage());
} else if (t instanceof LdapInvalidAttributeValueException) {
ne = new InvalidAttributeValueException(t.getLocalizedMessage());
} else if (t instanceof LdapInvalidDnException) {
ne = new InvalidNameException(t.getLocalizedMessage());
} else if (t instanceof LdapInvalidSearchFilterException) {
ne = new InvalidSearchFilterException(t.getLocalizedMessage());
} else if (t instanceof LdapNoPermissionException) {
ne = new NoPermissionException(t.getLocalizedMessage());
} else if (t instanceof LdapNoSuchAttributeException) {
ne = new NoSuchAttributeException(t.getLocalizedMessage());
} else if (t instanceof LdapNoSuchObjectException) {
ne = new NameNotFoundException(t.getLocalizedMessage());
} else if (t instanceof LdapProtocolErrorException) {
ne = new CommunicationException(t.getLocalizedMessage());
} else if (t instanceof LdapReferralException) {
ne = new WrappedReferralException((LdapReferralException) t);
} else if (t instanceof LdapPartialResultException) {
ne = new WrappedPartialResultException((LdapPartialResultException) t);
} else if (t instanceof LdapSchemaViolationException) {
ne = new SchemaViolationException(t.getLocalizedMessage());
} else if (t instanceof LdapServiceUnavailableException) {
ne = new ServiceUnavailableException(t.getLocalizedMessage());
} else if (t instanceof LdapTimeLimitExceededException) {
ne = new TimeLimitExceededException(t.getLocalizedMessage());
} else if (t instanceof LdapUnwillingToPerformException) {
ne = new OperationNotSupportedException(t.getLocalizedMessage());
} else {
ne = new NamingException(t.getLocalizedMessage());
}
ne.setRootCause(t);
throw ne;
}
use of javax.naming.AuthenticationNotSupportedException in project goodies by sonatype.
the class LdapServerTest method assertLoginFailure.
private void assertLoginFailure(String... mechanisms) throws NamingException {
for (String mechanism : mechanisms) {
try {
login(mechanism);
Assert.fail();
} catch (AuthenticationException expected) {
// oddly, apacheds throws auth exception for unsupported simple auth
} catch (AuthenticationNotSupportedException expected) {
}
}
}
use of javax.naming.AuthenticationNotSupportedException in project jdk8u_jdk by JetBrains.
the class LdapSasl method saslBind.
/**
* Performs SASL bind.
* Creates a SaslClient by using a default CallbackHandler
* that uses the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS
* properties to satisfy the callbacks, and by using the
* SASL_AUTHZ_ID property as the authorization id. If the SASL_AUTHZ_ID
* property has not been set, Context.SECURITY_PRINCIPAL is used.
* If SASL_CALLBACK has been set, use that instead of the default
* CallbackHandler.
*<p>
* If bind is successful and the selected SASL mechanism has a security
* layer, set inStream and outStream to be filter streams that use
* the security layer. These will be used for subsequent communication
* with the server.
*<p>
* @param conn The non-null connection to use for sending an LDAP BIND
* @param server Non-null string name of host to connect to
* @param dn Non-null DN to bind as; also used as authentication ID
* @param pw Possibly null password; can be byte[], char[] or String
* @param authMech A non-null space-separated list of SASL authentication
* mechanisms.
* @param env The possibly null environment of the context, possibly containing
* properties for used by SASL mechanisms
* @param bindCtls The possibly null controls to accompany the bind
* @return LdapResult containing status of the bind
*/
@SuppressWarnings("unchecked")
public static LdapResult saslBind(LdapClient clnt, Connection conn, String server, String dn, Object pw, String authMech, Hashtable<?, ?> env, Control[] bindCtls) throws IOException, NamingException {
SaslClient saslClnt = null;
boolean cleanupHandler = false;
// Use supplied callback handler or create default
CallbackHandler cbh = (env != null) ? (CallbackHandler) env.get(SASL_CALLBACK) : null;
if (cbh == null) {
cbh = new DefaultCallbackHandler(dn, pw, (String) env.get(SASL_REALM));
cleanupHandler = true;
}
// Prepare parameters for creating SASL client
String authzId = (env != null) ? (String) env.get(SASL_AUTHZ_ID) : null;
String[] mechs = getSaslMechanismNames(authMech);
try {
// Create SASL client to use using SASL package
saslClnt = Sasl.createSaslClient(mechs, authzId, "ldap", server, (Hashtable<String, ?>) env, cbh);
if (saslClnt == null) {
throw new AuthenticationNotSupportedException(authMech);
}
LdapResult res;
String mechName = saslClnt.getMechanismName();
byte[] response = saslClnt.hasInitialResponse() ? saslClnt.evaluateChallenge(NO_BYTES) : null;
res = clnt.ldapBind(null, response, bindCtls, mechName, true);
while (!saslClnt.isComplete() && (res.status == LDAP_SASL_BIND_IN_PROGRESS || res.status == LDAP_SUCCESS)) {
response = saslClnt.evaluateChallenge(res.serverCreds != null ? res.serverCreds : NO_BYTES);
if (res.status == LDAP_SUCCESS) {
if (response != null) {
throw new AuthenticationException("SASL client generated response after success");
}
break;
}
res = clnt.ldapBind(null, response, bindCtls, mechName, true);
}
if (res.status == LDAP_SUCCESS) {
if (!saslClnt.isComplete()) {
throw new AuthenticationException("SASL authentication not complete despite server claims");
}
String qop = (String) saslClnt.getNegotiatedProperty(Sasl.QOP);
// If negotiated integrity or privacy,
if (qop != null && (qop.equalsIgnoreCase("auth-int") || qop.equalsIgnoreCase("auth-conf"))) {
InputStream newIn = new SaslInputStream(saslClnt, conn.inStream);
OutputStream newOut = new SaslOutputStream(saslClnt, conn.outStream);
conn.replaceStreams(newIn, newOut);
} else {
saslClnt.dispose();
}
}
return res;
} catch (SaslException e) {
NamingException ne = new AuthenticationException(authMech);
ne.setRootCause(e);
throw ne;
} finally {
if (cleanupHandler) {
((DefaultCallbackHandler) cbh).clearPassword();
}
}
}
use of javax.naming.AuthenticationNotSupportedException in project Payara by payara.
the class LDAPAdminAccessConfigurator method pingLDAP.
private boolean pingLDAP(StringBuilder sb) {
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
if (url != null && url.startsWith(LDAPS_URL)) {
env.put(LDAP_SOCKET_FACTORY, DEFAULT_SSL_LDAP_SOCKET_FACTORY);
}
try {
new InitialContext(env);
appendNL(sb, lsm.getString("ldap.ok", url));
return true;
} catch (AuthenticationNotSupportedException anse) {
// CR 6944776
// If the server throws this error, it is up
// and is configured with Anonymous bind disabled.
// Ignore this error while configuring ldap for admin
appendNL(sb, lsm.getString("ldap.ok", url));
return true;
} catch (Exception e) {
appendNL(sb, lsm.getString("ldap.na", url, e.getClass().getName(), e.getMessage()));
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, StringUtils.getStackTrace(e));
}
return false;
}
}
use of javax.naming.AuthenticationNotSupportedException in project athenz by yahoo.
the class LDAPAuthorityTest method testLDAPAuthorityConnection.
@Test
public void testLDAPAuthorityConnection() throws NamingException {
setProperties();
ldapAuthority = new LDAPAuthority();
ldapAuthority.initialize();
errMsg = new StringBuilder();
// naming exception
principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6dGVzdHB3ZA==", "", "", errMsg);
assertNull(principal);
// authentication exception - wrong username password combination
errMsg = new StringBuilder();
ldapAuthority = mock(LDAPAuthority.class);
doCallRealMethod().when(ldapAuthority).initialize();
ldapAuthority.initialize();
when(ldapAuthority.getDirContext("cn=testuser,dc=example,dc=com", "wrongpwd")).thenThrow(new AuthenticationException());
when(ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg)).thenCallRealMethod();
principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg);
assertNull(principal);
// authentication not supported exception
errMsg = new StringBuilder();
ldapAuthority = mock(LDAPAuthority.class);
doCallRealMethod().when(ldapAuthority).initialize();
ldapAuthority.initialize();
when(ldapAuthority.getDirContext("cn=testuser,dc=example,dc=com", "wrongpwd")).thenThrow(new AuthenticationNotSupportedException());
when(ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg)).thenCallRealMethod();
principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg);
assertNull(principal);
// success case
errMsg = new StringBuilder();
ldapAuthority = mock(LDAPAuthority.class);
doCallRealMethod().when(ldapAuthority).initialize();
doCallRealMethod().when(ldapAuthority).getDomain();
doCallRealMethod().when(ldapAuthority).getSimplePrincipal("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "testuser");
ldapAuthority.initialize();
when(ldapAuthority.getDirContext("cn=testuser,dc=example,dc=com", "wrongpwd")).thenReturn(new InitialDirContext());
when(ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg)).thenCallRealMethod();
when(ldapAuthority.authenticate("Basic dGVzdHVzZXIK", "", "", errMsg)).thenCallRealMethod();
principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg);
assertNotNull(principal);
assertEquals(principal.getName(), "testuser");
assertEquals(principal.getDomain(), "user");
assertEquals(principal.getCredentials(), "Basic dGVzdHVzZXI6d3Jvbmdwd2Q=");
assertEquals(principal.getUnsignedCredentials(), "testuser");
// pass credentials without password component
principal = ldapAuthority.authenticate("Basic dGVzdHVzZXIK", "", "", errMsg);
assertNull(principal);
// null principal s returned from function
System.setProperty(baseDNProp, "dc=example,dc=com");
System.setProperty(portNumberProp, "389");
errMsg = new StringBuilder();
ldapAuthority = mock(LDAPAuthority.class);
doCallRealMethod().when(ldapAuthority).initialize();
doCallRealMethod().when(ldapAuthority).getDomain();
when(ldapAuthority.getSimplePrincipal("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "testuser")).thenReturn(null);
ldapAuthority.initialize();
when(ldapAuthority.getDirContext("cn=testuser,dc=example,dc=com", "wrongpwd")).thenReturn(new InitialDirContext());
when(ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg)).thenCallRealMethod();
principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg);
assertNull(principal);
resetProperties();
}
Aggregations