Search in sources :

Example 1 with AuthenticationNotSupportedException

use of javax.naming.AuthenticationNotSupportedException in project directory-ldap-api by apache.

the class WrappedPartialResultException method wrap.

/**
 * Wraps a LDAP exception into a NaingException
 *
 * @param t The original exception
 * @throws NamingException The wrapping JNDI exception
 */
public static void wrap(Throwable t) throws NamingException {
    if (t instanceof NamingException) {
        throw (NamingException) t;
    }
    NamingException ne;
    if ((t instanceof LdapAffectMultipleDsaException) || (t instanceof LdapAliasDereferencingException) || (t instanceof LdapLoopDetectedException) || (t instanceof LdapAliasException) || (t instanceof LdapOperationErrorException) || (t instanceof LdapOtherException)) {
        ne = new NamingException(t.getLocalizedMessage());
    } else if (t instanceof LdapAttributeInUseException) {
        ne = new AttributeInUseException(t.getLocalizedMessage());
    } else if (t instanceof LdapAuthenticationException) {
        ne = new AuthenticationException(t.getLocalizedMessage());
    } else if (t instanceof LdapAuthenticationNotSupportedException) {
        ne = new AuthenticationNotSupportedException(t.getLocalizedMessage());
    } else if (t instanceof LdapContextNotEmptyException) {
        ne = new ContextNotEmptyException(t.getLocalizedMessage());
    } else if (t instanceof LdapEntryAlreadyExistsException) {
        ne = new NameAlreadyBoundException(t.getLocalizedMessage());
    } else if (t instanceof LdapInvalidAttributeTypeException) {
        ne = new InvalidAttributeIdentifierException(t.getLocalizedMessage());
    } else if (t instanceof LdapInvalidAttributeValueException) {
        ne = new InvalidAttributeValueException(t.getLocalizedMessage());
    } else if (t instanceof LdapInvalidDnException) {
        ne = new InvalidNameException(t.getLocalizedMessage());
    } else if (t instanceof LdapInvalidSearchFilterException) {
        ne = new InvalidSearchFilterException(t.getLocalizedMessage());
    } else if (t instanceof LdapNoPermissionException) {
        ne = new NoPermissionException(t.getLocalizedMessage());
    } else if (t instanceof LdapNoSuchAttributeException) {
        ne = new NoSuchAttributeException(t.getLocalizedMessage());
    } else if (t instanceof LdapNoSuchObjectException) {
        ne = new NameNotFoundException(t.getLocalizedMessage());
    } else if (t instanceof LdapProtocolErrorException) {
        ne = new CommunicationException(t.getLocalizedMessage());
    } else if (t instanceof LdapReferralException) {
        ne = new WrappedReferralException((LdapReferralException) t);
    } else if (t instanceof LdapPartialResultException) {
        ne = new WrappedPartialResultException((LdapPartialResultException) t);
    } else if (t instanceof LdapSchemaViolationException) {
        ne = new SchemaViolationException(t.getLocalizedMessage());
    } else if (t instanceof LdapServiceUnavailableException) {
        ne = new ServiceUnavailableException(t.getLocalizedMessage());
    } else if (t instanceof LdapTimeLimitExceededException) {
        ne = new TimeLimitExceededException(t.getLocalizedMessage());
    } else if (t instanceof LdapUnwillingToPerformException) {
        ne = new OperationNotSupportedException(t.getLocalizedMessage());
    } else {
        ne = new NamingException(t.getLocalizedMessage());
    }
    ne.setRootCause(t);
    throw ne;
}
Also used : LdapEntryAlreadyExistsException(org.apache.directory.api.ldap.model.exception.LdapEntryAlreadyExistsException) LdapOperationErrorException(org.apache.directory.api.ldap.model.exception.LdapOperationErrorException) LdapAttributeInUseException(org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException) AuthenticationException(javax.naming.AuthenticationException) LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException) LdapAuthenticationNotSupportedException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationNotSupportedException) AuthenticationNotSupportedException(javax.naming.AuthenticationNotSupportedException) LdapServiceUnavailableException(org.apache.directory.api.ldap.model.exception.LdapServiceUnavailableException) LdapInvalidAttributeTypeException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeTypeException) LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException) LdapServiceUnavailableException(org.apache.directory.api.ldap.model.exception.LdapServiceUnavailableException) ServiceUnavailableException(javax.naming.ServiceUnavailableException) LdapTimeLimitExceededException(org.apache.directory.api.ldap.model.exception.LdapTimeLimitExceededException) LdapAliasException(org.apache.directory.api.ldap.model.exception.LdapAliasException) LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException) LdapPartialResultException(org.apache.directory.api.ldap.model.exception.LdapPartialResultException) LdapSchemaViolationException(org.apache.directory.api.ldap.model.exception.LdapSchemaViolationException) LdapAuthenticationNotSupportedException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationNotSupportedException) NameAlreadyBoundException(javax.naming.NameAlreadyBoundException) LdapLoopDetectedException(org.apache.directory.api.ldap.model.exception.LdapLoopDetectedException) InvalidNameException(javax.naming.InvalidNameException) LdapProtocolErrorException(org.apache.directory.api.ldap.model.exception.LdapProtocolErrorException) LdapReferralException(org.apache.directory.api.ldap.model.exception.LdapReferralException) NamingException(javax.naming.NamingException) SchemaViolationException(javax.naming.directory.SchemaViolationException) LdapSchemaViolationException(org.apache.directory.api.ldap.model.exception.LdapSchemaViolationException) LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException) LdapOtherException(org.apache.directory.api.ldap.model.exception.LdapOtherException) LdapInvalidDnException(org.apache.directory.api.ldap.model.exception.LdapInvalidDnException) OperationNotSupportedException(javax.naming.OperationNotSupportedException) LdapAliasDereferencingException(org.apache.directory.api.ldap.model.exception.LdapAliasDereferencingException) InvalidAttributeIdentifierException(javax.naming.directory.InvalidAttributeIdentifierException) CommunicationException(javax.naming.CommunicationException) InvalidSearchFilterException(javax.naming.directory.InvalidSearchFilterException) LdapInvalidSearchFilterException(org.apache.directory.api.ldap.model.exception.LdapInvalidSearchFilterException) NameNotFoundException(javax.naming.NameNotFoundException) LdapUnwillingToPerformException(org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException) LdapAffectMultipleDsaException(org.apache.directory.api.ldap.model.exception.LdapAffectMultipleDsaException) LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException) InvalidAttributeValueException(javax.naming.directory.InvalidAttributeValueException) LdapContextNotEmptyException(org.apache.directory.api.ldap.model.exception.LdapContextNotEmptyException) NoSuchAttributeException(javax.naming.directory.NoSuchAttributeException) LdapNoSuchAttributeException(org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException) LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException) ContextNotEmptyException(javax.naming.ContextNotEmptyException) LdapContextNotEmptyException(org.apache.directory.api.ldap.model.exception.LdapContextNotEmptyException) NoPermissionException(javax.naming.NoPermissionException) LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException) LdapTimeLimitExceededException(org.apache.directory.api.ldap.model.exception.LdapTimeLimitExceededException) TimeLimitExceededException(javax.naming.TimeLimitExceededException) AttributeInUseException(javax.naming.directory.AttributeInUseException) LdapAttributeInUseException(org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException) LdapInvalidSearchFilterException(org.apache.directory.api.ldap.model.exception.LdapInvalidSearchFilterException) LdapNoSuchAttributeException(org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException)

Example 2 with AuthenticationNotSupportedException

use of javax.naming.AuthenticationNotSupportedException in project goodies by sonatype.

the class LdapServerTest method assertLoginFailure.

private void assertLoginFailure(String... mechanisms) throws NamingException {
    for (String mechanism : mechanisms) {
        try {
            login(mechanism);
            Assert.fail();
        } catch (AuthenticationException expected) {
        // oddly, apacheds throws auth exception for unsupported simple auth
        } catch (AuthenticationNotSupportedException expected) {
        }
    }
}
Also used : AuthenticationException(javax.naming.AuthenticationException) AuthenticationNotSupportedException(javax.naming.AuthenticationNotSupportedException) Matchers.containsString(org.hamcrest.Matchers.containsString)

Example 3 with AuthenticationNotSupportedException

use of javax.naming.AuthenticationNotSupportedException in project jdk8u_jdk by JetBrains.

the class LdapSasl method saslBind.

/**
     * Performs SASL bind.
     * Creates a SaslClient by using a default CallbackHandler
     * that uses the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS
     * properties to satisfy the callbacks, and by using the
     * SASL_AUTHZ_ID property as the authorization id. If the SASL_AUTHZ_ID
     * property has not been set, Context.SECURITY_PRINCIPAL is used.
     * If SASL_CALLBACK has been set, use that instead of the default
     * CallbackHandler.
     *<p>
     * If bind is successful and the selected SASL mechanism has a security
     * layer, set inStream and outStream to be filter streams that use
     * the security layer. These will be used for subsequent communication
     * with the server.
     *<p>
     * @param conn The non-null connection to use for sending an LDAP BIND
     * @param server Non-null string name of host to connect to
     * @param dn Non-null DN to bind as; also used as authentication ID
     * @param pw Possibly null password; can be byte[], char[] or String
     * @param authMech A non-null space-separated list of SASL authentication
     *        mechanisms.
     * @param env The possibly null environment of the context, possibly containing
     *        properties for used by SASL mechanisms
     * @param bindCtls The possibly null controls to accompany the bind
     * @return LdapResult containing status of the bind
     */
@SuppressWarnings("unchecked")
public static LdapResult saslBind(LdapClient clnt, Connection conn, String server, String dn, Object pw, String authMech, Hashtable<?, ?> env, Control[] bindCtls) throws IOException, NamingException {
    SaslClient saslClnt = null;
    boolean cleanupHandler = false;
    // Use supplied callback handler or create default
    CallbackHandler cbh = (env != null) ? (CallbackHandler) env.get(SASL_CALLBACK) : null;
    if (cbh == null) {
        cbh = new DefaultCallbackHandler(dn, pw, (String) env.get(SASL_REALM));
        cleanupHandler = true;
    }
    // Prepare parameters for creating SASL client
    String authzId = (env != null) ? (String) env.get(SASL_AUTHZ_ID) : null;
    String[] mechs = getSaslMechanismNames(authMech);
    try {
        // Create SASL client to use using SASL package
        saslClnt = Sasl.createSaslClient(mechs, authzId, "ldap", server, (Hashtable<String, ?>) env, cbh);
        if (saslClnt == null) {
            throw new AuthenticationNotSupportedException(authMech);
        }
        LdapResult res;
        String mechName = saslClnt.getMechanismName();
        byte[] response = saslClnt.hasInitialResponse() ? saslClnt.evaluateChallenge(NO_BYTES) : null;
        res = clnt.ldapBind(null, response, bindCtls, mechName, true);
        while (!saslClnt.isComplete() && (res.status == LDAP_SASL_BIND_IN_PROGRESS || res.status == LDAP_SUCCESS)) {
            response = saslClnt.evaluateChallenge(res.serverCreds != null ? res.serverCreds : NO_BYTES);
            if (res.status == LDAP_SUCCESS) {
                if (response != null) {
                    throw new AuthenticationException("SASL client generated response after success");
                }
                break;
            }
            res = clnt.ldapBind(null, response, bindCtls, mechName, true);
        }
        if (res.status == LDAP_SUCCESS) {
            if (!saslClnt.isComplete()) {
                throw new AuthenticationException("SASL authentication not complete despite server claims");
            }
            String qop = (String) saslClnt.getNegotiatedProperty(Sasl.QOP);
            // If negotiated integrity or privacy,
            if (qop != null && (qop.equalsIgnoreCase("auth-int") || qop.equalsIgnoreCase("auth-conf"))) {
                InputStream newIn = new SaslInputStream(saslClnt, conn.inStream);
                OutputStream newOut = new SaslOutputStream(saslClnt, conn.outStream);
                conn.replaceStreams(newIn, newOut);
            } else {
                saslClnt.dispose();
            }
        }
        return res;
    } catch (SaslException e) {
        NamingException ne = new AuthenticationException(authMech);
        ne.setRootCause(e);
        throw ne;
    } finally {
        if (cleanupHandler) {
            ((DefaultCallbackHandler) cbh).clearPassword();
        }
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) LdapResult(com.sun.jndi.ldap.LdapResult) AuthenticationNotSupportedException(javax.naming.AuthenticationNotSupportedException) AuthenticationException(javax.naming.AuthenticationException) Hashtable(java.util.Hashtable) NamingException(javax.naming.NamingException)

Example 4 with AuthenticationNotSupportedException

use of javax.naming.AuthenticationNotSupportedException in project Payara by payara.

the class LDAPAdminAccessConfigurator method pingLDAP.

private boolean pingLDAP(StringBuilder sb) {
    Properties env = new Properties();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, url);
    if (url != null && url.startsWith(LDAPS_URL)) {
        env.put(LDAP_SOCKET_FACTORY, DEFAULT_SSL_LDAP_SOCKET_FACTORY);
    }
    try {
        new InitialContext(env);
        appendNL(sb, lsm.getString("ldap.ok", url));
        return true;
    } catch (AuthenticationNotSupportedException anse) {
        // CR 6944776
        // If the server throws this error, it is up
        // and is configured with Anonymous bind disabled.
        // Ignore this error while configuring ldap for admin
        appendNL(sb, lsm.getString("ldap.ok", url));
        return true;
    } catch (Exception e) {
        appendNL(sb, lsm.getString("ldap.na", url, e.getClass().getName(), e.getMessage()));
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, StringUtils.getStackTrace(e));
        }
        return false;
    }
}
Also used : AuthenticationNotSupportedException(javax.naming.AuthenticationNotSupportedException) Properties(java.util.Properties) InitialContext(javax.naming.InitialContext) PropertyVetoException(java.beans.PropertyVetoException) AuthenticationNotSupportedException(javax.naming.AuthenticationNotSupportedException) RetryableException(org.jvnet.hk2.config.RetryableException)

Example 5 with AuthenticationNotSupportedException

use of javax.naming.AuthenticationNotSupportedException in project athenz by yahoo.

the class LDAPAuthorityTest method testLDAPAuthorityConnection.

@Test
public void testLDAPAuthorityConnection() throws NamingException {
    setProperties();
    ldapAuthority = new LDAPAuthority();
    ldapAuthority.initialize();
    errMsg = new StringBuilder();
    // naming exception
    principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6dGVzdHB3ZA==", "", "", errMsg);
    assertNull(principal);
    // authentication exception - wrong username password combination
    errMsg = new StringBuilder();
    ldapAuthority = mock(LDAPAuthority.class);
    doCallRealMethod().when(ldapAuthority).initialize();
    ldapAuthority.initialize();
    when(ldapAuthority.getDirContext("cn=testuser,dc=example,dc=com", "wrongpwd")).thenThrow(new AuthenticationException());
    when(ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg)).thenCallRealMethod();
    principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg);
    assertNull(principal);
    // authentication not supported exception
    errMsg = new StringBuilder();
    ldapAuthority = mock(LDAPAuthority.class);
    doCallRealMethod().when(ldapAuthority).initialize();
    ldapAuthority.initialize();
    when(ldapAuthority.getDirContext("cn=testuser,dc=example,dc=com", "wrongpwd")).thenThrow(new AuthenticationNotSupportedException());
    when(ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg)).thenCallRealMethod();
    principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg);
    assertNull(principal);
    // success case
    errMsg = new StringBuilder();
    ldapAuthority = mock(LDAPAuthority.class);
    doCallRealMethod().when(ldapAuthority).initialize();
    doCallRealMethod().when(ldapAuthority).getDomain();
    doCallRealMethod().when(ldapAuthority).getSimplePrincipal("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "testuser");
    ldapAuthority.initialize();
    when(ldapAuthority.getDirContext("cn=testuser,dc=example,dc=com", "wrongpwd")).thenReturn(new InitialDirContext());
    when(ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg)).thenCallRealMethod();
    when(ldapAuthority.authenticate("Basic dGVzdHVzZXIK", "", "", errMsg)).thenCallRealMethod();
    principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg);
    assertNotNull(principal);
    assertEquals(principal.getName(), "testuser");
    assertEquals(principal.getDomain(), "user");
    assertEquals(principal.getCredentials(), "Basic dGVzdHVzZXI6d3Jvbmdwd2Q=");
    assertEquals(principal.getUnsignedCredentials(), "testuser");
    // pass credentials without password component
    principal = ldapAuthority.authenticate("Basic dGVzdHVzZXIK", "", "", errMsg);
    assertNull(principal);
    // null principal s returned from function
    System.setProperty(baseDNProp, "dc=example,dc=com");
    System.setProperty(portNumberProp, "389");
    errMsg = new StringBuilder();
    ldapAuthority = mock(LDAPAuthority.class);
    doCallRealMethod().when(ldapAuthority).initialize();
    doCallRealMethod().when(ldapAuthority).getDomain();
    when(ldapAuthority.getSimplePrincipal("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "testuser")).thenReturn(null);
    ldapAuthority.initialize();
    when(ldapAuthority.getDirContext("cn=testuser,dc=example,dc=com", "wrongpwd")).thenReturn(new InitialDirContext());
    when(ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg)).thenCallRealMethod();
    principal = ldapAuthority.authenticate("Basic dGVzdHVzZXI6d3Jvbmdwd2Q=", "", "", errMsg);
    assertNull(principal);
    resetProperties();
}
Also used : AuthenticationException(javax.naming.AuthenticationException) AuthenticationNotSupportedException(javax.naming.AuthenticationNotSupportedException) InitialDirContext(javax.naming.directory.InitialDirContext) Test(org.testng.annotations.Test)

Aggregations

AuthenticationNotSupportedException (javax.naming.AuthenticationNotSupportedException)6 AuthenticationException (javax.naming.AuthenticationException)5 NamingException (javax.naming.NamingException)3 InitialDirContext (javax.naming.directory.InitialDirContext)2 LdapResult (com.sun.jndi.ldap.LdapResult)1 PropertyVetoException (java.beans.PropertyVetoException)1 Hashtable (java.util.Hashtable)1 Properties (java.util.Properties)1 CommunicationException (javax.naming.CommunicationException)1 ContextNotEmptyException (javax.naming.ContextNotEmptyException)1 InitialContext (javax.naming.InitialContext)1 InvalidNameException (javax.naming.InvalidNameException)1 NameAlreadyBoundException (javax.naming.NameAlreadyBoundException)1 NameNotFoundException (javax.naming.NameNotFoundException)1 NoPermissionException (javax.naming.NoPermissionException)1 OperationNotSupportedException (javax.naming.OperationNotSupportedException)1 ServiceUnavailableException (javax.naming.ServiceUnavailableException)1 TimeLimitExceededException (javax.naming.TimeLimitExceededException)1 AttributeInUseException (javax.naming.directory.AttributeInUseException)1 DirContext (javax.naming.directory.DirContext)1