use of javax.naming.AuthenticationNotSupportedException in project athenz by yahoo.
the class LDAPAuthority method authenticate.
@Override
public Principal authenticate(String creds, String remoteAddr, String httpMethod, StringBuilder errMsg) {
if (!creds.startsWith("Basic ")) {
errMsg.append("LDAPAuthority: authenticate: credentials do not start with 'Basic '");
LOG.error(errMsg.toString());
return null;
}
final String encodedCreds = creds.substring(6);
String decodedCreds;
try {
decodedCreds = new String(Base64.getDecoder().decode(encodedCreds));
} catch (Exception e) {
errMsg.append("LDAPAuthority: authenticate: factory exc=").append(e.getMessage());
LOG.error(errMsg.toString());
return null;
}
int idx = decodedCreds.indexOf(':');
if (idx == -1) {
errMsg.append("LDAPAuthority: authenticate: no password specified");
LOG.error(errMsg.toString());
return null;
}
final String username = decodedCreds.substring(0, idx);
final String password = decodedCreds.substring(idx + 1);
final String finalDN = "cn=" + username + "," + baseDN;
try {
DirContext ctx = getDirContext(finalDN, password);
ctx.close();
} catch (AuthenticationException e) {
errMsg.append("LDAPAuthority: failed: Wrong credentials");
LOG.error(errMsg.toString());
return null;
} catch (AuthenticationNotSupportedException e) {
errMsg.append("LDAPAuthority: failed: Authentication method not supported");
LOG.error(errMsg.toString());
return null;
} catch (NamingException e) {
errMsg.append("LDAPAuthority: failed: ").append(e.getMessage());
LOG.error(errMsg.toString());
return null;
}
SimplePrincipal simplePrincipal = getSimplePrincipal(creds, username);
if (simplePrincipal == null) {
errMsg.append("LDAPAuthority:authenticate: failed to create principal: user=").append(username);
LOG.error(errMsg.toString());
return null;
}
simplePrincipal.setUnsignedCreds(username);
return simplePrincipal;
}
use of javax.naming.AuthenticationNotSupportedException in project alfresco-repository by Alfresco.
the class LDAPInitialDirContextFactoryImpl method afterPropertiesSet.
public void afterPropertiesSet() throws Exception {
logger.debug("after Properties Set");
// Check Anonymous bind
Hashtable<String, String> env = new Hashtable<String, String>(authenticatedEnvironment.size());
env.putAll(authenticatedEnvironment);
env.remove(Context.SECURITY_PRINCIPAL);
env.remove(Context.SECURITY_CREDENTIALS);
if (isSSLSocketFactoryRequired()) {
KeyStore trustStore = initTrustStore();
AlfrescoSSLSocketFactory.initTrustedSSLSocketFactory(trustStore);
env.put("java.naming.ldap.factory.socket", AlfrescoSSLSocketFactory.class.getName());
}
try {
new InitialDirContext(env);
logger.warn("LDAP server supports anonymous bind " + env.get(Context.PROVIDER_URL));
} catch (javax.naming.AuthenticationException ax) {
} catch (AuthenticationNotSupportedException e) {
} catch (NamingException nx) {
logger.error("Unable to connect to LDAP Server; check LDAP configuration", nx);
return;
}
// Simple DN and password
env = new Hashtable<String, String>(authenticatedEnvironment.size());
env.putAll(authenticatedEnvironment);
env.put(Context.SECURITY_PRINCIPAL, "daftAsABrush");
env.put(Context.SECURITY_CREDENTIALS, "daftAsABrush");
if (isSSLSocketFactoryRequired()) {
KeyStore trustStore = initTrustStore();
AlfrescoSSLSocketFactory.initTrustedSSLSocketFactory(trustStore);
env.put("java.naming.ldap.factory.socket", AlfrescoSSLSocketFactory.class.getName());
}
try {
new InitialDirContext(env);
throw new AuthenticationException("The ldap server at " + env.get(Context.PROVIDER_URL) + " falls back to use anonymous bind if invalid security credentials are presented. This is not supported.");
} catch (javax.naming.AuthenticationException ax) {
logger.info("LDAP server does not fall back to anonymous bind for a string uid and password at " + env.get(Context.PROVIDER_URL));
} catch (AuthenticationNotSupportedException e) {
logger.info("LDAP server does not fall back to anonymous bind for a string uid and password at " + env.get(Context.PROVIDER_URL));
} catch (NamingException nx) {
logger.info("LDAP server does not support simple string user ids and invalid credentials at " + env.get(Context.PROVIDER_URL));
}
// DN and password
env = new Hashtable<String, String>(authenticatedEnvironment.size());
env.putAll(authenticatedEnvironment);
env.put(Context.SECURITY_PRINCIPAL, "cn=daftAsABrush,dc=woof");
env.put(Context.SECURITY_CREDENTIALS, "daftAsABrush");
if (isSSLSocketFactoryRequired()) {
KeyStore trustStore = initTrustStore();
AlfrescoSSLSocketFactory.initTrustedSSLSocketFactory(trustStore);
env.put("java.naming.ldap.factory.socket", AlfrescoSSLSocketFactory.class.getName());
}
try {
new InitialDirContext(env);
throw new AuthenticationException("The ldap server at " + env.get(Context.PROVIDER_URL) + " falls back to use anonymous bind if invalid security credentials are presented. This is not supported.");
} catch (javax.naming.AuthenticationException ax) {
logger.info("LDAP server does not fall back to anonymous bind for a simple dn and password at " + env.get(Context.PROVIDER_URL));
} catch (AuthenticationNotSupportedException e) {
logger.info("LDAP server does not fall back to anonymous bind for a simple dn and password at " + env.get(Context.PROVIDER_URL));
} catch (NamingException nx) {
logger.info("LDAP server does not support simple DN and invalid password at " + env.get(Context.PROVIDER_URL));
}
// Check more if we have a real principal we expect to work
String principal = defaultEnvironment.get(Context.SECURITY_PRINCIPAL);
if (principal != null) {
// Correct principal invalid password
env = new Hashtable<String, String>(authenticatedEnvironment.size());
env.putAll(authenticatedEnvironment);
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, "sdasdasdasdasd123123123");
if (isSSLSocketFactoryRequired()) {
KeyStore trustStore = initTrustStore();
AlfrescoSSLSocketFactory.initTrustedSSLSocketFactory(trustStore);
env.put("java.naming.ldap.factory.socket", AlfrescoSSLSocketFactory.class.getName());
}
if (!checkedEnvs.contains(env)) {
try {
new InitialDirContext(env);
throw new AuthenticationException("The ldap server at " + env.get(Context.PROVIDER_URL) + " falls back to use anonymous bind for a known principal if invalid security credentials are presented. This is not supported.");
} catch (javax.naming.AuthenticationException ax) {
logger.info("LDAP server does not fall back to anonymous bind for known principal and invalid credentials at " + env.get(Context.PROVIDER_URL));
} catch (AuthenticationNotSupportedException e) {
logger.info("LDAP server does not support the required authentication mechanism");
} catch (NamingException nx) {
// already done
}
// Record this environment as checked so that we don't check it again on further restarts / other subsystem
// instances
checkedEnvs.add(env);
}
}
}
Aggregations