Search in sources :

Example 1 with ContextExecutor

use of org.springframework.ldap.core.ContextExecutor in project spring-security by spring-projects.

the class LdapUserDetailsManager method changePassword.

/**
	 * Changes the password for the current user. The username is obtained from the
	 * security context.
	 * <p>
	 * If the old password is supplied, the update will be made by rebinding as the user,
	 * thus modifying the password using the user's permissions. If
	 * <code>oldPassword</code> is null, the update will be attempted using a standard
	 * read/write context supplied by the context source.
	 * </p>
	 *
	 * @param oldPassword the old password
	 * @param newPassword the new value of the password.
	 */
public void changePassword(final String oldPassword, final String newPassword) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    Assert.notNull(authentication, "No authentication object found in security context. Can't change current user's password!");
    String username = authentication.getName();
    logger.debug("Changing password for user '" + username);
    final DistinguishedName dn = usernameMapper.buildDn(username);
    final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) };
    if (oldPassword == null) {
        template.modifyAttributes(dn, passwordChange);
        return;
    }
    template.executeReadWrite(new ContextExecutor() {

        public Object executeWithContext(DirContext dirCtx) throws NamingException {
            LdapContext ctx = (LdapContext) dirCtx;
            ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(dn, ctx).toString());
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword);
            // TODO: reconnect doesn't appear to actually change the credentials
            try {
                ctx.reconnect(null);
            } catch (javax.naming.AuthenticationException e) {
                throw new BadCredentialsException("Authentication for password change failed.");
            }
            ctx.modifyAttributes(dn, passwordChange);
            return null;
        }
    });
}
Also used : BasicAttribute(javax.naming.directory.BasicAttribute) DistinguishedName(org.springframework.ldap.core.DistinguishedName) DirContext(javax.naming.directory.DirContext) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) ContextExecutor(org.springframework.ldap.core.ContextExecutor) ModificationItem(javax.naming.directory.ModificationItem) Authentication(org.springframework.security.core.Authentication) NamingException(javax.naming.NamingException) LdapContext(javax.naming.ldap.LdapContext)

Example 2 with ContextExecutor

use of org.springframework.ldap.core.ContextExecutor in project spring-security by spring-projects.

the class SpringSecurityLdapTemplate method compare.

// ~ Methods
// ========================================================================================================
/**
	 * Performs an LDAP compare operation of the value of an attribute for a particular
	 * directory entry.
	 *
	 * @param dn the entry who's attribute is to be used
	 * @param attributeName the attribute who's value we want to compare
	 * @param value the value to be checked against the directory value
	 *
	 * @return true if the supplied value matches that in the directory
	 */
public boolean compare(final String dn, final String attributeName, final Object value) {
    final String comparisonFilter = "(" + attributeName + "={0})";
    class LdapCompareCallback implements ContextExecutor {

        public Object executeWithContext(DirContext ctx) throws NamingException {
            SearchControls ctls = new SearchControls();
            ctls.setReturningAttributes(NO_ATTRS);
            ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
            NamingEnumeration<SearchResult> results = ctx.search(dn, comparisonFilter, new Object[] { value }, ctls);
            Boolean match = Boolean.valueOf(results.hasMore());
            LdapUtils.closeEnumeration(results);
            return match;
        }
    }
    Boolean matches = (Boolean) executeReadOnly(new LdapCompareCallback());
    return matches.booleanValue();
}
Also used : SearchControls(javax.naming.directory.SearchControls) SearchResult(javax.naming.directory.SearchResult) DirContext(javax.naming.directory.DirContext) ContextExecutor(org.springframework.ldap.core.ContextExecutor)

Example 3 with ContextExecutor

use of org.springframework.ldap.core.ContextExecutor in project spring-security by spring-projects.

the class SpringSecurityLdapTemplateITests method namingExceptionIsTranslatedCorrectly.

// @Test
// public void testNameExistsForInValidNameFails() {
// assertThat(template.nameExists("ou=doesntexist,dc=springframework,dc=org")).isFalse();
// }
//
// @Test
// public void testNameExistsForValidNameSucceeds() {
// assertThat(template.nameExists("ou=groups,dc=springframework,dc=org")).isTrue();
// }
@Test
public void namingExceptionIsTranslatedCorrectly() {
    try {
        template.executeReadOnly(new ContextExecutor() {

            public Object executeWithContext(DirContext dirContext) throws NamingException {
                throw new NamingException();
            }
        });
        fail("Expected UncategorizedLdapException on NamingException");
    } catch (UncategorizedLdapException expected) {
    }
}
Also used : NamingException(javax.naming.NamingException) DirContext(javax.naming.directory.DirContext) UncategorizedLdapException(org.springframework.ldap.UncategorizedLdapException) ContextExecutor(org.springframework.ldap.core.ContextExecutor)

Aggregations

DirContext (javax.naming.directory.DirContext)3 ContextExecutor (org.springframework.ldap.core.ContextExecutor)3 NamingException (javax.naming.NamingException)2 BasicAttribute (javax.naming.directory.BasicAttribute)1 ModificationItem (javax.naming.directory.ModificationItem)1 SearchControls (javax.naming.directory.SearchControls)1 SearchResult (javax.naming.directory.SearchResult)1 LdapContext (javax.naming.ldap.LdapContext)1 UncategorizedLdapException (org.springframework.ldap.UncategorizedLdapException)1 DistinguishedName (org.springframework.ldap.core.DistinguishedName)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 Authentication (org.springframework.security.core.Authentication)1