Enhanced to try validating a users identity utilizing the username
present in the PW token as if it was an FDN if not able to find a user with a matching short name.
This commit is contained in:
Juan Carlos Luciani
parent
7633b8fd57
commit
8179597cf4
@ -255,6 +255,8 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
|
|||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
int usernameMatches = 0;
|
||||||
|
|
||||||
// Go through the search roots stopping if the identity is resolved.
|
// Go through the search roots stopping if the identity is resolved.
|
||||||
for (int i = 0; i < searchRoots.length && identId == null; i++)
|
for (int i = 0; i < searchRoots.length && identId == null; i++)
|
||||||
{
|
{
|
||||||
@ -267,6 +269,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
|
|||||||
// Enumerate through the users returned checking the password
|
// Enumerate through the users returned checking the password
|
||||||
while (answer.hasMore())
|
while (answer.hasMore())
|
||||||
{
|
{
|
||||||
|
usernameMatches ++;
|
||||||
SearchResult sr = answer.next();
|
SearchResult sr = answer.next();
|
||||||
|
|
||||||
// Open a directory context for the user as a way of verifying its password
|
// Open a directory context for the user as a way of verifying its password
|
||||||
@ -299,6 +302,33 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
|
|||||||
m_log.warn("invoke()- NamingException: " + e.getExplanation());
|
m_log.warn("invoke()- NamingException: " + e.getExplanation());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Try to validate the name provided if we did not find any users with matching
|
||||||
|
// surnames in case that the name is an FDN.
|
||||||
|
if (usernameMatches == 0)
|
||||||
|
{
|
||||||
|
// Open a directory context for the user as a way of verifying its password
|
||||||
|
try
|
||||||
|
{
|
||||||
|
Hashtable env2 = new Hashtable();
|
||||||
|
env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
|
||||||
|
env2.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
|
||||||
|
env2.put(Realm.REALM_SELECTOR, authReqMsg.getRealm());
|
||||||
|
env2.put(Context.SECURITY_AUTHENTICATION, "simple");
|
||||||
|
env2.put(Context.SECURITY_PRINCIPAL, pwToken.getUsername());
|
||||||
|
env2.put(Context.SECURITY_CREDENTIALS, pwToken.getPassword());
|
||||||
|
|
||||||
|
if ((new InitialDirContext(env2)) != null)
|
||||||
|
{
|
||||||
|
// The password must be valid, set the identity Id.
|
||||||
|
identId = pwToken.getUsername();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (NamingException e)
|
||||||
|
{
|
||||||
|
m_log.warn("invoke()- NamingException: " + e.getExplanation());
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (ServiceUnavailableException e)
|
catch (ServiceUnavailableException e)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user