Enhanced to try validating a users identity utilizing the username

present in the PW token as if it was an FDN if not able to find a user with a matching short name.
2008-08-04 22:07:25 +00:00 · 2008-08-04 22:07:25 +00:00 · 8179597cf4
commit 8179597cf4
parent 7633b8fd57
1 changed files with 30 additions and 0 deletions
--- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
+++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
@ -255,6 +255,8 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable

            try
            {
+               int usernameMatches = 0;
+
               // Go through the search roots stopping if the identity is resolved.
               for (int i = 0; i < searchRoots.length && identId == null; i++)
               {
@ -267,6 +269,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
                  // Enumerate through the users returned checking the password
                  while (answer.hasMore())
                  {
+                     usernameMatches ++;
                     SearchResult sr = answer.next();

                     // Open a directory context for the user as a way of verifying its password
@ -299,6 +302,33 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
                        m_log.warn("invoke()- NamingException: " + e.getExplanation());
                     }
                  }
+
+                  // Try to validate the name provided if we did not find any users with matching
+                  // surnames in case that the name is an FDN.
+                  if (usernameMatches == 0)
+                  {
+                     // Open a directory context for the user as a way of verifying its password
+                     try
+                     {
+                        Hashtable env2 = new Hashtable();
+                        env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
+                        env2.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
+                        env2.put(Realm.REALM_SELECTOR, authReqMsg.getRealm());
+                        env2.put(Context.SECURITY_AUTHENTICATION, "simple");
+                        env2.put(Context.SECURITY_PRINCIPAL, pwToken.getUsername());
+                        env2.put(Context.SECURITY_CREDENTIALS, pwToken.getPassword());
+
+                        if ((new InitialDirContext(env2)) != null)
+                        {
+                           // The password must be valid, set the identity Id.
+                           identId = pwToken.getUsername();
+                        }
+                     }
+                     catch (NamingException e)
+                     {
+                        m_log.warn("invoke()- NamingException: " + e.getExplanation());
+                     }
+                  }
               }
            }
            catch (ServiceUnavailableException e)