Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Licensed to Jasig under one or more contributor license
   * agreements. See the NOTICE file distributed with this work
   * for additional information regarding copyright ownership.
   * Jasig licenses this file to you under the Apache License,
   * Version 2.0 (the "License"); you may not use this file
   * except in compliance with the License.  You may obtain a
   * copy of the License at the following location:
   *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.jasig.cas.adaptors.ldap;
 
 import  org.springframework.ldap.NamingSecurityException;
 import  org.springframework.ldap.core.ContextSource;
 import  org.springframework.ldap.core.LdapTemplate;
 import  org.springframework.ldap.core.NameClassPairCallbackHandler;
 import  org.springframework.ldap.core.SearchExecutor;
 
 import java.util.List;

Performs LDAP authentication via two distinct steps:
  1. Search for an LDAP DN using arbitrary search filter.
  2. Bind using DN in first step with password provided by login Webflow.

The search step is typically performed anonymously or using a constant authenticated context such as an administrator username/password or client certificate. This step is suitable for LDAP connection pooling to improve efficiency and performance.

Author(s):
Scott Battaglia
Version:
$Revision$ $Date$
Since:
3.0.3
 
The default maximum number of results to return.
 
     private static final int DEFAULT_MAX_NUMBER_OF_RESULTS = 1000;

    
The default timeout.
 
     private static final int DEFAULT_TIMEOUT = 1000;

    
The search base to find the user under.
 
     private String searchBase;

    
The scope.
 
     @Min(0)
     @Max(2)
     private int scope = .;

    
The maximum number of results to return.
 
     private int maxNumberResults = ;

    
The amount of time to wait.
 
     private int timeout = ;

    
Boolean of whether multiple accounts are allowed.
 
     private boolean allowMultipleAccounts;
 
     protected final boolean authenticateUsernamePasswordInternal(final UsernamePasswordCredentials credentialsthrows AuthenticationException {
 
         final List<Stringcns = new ArrayList<String>();
         
         final SearchControls searchControls = getSearchControls();
         
         final String base = this.;
         final String transformedUsername = getPrincipalNameTransformer().transform(credentials.getUsername());
         final String filter = LdapUtils.getFilterWithValues(getFilter(), transformedUsername);
         this.getLdapTemplate().search(
             new SearchExecutor() {
 
                 public NamingEnumeration executeSearch(final DirContext contextthrows NamingException {
                     return context.search(basefiltersearchControls);
                 }
             },
             new NameClassPairCallbackHandler(){
 
                 public void handleNameClassPair(final NameClassPair nameClassPair) {
                    cns.add(nameClassPair.getNameInNamespace());
                }
            });
        
        if (cns.isEmpty()) {
            .info("Search for " + filter + " returned 0 results.");
            return false;
        }
        if (cns.size() > 1 && !this.) {
            .warn("Search for " + filter + " returned multiple results, which is not allowed.");
            return false;
        }
        for (final String dn : cns) {
            DirContext test = null;
            String finalDn = composeCompleteDnToCheck(dncredentials);
            try {
                this..debug("Performing LDAP bind with credential: " + dn);
                test = this.getContextSource().getContext(
                    finalDn,
                    getPasswordEncoder().encode(credentials.getPassword()));
                if (test != null) {
                    return true;
                }
            } catch (final NamingSecurityException e) {
                .info("Failed to authenticate user {} with error {}"credentials.getUsername(), e.getMessage());
                throw handleLdapError(e);
            } catch (final Exception e) {
                this..error(e.getMessage(), e);
                throw handleLdapError(e);
            } finally {
                LdapUtils.closeContext(test);
            }
        }
        return false;
    }
    protected String composeCompleteDnToCheck(final String dn,
        final UsernamePasswordCredentials credentials) {
        return dn;
    }
    private SearchControls getSearchControls() {
        final SearchControls constraints = new SearchControls();
        constraints.setSearchScope(this.);
        constraints.setReturningAttributes(new String[0]);
        constraints.setTimeLimit(this.);
        constraints.setCountLimit(this.);
        return constraints;
    }

    
Method to return whether multiple accounts are allowed.

Returns:
true if multiple accounts are allowed, false otherwise.
    protected boolean isAllowMultipleAccounts() {
        return this.;
    }

    
Method to return the max number of results allowed.

Returns:
the maximum number of results.
    protected int getMaxNumberResults() {
        return this.;
    }

    
Method to return the scope.

Returns:
the scope
    protected int getScope() {
        return this.;
    }

    
Method to return the search base.

Returns:
the search base.
    protected String getSearchBase() {
        return this.;
    }

    
Method to return the timeout.

Returns:
the timeout.
    protected int getTimeout() {
        return this.;
    }
    public final void setScope(final int scope) {
        this. = scope;
    }

    

Parameters:
allowMultipleAccounts The allowMultipleAccounts to set.
    public void setAllowMultipleAccounts(final boolean allowMultipleAccounts) {
        this. = allowMultipleAccounts;
    }

    

Parameters:
maxNumberResults The maxNumberResults to set.
    public final void setMaxNumberResults(final int maxNumberResults) {
        this. = maxNumberResults;
    }

    

Parameters:
searchBase The searchBase to set.
    public final void setSearchBase(final String searchBase) {
        this. = searchBase;
    }

    

Parameters:
timeout The timeout to set.
    public final void setTimeout(final int timeout) {
        this. = timeout;
    }

    
Sets the context source for LDAP searches. This method may be used to support use cases like the following:
  • Pooling of LDAP connections used for searching (e.g. via instance of org.springframework.ldap.pool.factory.PoolingContextSource).
  • Searching with client certificate credentials.

If this is not defined, the context source defined by setContextSource(ContextSource) is used.

Parameters:
contextSource LDAP context source.
    public final void setSearchContextSource(final ContextSource contextSource) {
        setLdapTemplate(new LdapTemplate(contextSource));
    }
New to GrepCode? Check out our FAQ X