diff --git a/account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java b/account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java index 7792e8c..3f8a4d1 100644 --- a/account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java +++ b/account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java @@ -24,35 +24,51 @@ public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm { private static final Logger LOGGER = LoggerFactory.getLogger(UserNameActiveDirectoryRealm.class); private boolean permissionsLookupEnabled = true; + protected String fallbackPrincipalSuffix = null; @Override protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; + String userName = getUserName(upToken, principalSuffix); LdapContext ctx = null; - String userName = upToken.getUsername(); try { - if (principalSuffix != null) { - if (!userName.contains(principalSuffix)) { - userName += principalSuffix; - } + ctx = lookupUser(userName, upToken.getCredentials(), ldapContextFactory); + } catch (NamingException ex) { + if (fallbackPrincipalSuffix == null) { + throw ex; } - - // Binds using the username and password provided by the user. if (LOGGER.isDebugEnabled()) { - LOGGER.debug("start creating context"); - } - ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials()); - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("User {} LDAP authenticated", userName); + LOGGER.debug("Lookup with principalSuffix {} failed, falling back to {}", principalSuffix, fallbackPrincipalSuffix); } } finally { LdapUtils.closeContext(ctx); } + if ((ctx == null) && (fallbackPrincipalSuffix != null)) { + userName = getUserName(upToken, fallbackPrincipalSuffix); + try { + ctx = lookupUser(userName, upToken.getCredentials(), ldapContextFactory); + } catch (NamingException ex) { + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Lookup with fallbackSuffix {} also failed", fallbackPrincipalSuffix); + } + throw ex; + } finally { + LdapUtils.closeContext(ctx); + } + } + + if (ctx == null) { + throw new NamingException("Unknown error authenticationing user "+userName+". Context still null. Check implementation"); + } + + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("User {} LDAP authenticated", userName); + } LOGGER.debug("building authentication info"); AuthenticationInfo authInfo = buildAuthenticationInfo(userName, upToken.getPassword()); - + LOGGER.debug("authentifaction info created"); return authInfo; } @@ -103,4 +119,31 @@ public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm { this.permissionsLookupEnabled = permissionsLookupEnabled; } + public String getFallbackPrincipalSuffix() { + return fallbackPrincipalSuffix; + } + + public void setFallbackPrincipalSuffix(String fallbackPrincipalSuffix) { + this.fallbackPrincipalSuffix = fallbackPrincipalSuffix; + } + + private String getUserName(UsernamePasswordToken upToken, String suffix) { + String userName = upToken.getUsername(); + if (suffix != null) { + if (!userName.contains(suffix)) { + userName += suffix; + } + } + return userName; + } + + private LdapContext lookupUser(String userName, Object credentials, LdapContextFactory ldapContextFactory) throws NamingException { + + // Binds using the username and password provided by the user. + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("start creating context"); + } + return ldapContextFactory.getLdapContext(userName, credentials); + } + }