introduced possibility to fallback to different principalSuffix to combine different users together
This commit is contained in:
@ -24,35 +24,51 @@ public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(UserNameActiveDirectoryRealm.class);
|
||||
|
||||
private boolean permissionsLookupEnabled = true;
|
||||
protected String fallbackPrincipalSuffix = null;
|
||||
|
||||
@Override
|
||||
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
|
||||
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
|
||||
|
||||
String userName = getUserName(upToken, principalSuffix);
|
||||
LdapContext ctx = null;
|
||||
String userName = upToken.getUsername();
|
||||
try {
|
||||
if (principalSuffix != null) {
|
||||
if (!userName.contains(principalSuffix)) {
|
||||
userName += principalSuffix;
|
||||
}
|
||||
ctx = lookupUser(userName, upToken.getCredentials(), ldapContextFactory);
|
||||
} catch (NamingException ex) {
|
||||
if (fallbackPrincipalSuffix == null) {
|
||||
throw ex;
|
||||
}
|
||||
|
||||
// Binds using the username and password provided by the user.
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("start creating context");
|
||||
}
|
||||
ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials());
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("User {} LDAP authenticated", userName);
|
||||
LOGGER.debug("Lookup with principalSuffix {} failed, falling back to {}", principalSuffix, fallbackPrincipalSuffix);
|
||||
}
|
||||
} finally {
|
||||
LdapUtils.closeContext(ctx);
|
||||
}
|
||||
|
||||
if ((ctx == null) && (fallbackPrincipalSuffix != null)) {
|
||||
userName = getUserName(upToken, fallbackPrincipalSuffix);
|
||||
try {
|
||||
ctx = lookupUser(userName, upToken.getCredentials(), ldapContextFactory);
|
||||
} catch (NamingException ex) {
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("Lookup with fallbackSuffix {} also failed", fallbackPrincipalSuffix);
|
||||
}
|
||||
throw ex;
|
||||
} finally {
|
||||
LdapUtils.closeContext(ctx);
|
||||
}
|
||||
}
|
||||
|
||||
if (ctx == null) {
|
||||
throw new NamingException("Unknown error authenticationing user "+userName+". Context still null. Check implementation");
|
||||
}
|
||||
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("User {} LDAP authenticated", userName);
|
||||
}
|
||||
LOGGER.debug("building authentication info");
|
||||
AuthenticationInfo authInfo = buildAuthenticationInfo(userName, upToken.getPassword());
|
||||
|
||||
|
||||
LOGGER.debug("authentifaction info created");
|
||||
return authInfo;
|
||||
}
|
||||
@ -103,4 +119,31 @@ public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
|
||||
this.permissionsLookupEnabled = permissionsLookupEnabled;
|
||||
}
|
||||
|
||||
public String getFallbackPrincipalSuffix() {
|
||||
return fallbackPrincipalSuffix;
|
||||
}
|
||||
|
||||
public void setFallbackPrincipalSuffix(String fallbackPrincipalSuffix) {
|
||||
this.fallbackPrincipalSuffix = fallbackPrincipalSuffix;
|
||||
}
|
||||
|
||||
private String getUserName(UsernamePasswordToken upToken, String suffix) {
|
||||
String userName = upToken.getUsername();
|
||||
if (suffix != null) {
|
||||
if (!userName.contains(suffix)) {
|
||||
userName += suffix;
|
||||
}
|
||||
}
|
||||
return userName;
|
||||
}
|
||||
|
||||
private LdapContext lookupUser(String userName, Object credentials, LdapContextFactory ldapContextFactory) throws NamingException {
|
||||
|
||||
// Binds using the username and password provided by the user.
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("start creating context");
|
||||
}
|
||||
return ldapContextFactory.getLdapContext(userName, credentials);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user