-
- // try bind first
- try {
- AuthenticatingUser authenticatingUser = new AuthenticatingUser(user.getName(), password);
- bindAuthorization = userAdmin.getAuthorization(authenticatingUser);
- // TODO check tokens as well
- if (bindAuthorization != null)
- return true;
- } catch (Exception e) {
- // silent
- if(log.isTraceEnabled())
- log.trace("Bind failed", e);
- }
-
- // works only if a connection password is provided
- if (!user.hasCredential(null, password)) {
- return false;
+
+ if (password != null) {
+ // try bind first
+ try {
+ AuthenticatingUser authenticatingUser = new AuthenticatingUser(user.getName(), password);
+ bindAuthorization = userAdmin.getAuthorization(authenticatingUser);
+ // TODO check tokens as well
+ if (bindAuthorization != null) {
+ authenticatedUser = user;
+ return true;
+ }
+ } catch (Exception e) {
+ // silent
+ if (log.isTraceEnabled())
+ log.trace("Bind failed", e);
+ }
+
+ // works only if a connection password is provided
+ if (!user.hasCredential(null, password)) {
+ return false;
+ }
+ } else if (certificateChain != null) {
+ // TODO check CRLs/OSCP validity?
+ // NB: authorization in commit() will work only if an LDAP connection password
+ // is provided
+ } else if (singleUser) {
+ // TODO verify IP address?
+ } else {
+ throw new CredentialNotFoundException("No credentials provided");