X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=aa41e108301abd0ce47abe25665586a880b5d0d6;hb=e4a5502f49e2a2c35d16bbc96efdffead1362a76;hp=278321c24480de4c08db1debab26301701672d14;hpb=54df376a9c2dd458a82eaa09bfbb718fe699dd0d;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index 278321c24..aa41e1083 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -1,6 +1,6 @@ package org.argeo.cms.auth; -import static org.argeo.api.acr.ldap.LdapAttrs.cn; +import static org.argeo.api.acr.ldap.LdapAttr.cn; import java.io.IOException; import java.security.PrivilegedAction; @@ -24,7 +24,7 @@ import javax.security.auth.login.CredentialNotFoundException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -import org.argeo.api.acr.ldap.LdapAttrs; +import org.argeo.api.acr.ldap.LdapAttr; import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; import org.argeo.cms.directory.ldap.IpaUtils; @@ -47,8 +47,8 @@ public class UserAdminLoginModule implements LoginModule { private CallbackHandler callbackHandler; private Map sharedState = null; - private List indexedUserProperties = Arrays.asList(new String[] { LdapAttrs.mail.name(), - LdapAttrs.uid.name(), LdapAttrs.employeeNumber.name(), LdapAttrs.authPassword.name() }); + private List indexedUserProperties = Arrays.asList(new String[] { LdapAttr.mail.name(), + LdapAttr.uid.name(), LdapAttr.employeeNumber.name(), LdapAttr.authPassword.name() }); // private state // private BundleContext bc; @@ -155,20 +155,24 @@ public class UserAdminLoginModule implements LoginModule { return true;// expect Kerberos if (password != null) { + // TODO disabling bind for the time being, + // as it requires authorisations to be set at LDAP level + boolean tryBind = false; // try bind first - try { - AuthenticatingUser authenticatingUser = new AuthenticatingUser(user.getName(), password); - bindAuthorization = userAdmin.getAuthorization(authenticatingUser); - // TODO check tokens as well - if (bindAuthorization != null) { - authenticatedUser = user; - return true; + if (tryBind) + try { + AuthenticatingUser authenticatingUser = new AuthenticatingUser(user.getName(), password); + bindAuthorization = userAdmin.getAuthorization(authenticatingUser); + // TODO check tokens as well + if (bindAuthorization != null) { + authenticatedUser = user; + return true; + } + } catch (Exception e) { + // silent + if (log.isTraceEnabled()) + log.trace("Bind failed", e); } - } catch (Exception e) { - // silent - if (log.isTraceEnabled()) - log.trace("Bind failed", e); - } // works only if a connection password is provided if (!user.hasCredential(null, password)) {