Project

General

Profile

« Previous | Next » 

Revision 740

Added by bojilova over 23 years ago

fixed the problem with empy password authentication.
Ldap somehow allows DirContext to be created
when empty password is provided as in our case
instead of comlaining like with wrong password string.
So included a check for empty password in order to reject the login.

View differences:

src/edu/ucsb/nceas/metacat/AuthLdap.java
111 111 
System.out.println(ldapUrl + ldapBase);
112 112 
        String identifier = getIdentifyingName(user,ldapUrl,ldapBase);
113 113 

  		




  114
  
  
    
        if (identifier != null) {


  		




  
  114
  
    
        if (identifier != null && !password.equals("")) {


  		




  115
  115
  
    
          // Now that we have the dn, we can authenticate, so


  		




  116
  116
  
    
          // authenticate this time when opening the DirContext


  		




  117
  117
  
    
          env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);


  		




  118
  
  
    
//        env.put(Context.SECURITY_PROTOCOL, "ssl");


  		




  
  118
  
    
          //env.put(Context.SECURITY_PROTOCOL, "ssl");


  		




  119
  119
  
    
          env.put(Context.SECURITY_AUTHENTICATION, "simple");


  		




  120
  120
  
    
          env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);


  		




  121
  121
  
    
          env.put(Context.SECURITY_CREDENTIALS, password);


  		




  ......




  136
  136
  
    
          }


  		




  137
  137
  
    
        } else { 


  		




  138
  138
  
    
          util.debugMessage("User not found");


  		




  139
  
  
    
//System.out.println("NOT FOUND HERE");


  		




  
  139
  
    
//System.out.println("User NOT FOUND");


  		




  140
  140
  
    
        }


  		




  141
  141
  
    
      } /* while ( enum.hasMore() ) */


  		




  142
  142
  
    

  		




  
  143
  
    
    } catch (NullPointerException e) {


  		




  
  144
  
    
      util.debugMessage("NullPointerException b' password is null");


  		




  
  145
  
    
      util.debugMessage("NullPointerException while authenticating in " + 


  		




  
  146
  
    
                        "AuthLdap.authenticate: " + e);


  		




  
  147
  
    
      throw new ConnectException(


  		




  
  148
  
    
      "NullPointerException while authenticating in " + 


  		




  
  149
  
    
                        "AuthLdap.authenticate: " + e);


  		




  143
  150
  
    
    } catch (NamingException e) {


  		




  144
  151
  
    
      util.debugMessage("Naming exception while authenticating in " + 


  		




  145
  152
  
    
                        "AuthLdap.authenticate: " + e);


  		












Also available in:  Unified diff