Make sure you're using the latest code from SVN.
AuthenticatedLdapContextSource has been replaced with LdapContextSource from
Spring-LDAP 1.3.0
-Eric
Eric Pierce, RHCE -- University of South Florida -- (813) 974-8868 --
epie...@usf.edu
On Mon, Apr 6, 2009 at 3:14 PM, Borchers, Kristopher C.
<kborch...@sxu.edu>wrote:
> Eric,
>
> I actually tracked down what the problem was and just got it working. I
> had to modify AuthenticatedLdapContextSource to check the error there
> against the regular expressions and then throw the appropriate error to
> BindLdapAuthenticationHandler which catches each error and re-throws it to
> be caught by AuthenticationViaFormAction. Without those modifications,
> AuthenticatedLdapContextSource always threw
> DataAccessResourceFailureException. I have pasted the relevant chunks of
> code below. To answer your other question, I am using Microsoft Active
> Directory.
>
> AuthenticatedLdapContextSource Code:
>
> try {
> return getDirContextInstance(environment);
> } catch (final NamingException e) {
> String details = e.getMessage();
>
> // see if the password has expired
> Pattern pattern = Pattern
>
> .compile(ExpiredPasswordException.EXPIRED_PASSWORD_ERROR_REGEX);
> Matcher matcher = pattern.matcher(details);
> if (matcher.find()) {
> throw new ExpiredPasswordException();
> } else {
> // see if the account is locked
> pattern = Pattern
>
> .compile(AccountLockedException.ACCOUNT_LOCKED_ERROR_REGEX);
> matcher = pattern.matcher(details);
> if (matcher.find()) {
> throw new AccountLockedException();
> } else {
> // see if the account is disabled
> pattern = Pattern
>
> .compile(AccountDisabledException.ACCOUNT_DISABLED_ERROR_REGEX);
> matcher = pattern.matcher(details);
> }if (matcher.find()) {
> throw new AccountDisabledException();
> }
> }
> throw new DataAccessResourceFailureException("Unable to create
> DirContext");
> }
>
> BindLdapAuthenticationHandler code:
>
> for (final String dn : cns) {
> DirContext test = null;
> String finalDn = composeCompleteDnToCheck(dn, credentials);
> try {
> test = this.getContextSource().getDirContext(
> finalDn,
> credentials.getPassword());
>
> if (test != null) {
> return true;
> }
> } catch (final ExpiredPasswordException e) {
> throw e;
> } catch (final AccountLockedException e) {
> throw e;
> } catch (final AccountDisabledException e) {
> throw e;
> } catch (final Exception e) {
> // if we catch any other exception, just try the next cn
> } finally {
> LdapUtils.closeContext(test);
> }
> }
>
> Hope that helps someone else.
>
>
> Thanks,
> Kris
>
> 
> Kristopher Borchers
> Web Application Developer - Content Analyst
> Saint Xavier University
> Ph. 773-298-3924
> kborch...@sxu.edu
> www.sxu.edu
>
> Saint Xavier University - Success with Purpose.
>
> Saint Xavier University, a Catholic institution inspired by the heritage of
> the Sisters of Mercy, educates men and women to search for truth, to think
> critically, to communicate effectively, and to serve wisely and
> compassionately in support of human dignity and the common good.
> -----Original Message-----
> From: epie...@mail.usf.edu [mailto:epie...@mail.usf.edu] On Behalf Of Eric
> Pierce
> Sent: Monday, April 06, 2009 1:42 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Password Expiration Revisited
>
> All of the changes are in BindLdapAuthenticationHandler and
> AuthenticationViaFormAction:
>
> In BindLdapAuthenticationHandler, if there was an exception creating a
> new LDAP Context, it grabs the error message in the exception and
> compares it to the regular expressions for each of the new exception
> types(AccountLockedException, ExpiredPassException, etc). If the
> message matches a pattern, that exception is thrown.
>
> AuthenticationViaFormAction then checks the error code included in the
> exception and sets the webflow endpoint to show the appropiate error
> message.
>
> If the error message that your LDAP server sent doesn't match the
> REGEX, you'll just get back a BadCredentialsAuthenticationException ,
> so that might be the issue. Can you turn logging up to DEBUG for
> Spring-LDAP and let me know what the error from your server is? By
> the way, what LDAP server are you using?
>
> -Eric
>
> Eric Pierce, RHCE -- University of South Florida -- (813) 974-8868
> -- epie...@usf.edu
>
>
> On Mon, Apr 6, 2009 at 10:48 AM, Borchers, Kristopher C.
> <kborch...@sxu.edu> wrote:
> >
> > Eric,
> >
> >
> >
> > I am attempting to implement the changes you have made to detect LDAP
> errors but have run into a snag.
> >
> >
> >
> > Did you make any modifications to the authenticate method in
> org.jasig.cas.authentication.AuthenticationManagerImpl? The reason I ask is
> that I am always getting BadCredentialsAuthenticationException which is to
> be expected since that method is designed to return that exception for any
> exception that happens in order to continue processing other handlers. Did
> you have to make modification to catch the new exceptions you are throwing
> from org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler?
> >
> >
> >
> > Sorry if this doesn't make sense as I am still pretty new to Java and CAS
> but feel like I have a pretty good grip on it and can't understand where
> your new exceptions are caught.
> >
> >
> >
> > Thanks,
> >
> > Kris
> >
> >
> >
> > Kristopher Borchers
> > Web Application Developer - Content Analyst
> > Saint Xavier University
> > Ph. 773-298-3924
> > kborch...@sxu.edu
> > www.sxu.edu
> >
> > Saint Xavier University - Success with Purpose.
> >
> > Saint Xavier University, a Catholic institution inspired by the heritage
> of the Sisters of Mercy, educates men and women to search for truth, to
> think critically, to communicate effectively, and to serve wisely and
> compassionately in support of human dignity and the common good.
> >
> > ________________________________
> >
> > From: epie...@mail.usf.edu [mailto:epie...@mail.usf.edu] On Behalf Of
> Eric Pierce
> > Sent: Thursday, April 02, 2009 11:05 AM
> > To: cas-user@lists.jasig.org
> > Subject: [cas-user] Password Expiration Revisited
> >
> >
> >
> > --
> >
> > You are currently subscribed to cas-user@lists.jasig.org as:
> kborch...@sxu.edu
> >
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
> epie...@usf.edu
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> kborch...@sxu.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> epie...@usf.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
