Author: tripod
Date: Wed Apr 22 14:55:20 2015
New Revision: 1675377
URL: http://svn.apache.org/r1675377
Log:
OAK-2674 : Fix FindBug Issues
Modified:
jackrabbit/oak/branches/1.0/ (props changed)
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
Propchange: jackrabbit/oak/branches/1.0/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Apr 22 14:55:20 2015
@@ -1,2 +1,2 @@
-/jackrabbit/oak/trunk:1584578,1584602,1584614,1584616,1584709,1584781,1584937,1585297,1585304-1585305,1585420,1585424,1585427,1585448,1585465,1585468,1585486,1585497,1585509,1585647,1585655-1585656,1585661,1585665-1585666,1585669-1585670,1585673,1585680,1585719,1585763,1585770,1585896,1585904,1585907,1585940,1585949,1585951,1585956,1585962-1585963,1586287,1586320,1586364,1586372,1586655,1586836,1587130,1587224,1587399,1587408,1587472,1587485,1587488,1587538,1587580,1587807,1588033,1588042,1588046,1588066,1588201,1589025,1589101,1589137,1589141,1589263,1589440,1589442,1589484,1589488,1589661,1589664,1589682,1589708,1589741,1589748,1589789,1589794,1589850,1589864,1590628,1590660,1590684,1590697,1590701,1590980,1590988,1591101,1591226,1591229,1591293,1591314,1591317,1591362,1591374,1591381,1591438,1591467,1591552,1591704,1591713,1591715,1591723,1591874,1592487,1592512,1592658,1592665,1592677,1592742,1592744,1592787,1592809,1592955,1593036,1593048,1593061,1593133,1593210-1593211,1593231
,1593245,1593250,1593294,1593304,1593317,1593342,1593554,1594158-1594164,1594166-1594167,1594169,1594237,1594800,1594808,1594835,1594888,1595147,1595457,1595856,1596241,1596474,1596534,1596844,1597569,1597795,1597854,1597860,1598292,1598302,1598352,1598369,1598595,1598631,1598696,1598732,1598797-1598798,1599160,1599299,1599332,1599416,1599434,1599671,1600088,1600935,1601309,1601388,1601578,1601649,1601676,1601757,1601768,1601814,1601833,1601838,1601853,1601878,1601888,1601922,1602156,1602170,1602174,1602179,1602183,1602201,1602207,1602227,1602256,1602261,1602342,1602796-1602797,1602800,1602809,1602853,1602872,1602914,1603155,1603307,1603401,1603441,1603748,1604166,1605030,1605036,1605038,1605292,1605447,1605526,1605670,1605725,1605831,1605852,1606077,1606079,1606087,1606638,1606641,1606644,1606708,1606711,1607031-1607032,1607077,1607127,1607141,1607152,1607185,1607196,1607331,1607362,1607366,1607392,1607526,1607557,1607664,1607737,1608560,1608731,1608783,1609064,1609081,1609165,1609
214,1609488,1610489,1610592,1610603,1610634,1610658,1610664,1611021,1611041,1611270,1611275,1611277,1611313,1611332,1611584,1612560,1612825,1612848,1612892,1612899,1612993,1613018,1613041,1614032,1614265,1614272,1614344-1614345,1614384-1614385,1614397,1614405-1614406,1614574,1614591,1614593,1614596,1614604,1614689,1614807,1614835,1614891,1615417-1615418,1616182,1616236,1616463,1616719,1617417,1617451,1617463,1617711,1618158,1618613,1618624,1618709,1619222,1619411,1619695,1619800,1619808,1619815,1619823-1619824,1620512,1620581,1620585,1620634,1620898,1620905,1621115,1621123-1621124,1621168,1621192,1621201,1621706,1621962,1622197,1622201,1622207,1622250,1622479,1623364,1623766,1623827,1623949,1623969,1623973,1624216,1624317,1624551,1624559,1624973,1624993-1624994,1625025,1625036,1625158,1625224,1625237,1625299,1625348,1625620,1625916,1625962-1625963,1626021,1626053,1626163,1626168,1626175,1626191,1626265,1626770,1627047,1627052,1627228,1627346,1627470,1627473,1627479,1627503,1627586,1
627590,1627715,1627731,1628180,1628198,1628262,1628447,1628608,1629688,1629840,1629858,1629917,1630055-1630057,1630156,1630299,1630338,1630773,1631283-1631284,1631333-1631334,1631617-1631619,1631630,1631699,1631704,1631711,1631967-1631969,1631986,1631990,1631999,1632002-1632003,1632017,1632258,1632264,1632270,1632293,1632303,1632592,1632605,1633315,1633389,1633559-1633560,1633562,1633567,1633571,1633598,1633608,1633641,1633687,1633697,1633768,1633783,1634505,1634513,1634774,1634779,1634781,1634792,1634803,1634814,1634816,1634838,1634841,1634852,1634864,1634896,1634898,1635044-1635045,1635060,1635077,1635089,1635102,1635108,1635178,1635218,1635387,1635435,1635518,1635563,1635586,1636336,1636348,1636505,1636585,1636799,1637368,1637382,1637413,1637651,1637815,1638779-1638783,1639260,1639577,1639622,1639963,1639966,1639973,1640134,1640143,1640523,1640555-1640556,1640694-1640695,1640715,1640722-1640723,1640728,1640863-1640872,1641340,1641350,1641352,1641541,1641596-1641599,1641601,164166
2,1641671,1641695,1641771,1641802,1641811,1641950,1642031,1642056,1642119,1642285,1642648,1642667,1642954,1642959,1643111,1643178,1643186,1643204,1643287,1643767,1643774,1643982,1644016,1644106,1644366,1644383,1644397-1644398,1644407,1644479,1644547,1644552,1644554,1644588,1644645,1644650,1644654,1644689,1644750,1645421,1645424,1645459,1645585,1645611,1645637,1645646,1645660-1645663,1645888,1645901,1645948,1645966,1645970-1645971,1646014,1646164,1646174,1646469,1646684,1646726-1646728,1646766,1646795,1646981,1649743,1649803,1650015,1650239,1650529,1650797,1651323,1651382,1651643,1651652,1651730,1651988-1651989,1651996,1652024,1652035,1652058-1652059,1652075,1652127,1652158,1652467,1652965,1652971,1652992,1653207,1653446,1653463,1653484,1653572,1653579,1653591,1653804,1653809,1653813,1653848-1653850,1653882,1654116,1654174,1654743,1654756,1654778,1655028,1655049,1655054-1655055,1655086,1655237,1655248,1655996,1656019,1656027,1656033,1656303,1656394,1656400,1656425,1656427,1656453,165
6628,1656678,1657163,1657188,1657766,1657804,1658470,1658977,1659285,1659483,1659527,1659550,1659578,1659765,1660154-1660155,1660383,1660409,1660426,1660676,1660870,1660872,1660897,1660903,1661069,1661122,1661146,1661158,1661226,1661630,1661643,1661645,1662313-1662315,1662323,1662381,1662450,1662456,1663241,1663275,1663288,1663448,1663526,1663528,1663565,1663578,1663666,1663705,1663730,1663753,1663854,1664038,1664184,1664228-1664229,1664231,1664381,1664569,1664947,1664987,1665184,1665271-1665272,1665274-1665275,1665436,1665604,1665634,1665758,1665835,1665892,1665897,1665910,1665918,1666102,1666177,1666218,1666220,1666351-1666352,1666381,1666384,1666426,1666491,1667062,1667184,1667293,1667462,1667498,1667502,1667573,1667590,1667696,1667782,1668160,1668275,1668641,1668645,1668649,1668665,1668671,1668683,1668688,1668845,1669072,1669096,1669135,1669337,1669361,1669579,1669680,1670030,1670693,1670705,1671489,1671512,1671787,1671795,1672055,1672277,1672350,1672468,1672537,1672603,1672834-
1672835,1673351,1673644,1673662-1673663,1673695,1674046,1674065,1674075,1674107,1675332
+/jackrabbit/oak/trunk:1584578,1584602,1584614,1584616,1584709,1584781,1584937,1585297,1585304-1585305,1585420,1585424,1585427,1585448,1585465,1585468,1585486,1585497,1585509,1585647,1585655-1585656,1585661,1585665-1585666,1585669-1585670,1585673,1585680,1585719,1585763,1585770,1585896,1585904,1585907,1585940,1585949,1585951,1585956,1585962-1585963,1586287,1586320,1586364,1586372,1586655,1586836,1587130,1587224,1587399,1587408,1587472,1587485,1587488,1587538,1587580,1587807,1588033,1588042,1588046,1588066,1588201,1589025,1589101,1589137,1589141,1589263,1589440,1589442,1589484,1589488,1589661,1589664,1589682,1589708,1589741,1589748,1589789,1589794,1589850,1589864,1590628,1590660,1590684,1590697,1590701,1590980,1590988,1591101,1591226,1591229,1591293,1591314,1591317,1591362,1591374,1591381,1591438,1591467,1591552,1591704,1591713,1591715,1591723,1591874,1592487,1592512,1592658,1592665,1592677,1592742,1592744,1592787,1592809,1592955,1593036,1593048,1593061,1593133,1593210-1593211,1593231
,1593245,1593250,1593294,1593304,1593317,1593342,1593554,1594158-1594164,1594166-1594167,1594169,1594237,1594800,1594808,1594835,1594888,1595147,1595457,1595856,1596241,1596474,1596534,1596844,1597569,1597795,1597854,1597860,1598292,1598302,1598352,1598369,1598595,1598631,1598696,1598732,1598797-1598798,1599160,1599299,1599332,1599416,1599434,1599671,1600088,1600935,1601309,1601388,1601578,1601649,1601676,1601757,1601768,1601814,1601833,1601838,1601853,1601878,1601888,1601922,1602156,1602170,1602174,1602179,1602183,1602201,1602207,1602227,1602256,1602261,1602342,1602796-1602797,1602800,1602809,1602853,1602872,1602914,1603155,1603307,1603401,1603441,1603748,1604166,1605030,1605036,1605038,1605292,1605447,1605526,1605670,1605725,1605831,1605852,1606077,1606079,1606087,1606638,1606641,1606644,1606708,1606711,1607031-1607032,1607077,1607127,1607141,1607152,1607185,1607196,1607331,1607362,1607366,1607392,1607526,1607557,1607664,1607737,1608560,1608731,1608783,1609064,1609081,1609165,1609
214,1609488,1610489,1610592,1610603,1610634,1610658,1610664,1611021,1611041,1611270,1611275,1611277,1611313,1611332,1611584,1612560,1612825,1612848,1612892,1612899,1612993,1613018,1613041,1614032,1614265,1614272,1614344-1614345,1614384-1614385,1614397,1614405-1614406,1614574,1614591,1614593,1614596,1614604,1614689,1614807,1614835,1614891,1615417-1615418,1616182,1616236,1616463,1616719,1617417,1617451,1617463,1617711,1618158,1618613,1618624,1618709,1619222,1619411,1619695,1619800,1619808,1619815,1619823-1619824,1620512,1620581,1620585,1620634,1620898,1620905,1621115,1621123-1621124,1621168,1621192,1621201,1621706,1621962,1622197,1622201,1622207,1622250,1622479,1623364,1623766,1623827,1623949,1623969,1623973,1624216,1624317,1624551,1624559,1624973,1624993-1624994,1625025,1625036,1625158,1625224,1625237,1625299,1625348,1625620,1625916,1625962-1625963,1626021,1626053,1626163,1626168,1626175,1626191,1626265,1626770,1627047,1627052,1627228,1627346,1627470,1627473,1627479,1627503,1627586,1
627590,1627715,1627731,1628180,1628198,1628262,1628447,1628608,1629688,1629840,1629858,1629917,1630055-1630057,1630156,1630299,1630338,1630773,1631283-1631284,1631333-1631334,1631617-1631619,1631630,1631699,1631704,1631711,1631967-1631969,1631986,1631990,1631999,1632002-1632003,1632017,1632258,1632264,1632270,1632293,1632303,1632592,1632605,1633315,1633389,1633559-1633560,1633562,1633567,1633571,1633598,1633608,1633641,1633687,1633697,1633768,1633783,1634505,1634513,1634774,1634779,1634781,1634792,1634803,1634814,1634816,1634838,1634841,1634852,1634864,1634896,1634898,1635044-1635045,1635060,1635077,1635089,1635102,1635108,1635178,1635218,1635387,1635435,1635518,1635563,1635586,1636336,1636348,1636505,1636585,1636799,1637368,1637382,1637413,1637651,1637815,1638779-1638783,1639260,1639577,1639622,1639963,1639966,1639973,1640134,1640143,1640523,1640555-1640556,1640694-1640695,1640715,1640722-1640723,1640728,1640863-1640872,1641340,1641350,1641352,1641541,1641596-1641599,1641601,164166
2,1641671,1641695,1641771,1641802,1641811,1641950,1642031,1642056,1642119,1642285,1642648,1642667,1642954,1642959,1643111,1643178,1643186,1643204,1643287,1643767,1643774,1643982,1644016,1644106,1644366,1644383,1644397-1644398,1644407,1644479,1644547,1644552,1644554,1644588,1644645,1644650,1644654,1644689,1644750,1645421,1645424,1645459,1645585,1645611,1645637,1645646,1645660-1645663,1645888,1645901,1645948,1645966,1645970-1645971,1646014,1646164,1646174,1646469,1646684,1646726-1646728,1646766,1646795,1646981,1649743,1649803,1650015,1650239,1650529,1650797,1651323,1651382,1651643,1651652,1651730,1651988-1651989,1651996,1652024,1652035,1652058-1652059,1652075,1652127,1652158,1652467,1652965,1652971,1652992,1653207,1653446,1653463,1653484,1653572,1653579,1653591,1653804,1653809,1653813,1653848-1653850,1653882,1654116,1654174,1654743,1654756,1654778,1655028,1655049,1655054-1655055,1655086,1655237,1655248,1655996,1656019,1656027,1656033,1656303,1656394,1656400,1656425,1656427,1656453,165
6628,1656678,1657163,1657188,1657766,1657804,1658470,1658977,1659285,1659483,1659527,1659550,1659578,1659765,1660154-1660155,1660383,1660409,1660426,1660676,1660870,1660872,1660897,1660903,1661069,1661122,1661146,1661158,1661226,1661630,1661643,1661645,1662313-1662315,1662323,1662381,1662450,1662456,1663241,1663275,1663288,1663448,1663526,1663528,1663565,1663578,1663666,1663705,1663730,1663753,1663854,1664038,1664184,1664228-1664229,1664231,1664381,1664569,1664947,1664987,1665184,1665271-1665272,1665274-1665275,1665436,1665604,1665634,1665758,1665835,1665892,1665897,1665910,1665918,1666102,1666177,1666218,1666220,1666351-1666352,1666381,1666384,1666426,1666491,1667062,1667184,1667293,1667462,1667498,1667502,1667573,1667590,1667696,1667782,1668160,1668275,1668641,1668645,1668649,1668665,1668671,1668683,1668688,1668845,1669072,1669096,1669135,1669337,1669361,1669579,1669680,1670030,1670693,1670705,1671489,1671512,1671787,1671795,1672055,1672277,1672350,1672468,1672537,1672603,1672834-
1672835,1673351,1673431,1673644,1673662-1673663,1673695,1674046,1674065,1674075,1674107,1675332
/jackrabbit/trunk:1345480
Modified:
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java?rev=1675377&r1=1675376&r2=1675377&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java
(original)
+++
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java
Wed Apr 22 14:55:20 2015
@@ -49,7 +49,7 @@ public class DebugTimer {
if (b.length() > 0) {
b.append(", ");
} else {
- b.append("(");
+ b.append('(');
}
int u = 0;
double time = t.time;
@@ -62,7 +62,7 @@ public class DebugTimer {
return b.append(')').toString();
}
- private static class TimeStamp {
+ private static final class TimeStamp {
private final long time;
Modified:
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1675377&r1=1675376&r2=1675377&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
(original)
+++
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Wed Apr 22 14:55:20 2015
@@ -23,6 +23,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
@@ -128,6 +129,7 @@ public class LdapIdentityProvider implem
init();
}
+ //----------------------------------------------------< SCR integration
>---
@SuppressWarnings("UnusedDeclaration")
@Activate
private void activate(Map<String, Object> properties) {
@@ -143,63 +145,6 @@ public class LdapIdentityProvider implem
}
/**
- * Initializes the ldap identity provider.
- */
- private void init() {
- if (adminConnectionFactory != null) {
- throw new IllegalStateException("Provider already initialized.");
- }
-
- // setup admin connection pool
- LdapConnectionConfig cc = createConnectionConfig();
- String bindDN = config.getBindDN();
- if (bindDN != null && !bindDN.isEmpty()) {
- cc.setName(bindDN);
- cc.setCredentials(config.getBindPassword());
- }
- adminConnectionFactory = new PoolableLdapConnectionFactory(cc);
-
- if (config.getAdminPoolConfig().getMaxActive() != 0) {
- adminPool = new LdapConnectionPool(adminConnectionFactory);
- adminPool.setTestOnBorrow(true);
- adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive());
-
adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
- }
-
- // setup unbound connection pool. let's create a new version of the
config
- cc = createConnectionConfig();
-
- userConnectionFactory = new PoolableUnboundConnectionFactory(cc);
- if (config.getUserPoolConfig().getMaxActive() != 0) {
- userPool = new UnboundLdapConnectionPool(userConnectionFactory);
- userPool.setTestOnBorrow(true);
- userPool.setMaxActive(config.getUserPoolConfig().getMaxActive());
-
userPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
- }
-
- log.info("LdapIdentityProvider initialized: {}", config);
- }
-
- /**
- * Creates a new connection config based on the config.
- * @return the connection config.
- */
- @Nonnull
- private LdapConnectionConfig createConnectionConfig() {
- LdapConnectionConfig cc = new LdapConnectionConfig();
- cc.setLdapHost(config.getHostname());
- cc.setLdapPort(config.getPort());
- cc.setUseSsl(config.useSSL());
- cc.setUseTls(config.useTLS());
-
- // todo: implement better trustmanager/keystore management (via
sling/felix)
- if (config.noCertCheck()) {
- cc.setTrustManagers(new NoVerificationTrustManager());
- }
- return cc;
- }
-
- /**
* Closes this provider and releases the internal pool. This should be
called by Non-OSGi users of this provider.
*/
public void close() {
@@ -222,7 +167,7 @@ public class LdapIdentityProvider implem
}
-
+ //-------------------------------------------< ExternalIdentityProvider
>---
@Nonnull
@Override
public String getName() {
@@ -249,8 +194,7 @@ public class LdapIdentityProvider implem
return null;
}
} catch (LdapException e) {
- log.error("Error during ldap lookup", e);
- throw new ExternalIdentityException("Error during ldap lookup.",
e);
+ throw lookupFailedException(e, null);
} finally {
disconnect(connection);
}
@@ -273,11 +217,9 @@ public class LdapIdentityProvider implem
return null;
}
} catch (LdapException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.",
e);
+ throw lookupFailedException(e, timer);
} catch (CursorException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.",
e);
+ throw lookupFailedException(e, timer);
} finally {
disconnect(connection);
}
@@ -300,11 +242,9 @@ public class LdapIdentityProvider implem
return null;
}
} catch (LdapException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.",
e);
+ throw lookupFailedException(e, timer);
} catch (CursorException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.",
e);
+ throw lookupFailedException(e, timer);
} finally {
disconnect(connection);
}
@@ -338,11 +278,9 @@ public class LdapIdentityProvider implem
}
};
} catch (LdapException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.",
e);
+ throw lookupFailedException(e, timer);
} catch (CursorException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.",
e);
+ throw lookupFailedException(e, timer);
} finally {
disconnect(connection);
}
@@ -376,17 +314,217 @@ public class LdapIdentityProvider implem
}
};
} catch (LdapException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.",
e);
+ throw lookupFailedException(e, timer);
} catch (CursorException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.",
e);
+ throw lookupFailedException(e, timer);
+ } finally {
+ disconnect(connection);
+ }
+ }
+
+ @Override
+ public ExternalUser authenticate(@Nonnull Credentials credentials) throws
ExternalIdentityException, LoginException {
+ if (!(credentials instanceof SimpleCredentials)) {
+ log.debug("LDAP IDP can only authenticate SimpleCredentials.");
+ return null;
+ }
+ final SimpleCredentials creds = (SimpleCredentials) credentials;
+ final ExternalUser user = getUser(creds.getUserID());
+ if (user != null) {
+ // OAK-2078: check for non-empty passwords to avoid anonymous bind
on weakly configured servers
+ // see http://tools.ietf.org/html/rfc4513#section-5.1.1 for
details.
+ if (creds.getPassword().length == 0) {
+ throw new LoginException("Refusing to authenticate against
LDAP server: Empty passwords not allowed.");
+ }
+
+ // authenticate
+ LdapConnection connection = null;
+ try {
+ DebugTimer timer = new DebugTimer();
+ if (userPool == null) {
+ connection = userConnectionFactory.makeObject();
+ } else {
+ connection = userPool.getConnection();
+ }
+ timer.mark("connect");
+ connection.bind(user.getExternalId().getId(), new
String(creds.getPassword()));
+ timer.mark("bind");
+ if (log.isDebugEnabled()) {
+ log.debug("authenticate({}) {}", user.getId(),
timer.getString());
+ }
+ } catch (LdapAuthenticationException e) {
+ throw new LoginException("Unable to authenticate against LDAP
server: " + e.getMessage());
+ } catch (Exception e) {
+ throw new ExternalIdentityException("Error while binding user
credentials", e);
+ } finally {
+ if (connection != null) {
+ try {
+ if (userPool == null) {
+ userConnectionFactory.destroyObject(connection);
+ } else {
+ userPool.releaseConnection(connection);
+ }
+ } catch (Exception e) {
+ // ignore
+ }
+ }
+ }
+ }
+ return user;
+ }
+
+ //-----------------------------------------------------------< internal
>---
+ /**
+ * Collects the declared (direct) groups of an identity
+ * @param ref reference to the identity
+ * @return map of identities where the key is the DN of the LDAP entity
+ */
+ Map<String, ExternalIdentityRef> getDeclaredGroupRefs(ExternalIdentityRef
ref) throws ExternalIdentityException {
+ if (!isMyRef(ref)) {
+ return Collections.emptyMap();
+ }
+ String searchFilter = config.getMemberOfSearchFilter(ref.getId());
+
+ LdapConnection connection = null;
+ SearchCursor searchCursor = null;
+ try {
+ // Create the SearchRequest object
+ SearchRequest req = new SearchRequestImpl();
+ req.setScope(SearchScope.SUBTREE);
+ req.addAttributes(SchemaConstants.NO_ATTRIBUTE);
+ req.setTimeLimit((int) config.getSearchTimeout());
+ req.setBase(new Dn(config.getGroupConfig().getBaseDN()));
+ req.setFilter(searchFilter);
+
+ Map<String, ExternalIdentityRef> groups = new HashMap<String,
ExternalIdentityRef>();
+ DebugTimer timer = new DebugTimer();
+ connection = connect();
+ timer.mark("connect");
+
+ searchCursor = connection.search(req);
+ timer.mark("search");
+ while (searchCursor.next()) {
+ Response response = searchCursor.get();
+ if (response instanceof SearchResultEntry) {
+ Entry resultEntry = ((SearchResultEntry)
response).getEntry();
+ ExternalIdentityRef groupRef = new
ExternalIdentityRef(resultEntry.getDn().toString(), this.getName());
+ groups.put(groupRef.getId(), groupRef);
+ }
+ }
+ timer.mark("iterate");
+ if (log.isDebugEnabled()) {
+ log.debug("search below {} with {} found {} entries. {}",
+ config.getGroupConfig().getBaseDN(), searchFilter,
groups.size(), timer.getString());
+ }
+ return groups;
+ } catch (Exception e) {
+ log.error("Error during ldap membership search." ,e);
+ throw new ExternalIdentityException("Error during ldap membership
search.", e);
} finally {
+ if (searchCursor != null) {
+ searchCursor.close();
+ }
disconnect(connection);
}
}
- private Entry getEntry(LdapConnection connection,
LdapProviderConfig.Identity idConfig, String id)
+ /**
+ * Collects the declared (direct) members of a group
+ * @param ref the reference to the group
+ * @return map of identity refers
+ * @throws ExternalIdentityException if an error occurs
+ */
+ Map<String, ExternalIdentityRef> getDeclaredMemberRefs(ExternalIdentityRef
ref) throws ExternalIdentityException {
+ if (!isMyRef(ref)) {
+ return Collections.emptyMap();
+ }
+ LdapConnection connection = null;
+ try {
+ Map<String, ExternalIdentityRef> members = new HashMap<String,
ExternalIdentityRef>();
+ DebugTimer timer = new DebugTimer();
+ connection = connect();
+ timer.mark("connect");
+ Entry entry = connection.lookup(ref.getId());
+ timer.mark("lookup");
+ Attribute attr = entry.get(config.getGroupMemberAttribute());
+ for (Value value: attr) {
+ ExternalIdentityRef memberRef = new
ExternalIdentityRef(value.getString(), this.getName());
+ members.put(memberRef.getId(), memberRef);
+ }
+ timer.mark("iterate");
+ if (log.isDebugEnabled()) {
+ log.debug("members lookup of {} found {} members. {}",
ref.getId(), members.size(), timer.getString());
+ }
+ return members;
+ } catch (Exception e) {
+ String msg = "Error during ldap group members lookup.";
+ log.error(msg ,e);
+ throw new ExternalIdentityException(msg, e);
+ } finally {
+ disconnect(connection);
+ }
+ }
+
+ //------------------------------------------------------------< private
>---
+ /**
+ * Initializes the ldap identity provider.
+ */
+ private void init() {
+ if (adminConnectionFactory != null) {
+ throw new IllegalStateException("Provider already initialized.");
+ }
+
+ // setup admin connection pool
+ LdapConnectionConfig cc = createConnectionConfig();
+ String bindDN = config.getBindDN();
+ if (bindDN != null && !bindDN.isEmpty()) {
+ cc.setName(bindDN);
+ cc.setCredentials(config.getBindPassword());
+ }
+ adminConnectionFactory = new PoolableLdapConnectionFactory(cc);
+
+ if (config.getAdminPoolConfig().getMaxActive() != 0) {
+ adminPool = new LdapConnectionPool(adminConnectionFactory);
+ adminPool.setTestOnBorrow(true);
+ adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive());
+
adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
+ }
+
+ // setup unbound connection pool. let's create a new version of the
config
+ cc = createConnectionConfig();
+
+ userConnectionFactory = new PoolableUnboundConnectionFactory(cc);
+ if (config.getUserPoolConfig().getMaxActive() != 0) {
+ userPool = new UnboundLdapConnectionPool(userConnectionFactory);
+ userPool.setTestOnBorrow(true);
+ userPool.setMaxActive(config.getUserPoolConfig().getMaxActive());
+
userPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
+ }
+
+ log.info("LdapIdentityProvider initialized: {}", config);
+ }
+
+ /**
+ * Creates a new connection config based on the config.
+ * @return the connection config.
+ */
+ @Nonnull
+ private LdapConnectionConfig createConnectionConfig() {
+ LdapConnectionConfig cc = new LdapConnectionConfig();
+ cc.setLdapHost(config.getHostname());
+ cc.setLdapPort(config.getPort());
+ cc.setUseSsl(config.useSSL());
+ cc.setUseTls(config.useTLS());
+
+ // todo: implement better trustmanager/keystore management (via
sling/felix)
+ if (config.noCertCheck()) {
+ cc.setTrustManagers(new NoVerificationTrustManager());
+ }
+ return cc;
+ }
+
+ @CheckForNull
+ private Entry getEntry(@Nonnull LdapConnection connection, @Nonnull
LdapProviderConfig.Identity idConfig, @Nonnull String id)
throws CursorException, LdapException {
String searchFilter = idConfig.getSearchFilter(id);
@@ -432,7 +570,8 @@ public class LdapIdentityProvider implem
* currently fetch all entries so that we can close the connection
afterwards. maybe switch to an iterator approach
* later.
*/
- private List<Entry> getEntries(LdapConnection connection,
LdapProviderConfig.Identity idConfig)
+ @Nonnull
+ private List<Entry> getEntries(@Nonnull LdapConnection connection,
@Nonnull LdapProviderConfig.Identity idConfig)
throws CursorException, LdapException {
StringBuilder filter = new StringBuilder();
int num = 0;
@@ -443,12 +582,12 @@ public class LdapIdentityProvider implem
.append(')');
}
String extraFilter = idConfig.getExtraFilter();
- if (extraFilter != null && extraFilter.length() > 0) {
+ if (extraFilter != null && !extraFilter.isEmpty()) {
num++;
filter.append(extraFilter);
}
String searchFilter = num > 1
- ? "(&" + filter + ")"
+ ? "(&" + filter + ')'
: filter.toString();
// Create the SearchRequest object
@@ -487,18 +626,19 @@ public class LdapIdentityProvider implem
return result;
}
- private ExternalUser createUser(Entry e, String id)
+ @Nonnull
+ private ExternalUser createUser(@Nonnull Entry entry, @CheckForNull String
id)
throws LdapInvalidAttributeValueException {
- ExternalIdentityRef ref = new ExternalIdentityRef(e.getDn().getName(),
this.getName());
+ ExternalIdentityRef ref = new
ExternalIdentityRef(entry.getDn().getName(), this.getName());
if (id == null) {
- id = e.get(config.getUserConfig().getIdAttribute()).getString();
+ id =
entry.get(config.getUserConfig().getIdAttribute()).getString();
}
String path = config.getUserConfig().makeDnPath()
- ? createDNPath(e.getDn())
+ ? createDNPath(entry.getDn())
: null;
LdapUser user = new LdapUser(this, ref, id, path);
Map<String, Object> props = user.getProperties();
- for (Attribute attr: e.getAttributes()) {
+ for (Attribute attr: entry.getAttributes()) {
if (attr.isHumanReadable()) {
props.put(attr.getId(), attr.getString());
}
@@ -506,18 +646,19 @@ public class LdapIdentityProvider implem
return user;
}
- private ExternalGroup createGroup(Entry e, String name)
+ @Nonnull
+ private ExternalGroup createGroup(@Nonnull Entry entry, @CheckForNull
String name)
throws LdapInvalidAttributeValueException {
- ExternalIdentityRef ref = new ExternalIdentityRef(e.getDn().getName(),
this.getName());
+ ExternalIdentityRef ref = new
ExternalIdentityRef(entry.getDn().getName(), this.getName());
if (name == null) {
- name = e.get(config.getGroupConfig().getIdAttribute()).getString();
+ name =
entry.get(config.getGroupConfig().getIdAttribute()).getString();
}
String path = config.getGroupConfig().makeDnPath()
- ? createDNPath(e.getDn())
+ ? createDNPath(entry.getDn())
: null;
LdapGroup group = new LdapGroup(this, ref, name, path);
Map<String, Object> props = group.getProperties();
- for (Attribute attr: e.getAttributes()) {
+ for (Attribute attr: entry.getAttributes()) {
if (attr.isHumanReadable()) {
props.put(attr.getId(), attr.getString());
}
@@ -534,13 +675,14 @@ public class LdapIdentityProvider implem
} else {
return adminPool.getConnection();
}
- } catch (Throwable e) {
- log.error("Error while connecting to the ldap server.", e);
- throw new ExternalIdentityException("Error while connecting and
binding to the ldap server", e);
+ } catch (Exception e) {
+ String msg = "Error while connecting to the ldap server.";
+ log.error(msg, e);
+ throw new ExternalIdentityException(msg, e);
}
}
- private void disconnect(@Nullable LdapConnection connection) throws
ExternalIdentityException {
+ private void disconnect(@Nullable LdapConnection connection) {
try {
if (connection != null) {
if (adminPool == null) {
@@ -554,150 +696,9 @@ public class LdapIdentityProvider implem
}
}
- @Override
- public ExternalUser authenticate(@Nonnull Credentials credentials) throws
ExternalIdentityException, LoginException {
- if (!(credentials instanceof SimpleCredentials)) {
- log.debug("LDAP IDP can only authenticate SimpleCredentials.");
- return null;
- }
- final SimpleCredentials creds = (SimpleCredentials) credentials;
- final ExternalUser user = getUser(creds.getUserID());
- if (user != null) {
- // OAK-2078: check for non-empty passwords to avoid anonymous bind
on weakly configured servers
- // see http://tools.ietf.org/html/rfc4513#section-5.1.1 for
details.
- if (creds.getPassword().length == 0) {
- throw new LoginException("Refusing to authenticate against
LDAP server: Empty passwords not allowed.");
- }
-
- // authenticate
- LdapConnection connection = null;
- try {
- DebugTimer timer = new DebugTimer();
- if (userPool == null) {
- connection = userConnectionFactory.makeObject();
- } else {
- connection = userPool.getConnection();
- }
- timer.mark("connect");
- connection.bind(user.getExternalId().getId(), new
String(creds.getPassword()));
- timer.mark("bind");
- if (log.isDebugEnabled()) {
- log.debug("authenticate({}) {}", user.getId(),
timer.getString());
- }
- } catch (LdapAuthenticationException e) {
- throw new LoginException("Unable to authenticate against LDAP
server: " + e.getMessage());
- } catch (Exception e) {
- throw new ExternalIdentityException("Error while binding user
credentials", e);
- } finally {
- if (connection != null) {
- try {
- if (userPool == null) {
- userConnectionFactory.destroyObject(connection);
- } else {
- userPool.releaseConnection(connection);
- }
- } catch (Exception e) {
- // ignore
- }
- }
- }
- }
- return user;
- }
-
private boolean isMyRef(@Nonnull ExternalIdentityRef ref) {
final String refProviderName = ref.getProviderName();
- return refProviderName == null || refProviderName.length() == 0 ||
getName().equals(refProviderName);
- }
-
- /**
- * Collects the declared (direct) groups of an identity
- * @param ref reference to the identity
- * @return map of identities where the key is the DN of the LDAP entity
- */
- public Map<String, ExternalIdentityRef>
getDeclaredGroupRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
- if (!isMyRef(ref)) {
- return Collections.emptyMap();
- }
- String searchFilter = config.getMemberOfSearchFilter(ref.getId());
-
- LdapConnection connection = null;
- SearchCursor searchCursor = null;
- try {
- // Create the SearchRequest object
- SearchRequest req = new SearchRequestImpl();
- req.setScope(SearchScope.SUBTREE);
- req.addAttributes(SchemaConstants.NO_ATTRIBUTE);
- req.setTimeLimit((int) config.getSearchTimeout());
- req.setBase(new Dn(config.getGroupConfig().getBaseDN()));
- req.setFilter(searchFilter);
-
- Map<String, ExternalIdentityRef> groups = new HashMap<String,
ExternalIdentityRef>();
- DebugTimer timer = new DebugTimer();
- connection = connect();
- timer.mark("connect");
-
- searchCursor = connection.search(req);
- timer.mark("search");
- while (searchCursor.next()) {
- Response response = searchCursor.get();
- if (response instanceof SearchResultEntry) {
- Entry resultEntry = ((SearchResultEntry)
response).getEntry();
- ExternalIdentityRef groupRef = new
ExternalIdentityRef(resultEntry.getDn().toString(), this.getName());
- groups.put(groupRef.getId(), groupRef);
- }
- }
- timer.mark("iterate");
- if (log.isDebugEnabled()) {
- log.debug("search below {} with {} found {} entries. {}",
- config.getGroupConfig().getBaseDN(), searchFilter,
groups.size(), timer.getString());
- }
- return groups;
- } catch (Exception e) {
- log.error("Error during ldap membership search." ,e);
- throw new ExternalIdentityException("Error during ldap membership
search.", e);
- } finally {
- if (searchCursor != null) {
- searchCursor.close();
- }
- disconnect(connection);
- }
- }
-
- /**
- * Collects the declared (direct) members of a group
- * @param ref the reference to the group
- * @return map of identity refers
- * @throws ExternalIdentityException if an error occurs
- */
- public Map<String, ExternalIdentityRef>
getDeclaredMemberRefs(ExternalIdentityRef ref) throws ExternalIdentityException
{
- if (!isMyRef(ref)) {
- return Collections.emptyMap();
- }
- LdapConnection connection = null;
- try {
- Map<String, ExternalIdentityRef> members = new HashMap<String,
ExternalIdentityRef>();
- DebugTimer timer = new DebugTimer();
- connection = connect();
- timer.mark("connect");
- Entry entry = connection.lookup(ref.getId());
- timer.mark("lookup");
- Attribute attr = entry.get(config.getGroupMemberAttribute());
- for (Value value: attr) {
- ExternalIdentityRef memberRef = new
ExternalIdentityRef(value.getString(), this.getName());
- members.put(memberRef.getId(), memberRef);
- }
- timer.mark("iterate");
- if (log.isDebugEnabled()) {
- log.debug("members lookup of {} found {} members. {}",
ref.getId(), members.size(), timer.getString());
- }
- return members;
- } catch (Exception e) {
- log.error("Error during ldap group members lookup." ,e);
- throw new ExternalIdentityException("Error during ldap group
members lookup.", e);
- } finally {
- disconnect(connection);
- }
+ return refProviderName == null || refProviderName.isEmpty() ||
getName().equals(refProviderName);
}
/**
@@ -705,7 +706,7 @@ public class LdapIdentityProvider implem
* @param dn the dn of the identity
* @return the intermediate path or {@code null} if disabled by config
*/
- public String createDNPath(Dn dn) {
+ private static String createDNPath(Dn dn) {
StringBuilder path = new StringBuilder();
for (Rdn rnd: dn.getRdns()) {
if (path.length() > 0) {
@@ -715,4 +716,10 @@ public class LdapIdentityProvider implem
}
return path.toString();
}
+
+ private static ExternalIdentityException lookupFailedException(@Nonnull
Exception e, @CheckForNull DebugTimer timer) {
+ String msg = "Error during ldap lookup. ";
+ log.error(msg + ((timer != null) ? timer.getString() : ""), e);
+ return new ExternalIdentityException(msg, e);
+ }
}
Modified:
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java?rev=1675377&r1=1675376&r2=1675377&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
(original)
+++
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
Wed Apr 22 14:55:20 2015
@@ -982,7 +982,7 @@ public class LdapProviderConfig {
StringBuilder sb = null;
for (int i = 0; i < value.length(); i++) {
char ch = value.charAt(i);
- String replace = null;
+ String replace;
switch (ch) {
case '*':
replace = "\\2A";
@@ -1003,6 +1003,9 @@ public class LdapProviderConfig {
case '\0':
replace = "\\00";
break;
+
+ default:
+ replace = null;
}
if (replace != null) {
if (sb == null) {
Modified:
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java?rev=1675377&r1=1675376&r2=1675377&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
(original)
+++
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
Wed Apr 22 14:55:20 2015
@@ -17,6 +17,7 @@
package org.apache.jackrabbit.oak.security.authentication.ldap.impl;
+import java.io.IOException;
import org.apache.commons.pool.PoolableObjectFactory;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
@@ -57,7 +58,7 @@ public class PoolableUnboundConnectionFa
/**
* {@inheritDoc}
*/
- public void activateObject(LdapConnection connection) throws Exception {
+ public void activateObject(LdapConnection connection) {
log.debug("activate connection: {}", connection);
}
@@ -65,7 +66,7 @@ public class PoolableUnboundConnectionFa
/**
* {@inheritDoc}
*/
- public void destroyObject(LdapConnection connection) throws Exception {
+ public void destroyObject(LdapConnection connection) throws IOException {
log.debug("destroy connection: {}", connection);
connection.close();
}
@@ -74,7 +75,7 @@ public class PoolableUnboundConnectionFa
/**
* {@inheritDoc}
*/
- public LdapConnection makeObject() throws Exception {
+ public LdapConnection makeObject() throws LdapException {
LdapNetworkConnection connection = config.isUseTls()
? new TlsGuardingConnection(config)
: new LdapNetworkConnection(config);
@@ -87,7 +88,7 @@ public class PoolableUnboundConnectionFa
/**
* {@inheritDoc}
*/
- public void passivateObject(LdapConnection connection) throws Exception {
+ public void passivateObject(LdapConnection connection) {
log.debug("passivate connection: {}", connection);
}
@@ -114,7 +115,7 @@ public class PoolableUnboundConnectionFa
*
* @see
org.apache.directory.ldap.client.api.LdapNetworkConnection#bindAsync(org.apache.directory.api.ldap.model.message.BindRequest)
*/
- private static class TlsGuardingConnection extends LdapNetworkConnection {
+ private static final class TlsGuardingConnection extends
LdapNetworkConnection {
private boolean tlsStarted;
