Hi Lez
I'm using ActiveDirectoryRealm and env.put gets called with empty
credentials. AD does not allow empty password for user.
I've made some tests outside Shiro. When I create a new InitialLdapContext
with empty credentials, it does not throw a
javax.naming.AuthenticationException. Also the name is not relevant (when
using empty credential I can put any String as principal) -> no Exception. I
tried following connecting to a Windows Server 2003 with AD (without any
special configuration):
Hashtable<String, Object> env = new Hashtable<String,
Object>();
env.put(Context.SECURITY_PRINCIPAL, "any"); // does not exist
env.put(Context.SECURITY_CREDENTIALS, "");
env.put(Context.PROVIDER_URL, "ldap://[HOST]:[PORT]";);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
InitialLdapContext ldpapContext = new InitialLdapContext(env, null);
Only if I set credentials, new InitialLdapContext throws exception if
principal/credential does not match...
Is there is no need to call InitialLdapContext.search in
ActiveDirectoryRealm like in this sample?:
http://blogs.artinsoft.net/mrojas/archive/2007/05/14/1429.aspx
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/ActiveDirectoryRealm-authenticates-with-empty-password-tp6378245p6381265.html
Sent from the Shiro User mailing list archive at Nabble.com.
