| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> |
| <title>Coverage Report</title> |
| <link title="Style" type="text/css" rel="stylesheet" href="css/main.css"/> |
| <script type="text/javascript" src="js/popup.js"></script> |
| </head> |
| <body> |
| <h5>Coverage Report - org.apache.shiro.realm.ldap.JndiLdapRealm</h5> |
| <div class="separator"> </div> |
| <table class="report"> |
| <thead><tr> <td class="heading">Classes in this File</td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Line Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Branch Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Complexity</a></td></tr></thead> |
| <tr><td><a href="org.apache.shiro.realm.ldap.JndiLdapRealm.html">JndiLdapRealm</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">86%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:86px"><span class="text">64/74</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">72%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:72px"><span class="text">16/22</span></div></div></td></tr></table></td><td class="value"><span class="hidden">2.7857142857142856;</span>2.786</td></tr> |
| |
| </table> |
| <div class="separator"> </div> |
| <table cellspacing="0" cellpadding="0" class="src"> |
| <tr> <td class="numLine"> 1</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/*</span></pre></td></tr> |
| <tr> <td class="numLine"> 2</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Licensed to the Apache Software Foundation (ASF) under one</span></pre></td></tr> |
| <tr> <td class="numLine"> 3</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * or more contributor license agreements. See the NOTICE file</span></pre></td></tr> |
| <tr> <td class="numLine"> 4</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * distributed with this work for additional information</span></pre></td></tr> |
| <tr> <td class="numLine"> 5</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * regarding copyright ownership. The ASF licenses this file</span></pre></td></tr> |
| <tr> <td class="numLine"> 6</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * to you under the Apache License, Version 2.0 (the</span></pre></td></tr> |
| <tr> <td class="numLine"> 7</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * "License"); you may not use this file except in compliance</span></pre></td></tr> |
| <tr> <td class="numLine"> 8</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * with the License. You may obtain a copy of the License at</span></pre></td></tr> |
| <tr> <td class="numLine"> 9</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 10</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * http://www.apache.org/licenses/LICENSE-2.0</span></pre></td></tr> |
| <tr> <td class="numLine"> 11</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 12</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Unless required by applicable law or agreed to in writing,</span></pre></td></tr> |
| <tr> <td class="numLine"> 13</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * software distributed under the License is distributed on an</span></pre></td></tr> |
| <tr> <td class="numLine"> 14</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</span></pre></td></tr> |
| <tr> <td class="numLine"> 15</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * KIND, either express or implied. See the License for the</span></pre></td></tr> |
| <tr> <td class="numLine"> 16</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * specific language governing permissions and limitations</span></pre></td></tr> |
| <tr> <td class="numLine"> 17</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * under the License.</span></pre></td></tr> |
| <tr> <td class="numLine"> 18</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 19</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">package</span> org.apache.shiro.realm.ldap;</pre></td></tr> |
| <tr> <td class="numLine"> 20</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 21</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authc.AuthenticationException;</pre></td></tr> |
| <tr> <td class="numLine"> 22</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authc.AuthenticationInfo;</pre></td></tr> |
| <tr> <td class="numLine"> 23</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authc.AuthenticationToken;</pre></td></tr> |
| <tr> <td class="numLine"> 24</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authc.SimpleAuthenticationInfo;</pre></td></tr> |
| <tr> <td class="numLine"> 25</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;</pre></td></tr> |
| <tr> <td class="numLine"> 26</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authz.AuthorizationException;</pre></td></tr> |
| <tr> <td class="numLine"> 27</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authz.AuthorizationInfo;</pre></td></tr> |
| <tr> <td class="numLine"> 28</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.ldap.UnsupportedAuthenticationMechanismException;</pre></td></tr> |
| <tr> <td class="numLine"> 29</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.realm.AuthorizingRealm;</pre></td></tr> |
| <tr> <td class="numLine"> 30</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.subject.PrincipalCollection;</pre></td></tr> |
| <tr> <td class="numLine"> 31</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.util.StringUtils;</pre></td></tr> |
| <tr> <td class="numLine"> 32</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.slf4j.Logger;</pre></td></tr> |
| <tr> <td class="numLine"> 33</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.slf4j.LoggerFactory;</pre></td></tr> |
| <tr> <td class="numLine"> 34</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 35</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> javax.naming.AuthenticationNotSupportedException;</pre></td></tr> |
| <tr> <td class="numLine"> 36</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> javax.naming.NamingException;</pre></td></tr> |
| <tr> <td class="numLine"> 37</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> javax.naming.ldap.LdapContext;</pre></td></tr> |
| <tr> <td class="numLine"> 38</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 39</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 40</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * An LDAP {@link org.apache.shiro.realm.Realm Realm} implementation utilizing Sun's/Oracle's</span></pre></td></tr> |
| <tr> <td class="numLine"> 41</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <a href="http://download-llnw.oracle.com/javase/tutorial/jndi/ldap/jndi.html">JNDI API as an LDAP API</a>. This is</span></pre></td></tr> |
| <tr> <td class="numLine"> 42</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Shiro's default implementation for supporting LDAP, as using the JNDI API has been a common approach for Java LDAP</span></pre></td></tr> |
| <tr> <td class="numLine"> 43</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * support for many years.</span></pre></td></tr> |
| <tr> <td class="numLine"> 44</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 45</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This realm implementation and its backing {@link JndiLdapContextFactory} should cover 99% of all Shiro-related LDAP</span></pre></td></tr> |
| <tr> <td class="numLine"> 46</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * authentication and authorization needs. However, if it does not suit your needs, you might want to look into</span></pre></td></tr> |
| <tr> <td class="numLine"> 47</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * creating your own realm using an alternative, perhaps more robust, LDAP communication API, such as the</span></pre></td></tr> |
| <tr> <td class="numLine"> 48</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <a href="http://directory.apache.org/api/">Apache LDAP API</a>.</span></pre></td></tr> |
| <tr> <td class="numLine"> 49</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h2>Authentication</h2></span></pre></td></tr> |
| <tr> <td class="numLine"> 50</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * During an authentication attempt, if the submitted {@code AuthenticationToken}'s</span></pre></td></tr> |
| <tr> <td class="numLine"> 51</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link org.apache.shiro.authc.AuthenticationToken#getPrincipal() principal} is a simple username, but the</span></pre></td></tr> |
| <tr> <td class="numLine"> 52</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * LDAP directory expects a complete User Distinguished Name (User DN) to establish a connection, the</span></pre></td></tr> |
| <tr> <td class="numLine"> 53</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #setUserDnTemplate(String) userDnTemplate} property must be configured. If not configured,</span></pre></td></tr> |
| <tr> <td class="numLine"> 54</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * the property will pass the simple username directly as the User DN, which is often incorrect in most LDAP</span></pre></td></tr> |
| <tr> <td class="numLine"> 55</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * environments (maybe Microsoft ActiveDirectory being the exception).</span></pre></td></tr> |
| <tr> <td class="numLine"> 56</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h2>Authorization</h2></span></pre></td></tr> |
| <tr> <td class="numLine"> 57</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * By default, authorization is effectively disabled due to the default</span></pre></td></tr> |
| <tr> <td class="numLine"> 58</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)} implementation returning {@code null}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 59</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If you wish to perform authorization based on an LDAP schema, you must subclass this one</span></pre></td></tr> |
| <tr> <td class="numLine"> 60</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * and override that method to reflect your organization's data model.</span></pre></td></tr> |
| <tr> <td class="numLine"> 61</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h2>Configuration</h2></span></pre></td></tr> |
| <tr> <td class="numLine"> 62</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This class primarily provides the {@link #setUserDnTemplate(String) userDnTemplate} property to allow you to specify</span></pre></td></tr> |
| <tr> <td class="numLine"> 63</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * the your LDAP server's User DN format. Most other configuration is performed via the nested</span></pre></td></tr> |
| <tr> <td class="numLine"> 64</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link LdapContextFactory contextFactory} property.</span></pre></td></tr> |
| <tr> <td class="numLine"> 65</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 66</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * For example, defining this realm in Shiro .ini:</span></pre></td></tr> |
| <tr> <td class="numLine"> 67</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <pre></span></pre></td></tr> |
| <tr> <td class="numLine"> 68</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * [main]</span></pre></td></tr> |
| <tr> <td class="numLine"> 69</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm</span></pre></td></tr> |
| <tr> <td class="numLine"> 70</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * ldapRealm.userDnTemplate = uid={0},ou=users,dc=mycompany,dc=com</span></pre></td></tr> |
| <tr> <td class="numLine"> 71</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * ldapRealm.contextFactory.url = ldap://ldapHost:389</span></pre></td></tr> |
| <tr> <td class="numLine"> 72</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * ldapRealm.contextFactory.authenticationMechanism = DIGEST-MD5</span></pre></td></tr> |
| <tr> <td class="numLine"> 73</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * ldapRealm.contextFactory.environment[some.obscure.jndi.key] = some value</span></pre></td></tr> |
| <tr> <td class="numLine"> 74</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * ...</span></pre></td></tr> |
| <tr> <td class="numLine"> 75</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * </pre></span></pre></td></tr> |
| <tr> <td class="numLine"> 76</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * The default {@link #setContextFactory contextFactory} instance is a {@link JndiLdapContextFactory}. See that</span></pre></td></tr> |
| <tr> <td class="numLine"> 77</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * class's JavaDoc for more information on configuring the LDAP connection as well as specifying JNDI environment</span></pre></td></tr> |
| <tr> <td class="numLine"> 78</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * properties as necessary.</span></pre></td></tr> |
| <tr> <td class="numLine"> 79</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 80</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @see JndiLdapContextFactory</span></pre></td></tr> |
| <tr> <td class="numLine"> 81</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 82</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 1.1</span></pre></td></tr> |
| <tr> <td class="numLine"> 83</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 84</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">class</span> JndiLdapRealm <span class="keyword">extends</span> AuthorizingRealm {</pre></td></tr> |
| <tr> <td class="numLine"> 85</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 86</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> Logger log = LoggerFactory.getLogger(JndiLdapRealm.<span class="keyword">class</span>);</pre></td></tr> |
| <tr> <td class="numLine"> 87</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 88</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//The zero index currently means nothing, but could be utilized in the future for other substitution techniques.</span></pre></td></tr> |
| <tr> <td class="numLine"> 89</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> String USERDN_SUBSTITUTION_TOKEN = <span class="string">"{0}"</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 90</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 91</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> String userDnPrefix;</pre></td></tr> |
| <tr> <td class="numLine"> 92</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> String userDnSuffix;</pre></td></tr> |
| <tr> <td class="numLine"> 93</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 94</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/*--------------------------------------------</span></pre></td></tr> |
| <tr> <td class="numLine"> 95</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> | I N S T A N C E V A R I A B L E S |</span></pre></td></tr> |
| <tr> <td class="numLine"> 96</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> ============================================*/</span></pre></td></tr> |
| <tr> <td class="numLine"> 97</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 98</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * The LdapContextFactory instance used to acquire {@link javax.naming.ldap.LdapContext LdapContext}'s at runtime</span></pre></td></tr> |
| <tr> <td class="numLine"> 99</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * to acquire connections to the LDAP directory to perform authentication attempts and authorizatino queries.</span></pre></td></tr> |
| <tr> <td class="numLine"> 100</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 101</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> LdapContextFactory contextFactory;</pre></td></tr> |
| <tr> <td class="numLine"> 102</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 103</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/*--------------------------------------------</span></pre></td></tr> |
| <tr> <td class="numLine"> 104</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> | C O N S T R U C T O R S |</span></pre></td></tr> |
| <tr> <td class="numLine"> 105</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> ============================================*/</span></pre></td></tr> |
| <tr> <td class="numLine"> 106</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 107</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 108</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Default no-argument constructor that defaults the internal {@link LdapContextFactory} instance to a</span></pre></td></tr> |
| <tr> <td class="numLine"> 109</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link JndiLdapContextFactory}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 110</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 111</td> <td class="nbHitsCovered"> 13</td> <td class="src"><pre class="src"> <span class="keyword">public</span> JndiLdapRealm() {</pre></td></tr> |
| <tr> <td class="numLine"> 112</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//Credentials Matching is not necessary - the LDAP directory will do it automatically:</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 113</td> <td class="nbHitsCovered"> 13</td> <td class="src"><pre class="src"> setCredentialsMatcher(<span class="keyword">new</span> AllowAllCredentialsMatcher());</pre></td></tr> |
| <tr> <td class="numLine"> 114</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//Any Object principal and Object credentials may be passed to the LDAP provider, so accept any token:</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 115</td> <td class="nbHitsCovered"> 13</td> <td class="src"><pre class="src"> setAuthenticationTokenClass(AuthenticationToken.<span class="keyword">class</span>);</pre></td></tr> |
| <tr> <td class="numLineCover"> 116</td> <td class="nbHitsCovered"> 13</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.contextFactory = <span class="keyword">new</span> JndiLdapContextFactory();</pre></td></tr> |
| <tr> <td class="numLineCover"> 117</td> <td class="nbHitsCovered"> 13</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 118</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 119</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/*--------------------------------------------</span></pre></td></tr> |
| <tr> <td class="numLine"> 120</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> | A C C E S S O R S / M O D I F I E R S |</span></pre></td></tr> |
| <tr> <td class="numLine"> 121</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> ============================================*/</span></pre></td></tr> |
| <tr> <td class="numLine"> 122</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 123</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 124</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the User DN prefix to use when building a runtime User DN value or {@code null} if no</span></pre></td></tr> |
| <tr> <td class="numLine"> 125</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getUserDnTemplate() userDnTemplate} has been configured. If configured, this value is the text that</span></pre></td></tr> |
| <tr> <td class="numLine"> 126</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * occurs before the {@link #USERDN_SUBSTITUTION_TOKEN} in the {@link #getUserDnTemplate() userDnTemplate} value.</span></pre></td></tr> |
| <tr> <td class="numLine"> 127</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 128</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the the User DN prefix to use when building a runtime User DN value or {@code null} if no</span></pre></td></tr> |
| <tr> <td class="numLine"> 129</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getUserDnTemplate() userDnTemplate} has been configured.</span></pre></td></tr> |
| <tr> <td class="numLine"> 130</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 131</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> String getUserDnPrefix() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 132</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> <span class="keyword">return</span> userDnPrefix;</pre></td></tr> |
| <tr> <td class="numLine"> 133</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 134</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 135</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 136</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the User DN suffix to use when building a runtime User DN value. or {@code null} if no</span></pre></td></tr> |
| <tr> <td class="numLine"> 137</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getUserDnTemplate() userDnTemplate} has been configured. If configured, this value is the text that</span></pre></td></tr> |
| <tr> <td class="numLine"> 138</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * occurs after the {@link #USERDN_SUBSTITUTION_TOKEN} in the {@link #getUserDnTemplate() userDnTemplate} value.</span></pre></td></tr> |
| <tr> <td class="numLine"> 139</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 140</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the User DN suffix to use when building a runtime User DN value or {@code null} if no</span></pre></td></tr> |
| <tr> <td class="numLine"> 141</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getUserDnTemplate() userDnTemplate} has been configured.</span></pre></td></tr> |
| <tr> <td class="numLine"> 142</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 143</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> String getUserDnSuffix() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 144</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> <span class="keyword">return</span> userDnSuffix;</pre></td></tr> |
| <tr> <td class="numLine"> 145</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 146</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 147</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/*--------------------------------------------</span></pre></td></tr> |
| <tr> <td class="numLine"> 148</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> | M E T H O D S |</span></pre></td></tr> |
| <tr> <td class="numLine"> 149</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> ============================================*/</span></pre></td></tr> |
| <tr> <td class="numLine"> 150</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 151</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 152</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Sets the User Distinguished Name (DN) template to use when creating User DNs at runtime. A User DN is an LDAP</span></pre></td></tr> |
| <tr> <td class="numLine"> 153</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * fully-qualified unique user identifier which is required to establish a connection with the LDAP</span></pre></td></tr> |
| <tr> <td class="numLine"> 154</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * directory to authenticate users and query for authorization information.</span></pre></td></tr> |
| <tr> <td class="numLine"> 155</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h2>Usage</h2></span></pre></td></tr> |
| <tr> <td class="numLine"> 156</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * User DN formats are unique to the LDAP directory's schema, and each environment differs - you will need to</span></pre></td></tr> |
| <tr> <td class="numLine"> 157</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * specify the format corresponding to your directory. You do this by specifying the full User DN as normal, but</span></pre></td></tr> |
| <tr> <td class="numLine"> 158</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * but you use a <b>{@code {0}}</b> placeholder token in the string representing the location where the</span></pre></td></tr> |
| <tr> <td class="numLine"> 159</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * user's submitted principal (usually a username or uid) will be substituted at runtime.</span></pre></td></tr> |
| <tr> <td class="numLine"> 160</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 161</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * For example, if your directory</span></pre></td></tr> |
| <tr> <td class="numLine"> 162</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * uses an LDAP {@code uid} attribute to represent usernames, the User DN for the {@code jsmith} user may look like</span></pre></td></tr> |
| <tr> <td class="numLine"> 163</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * this:</span></pre></td></tr> |
| <tr> <td class="numLine"> 164</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 165</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <pre>uid=jsmith,ou=users,dc=mycompany,dc=com</pre></span></pre></td></tr> |
| <tr> <td class="numLine"> 166</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 167</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * in which case you would set this property with the following template value:</span></pre></td></tr> |
| <tr> <td class="numLine"> 168</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 169</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <pre>uid=<b>{0}</b>,ou=users,dc=mycompany,dc=com</pre></span></pre></td></tr> |
| <tr> <td class="numLine"> 170</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 171</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If no template is configured, the raw {@code AuthenticationToken}</span></pre></td></tr> |
| <tr> <td class="numLine"> 172</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link AuthenticationToken#getPrincipal() principal} will be used as the LDAP principal. This is likely</span></pre></td></tr> |
| <tr> <td class="numLine"> 173</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * incorrect as most LDAP directories expect a fully-qualified User DN as opposed to the raw uid or username. So,</span></pre></td></tr> |
| <tr> <td class="numLine"> 174</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * ensure you set this property to match your environment!</span></pre></td></tr> |
| <tr> <td class="numLine"> 175</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 176</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param template the User Distinguished Name template to use for runtime substitution</span></pre></td></tr> |
| <tr> <td class="numLine"> 177</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @throws IllegalArgumentException if the template is null, empty, or does not contain the</span></pre></td></tr> |
| <tr> <td class="numLine"> 178</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code {0}} substitution token.</span></pre></td></tr> |
| <tr> <td class="numLine"> 179</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @see LdapContextFactory#getLdapContext(Object,Object)</span></pre></td></tr> |
| <tr> <td class="numLine"> 180</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 181</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> setUserDnTemplate(String template) <span class="keyword">throws</span> IllegalArgumentException {</pre></td></tr> |
| <tr> <td class="numLineCover"> 182</td> <td class="nbHitsCovered"><a title="Line 182: Conditional coverage 100% (2/2)."> 8</a></td> <td class="src"><pre class="src"> <a title="Line 182: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!StringUtils.hasText(template)) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 183</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> String msg = <span class="string">"User DN template cannot be null or empty."</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 184</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> <span class="keyword">throw</span> <span class="keyword">new</span> IllegalArgumentException(msg);</pre></td></tr> |
| <tr> <td class="numLine"> 185</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 186</td> <td class="nbHitsCovered"> 6</td> <td class="src"><pre class="src"> <span class="keyword">int</span> index = template.indexOf(USERDN_SUBSTITUTION_TOKEN);</pre></td></tr> |
| <tr> <td class="numLineCover"> 187</td> <td class="nbHitsCovered"><a title="Line 187: Conditional coverage 100% (2/2)."> 6</a></td> <td class="src"><pre class="src"> <a title="Line 187: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (index < 0) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 188</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> String msg = <span class="string">"User DN template must contain the '"</span> +</pre></td></tr> |
| <tr> <td class="numLine"> 189</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> USERDN_SUBSTITUTION_TOKEN + <span class="string">"' replacement token to understand where to "</span> +</pre></td></tr> |
| <tr> <td class="numLine"> 190</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="string">"insert the runtime authentication principal."</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 191</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">throw</span> <span class="keyword">new</span> IllegalArgumentException(msg);</pre></td></tr> |
| <tr> <td class="numLine"> 192</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 193</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> String prefix = template.substring(0, index);</pre></td></tr> |
| <tr> <td class="numLineCover"> 194</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> String suffix = template.substring(prefix.length() + USERDN_SUBSTITUTION_TOKEN.length());</pre></td></tr> |
| <tr> <td class="numLineCover"> 195</td> <td class="nbHitsUncovered"><a title="Line 195: Conditional coverage 50% (1/2)."> 5</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 195: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (log.isDebugEnabled()) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 196</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> log.debug(<span class="string">"Determined user DN prefix [{}] and suffix [{}]"</span>, prefix, suffix);</pre></td></tr> |
| <tr> <td class="numLine"> 197</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 198</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.userDnPrefix = prefix;</pre></td></tr> |
| <tr> <td class="numLineCover"> 199</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.userDnSuffix = suffix;</pre></td></tr> |
| <tr> <td class="numLineCover"> 200</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 201</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 202</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 203</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the User Distinguished Name (DN) template to use when creating User DNs at runtime - see the</span></pre></td></tr> |
| <tr> <td class="numLine"> 204</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #setUserDnTemplate(String) setUserDnTemplate} JavaDoc for a full explanation.</span></pre></td></tr> |
| <tr> <td class="numLine"> 205</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 206</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the User Distinguished Name (DN) template to use when creating User DNs at runtime.</span></pre></td></tr> |
| <tr> <td class="numLine"> 207</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 208</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> String getUserDnTemplate() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 209</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span> getUserDn(USERDN_SUBSTITUTION_TOKEN);</pre></td></tr> |
| <tr> <td class="numLine"> 210</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 211</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 212</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 213</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the LDAP User Distinguished Name (DN) to use when acquiring an</span></pre></td></tr> |
| <tr> <td class="numLine"> 214</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link javax.naming.ldap.LdapContext LdapContext} from the {@link LdapContextFactory}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 215</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 216</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If the the {@link #getUserDnTemplate() userDnTemplate} property has been set, this implementation will construct</span></pre></td></tr> |
| <tr> <td class="numLine"> 217</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * the User DN by substituting the specified {@code principal} into the configured template. If the</span></pre></td></tr> |
| <tr> <td class="numLine"> 218</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getUserDnTemplate() userDnTemplate} has not been set, the method argument will be returned directly</span></pre></td></tr> |
| <tr> <td class="numLine"> 219</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * (indicating that the submitted authentication token principal <em>is</em> the User DN).</span></pre></td></tr> |
| <tr> <td class="numLine"> 220</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 221</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param principal the principal to substitute into the configured {@link #getUserDnTemplate() userDnTemplate}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 222</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the constructed User DN to use at runtime when acquiring an {@link javax.naming.ldap.LdapContext}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 223</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @throws IllegalArgumentException if the method argument is null or empty</span></pre></td></tr> |
| <tr> <td class="numLine"> 224</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @throws IllegalStateException if the {@link #getUserDnTemplate userDnTemplate} has not been set.</span></pre></td></tr> |
| <tr> <td class="numLine"> 225</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @see LdapContextFactory#getLdapContext(Object, Object)</span></pre></td></tr> |
| <tr> <td class="numLine"> 226</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 227</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> String getUserDn(String principal) <span class="keyword">throws</span> IllegalArgumentException, IllegalStateException {</pre></td></tr> |
| <tr> <td class="numLineCover"> 228</td> <td class="nbHitsCovered"><a title="Line 228: Conditional coverage 100% (2/2)."> 6</a></td> <td class="src"><pre class="src"> <a title="Line 228: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!StringUtils.hasText(principal)) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 229</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">throw</span> <span class="keyword">new</span> IllegalArgumentException(<span class="string">"User principal cannot be null or empty for User DN construction."</span>);</pre></td></tr> |
| <tr> <td class="numLine"> 230</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 231</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> String prefix = getUserDnPrefix();</pre></td></tr> |
| <tr> <td class="numLineCover"> 232</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> String suffix = getUserDnSuffix();</pre></td></tr> |
| <tr> <td class="numLineCover"> 233</td> <td class="nbHitsUncovered"><a title="Line 233: Conditional coverage 75% (3/4) [each condition: 100%, 50%]."> 5</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 233: Conditional coverage 75% (3/4) [each condition: 100%, 50%]."> <span class="keyword">if</span> (prefix == <span class="keyword">null</span> && suffix == <span class="keyword">null</span>) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 234</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> log.debug(<span class="string">"userDnTemplate property has not been configured, indicating the submitted "</span> +</pre></td></tr> |
| <tr> <td class="numLine"> 235</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="string">"AuthenticationToken's principal is the same as the User DN. Returning the method argument "</span> +</pre></td></tr> |
| <tr> <td class="numLine"> 236</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="string">"as is."</span>);</pre></td></tr> |
| <tr> <td class="numLineCover"> 237</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span> principal;</pre></td></tr> |
| <tr> <td class="numLine"> 238</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 239</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 240</td> <td class="nbHitsUncovered"><a title="Line 240: Conditional coverage 50% (1/2)."> 4</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 240: Conditional coverage 50% (1/2)."> <span class="keyword">int</span> prefixLength = prefix != <span class="keyword">null</span> ? prefix.length() : 0;</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 241</td> <td class="nbHitsUncovered"><a title="Line 241: Conditional coverage 50% (1/2)."> 4</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 241: Conditional coverage 50% (1/2)."> <span class="keyword">int</span> suffixLength = suffix != <span class="keyword">null</span> ? suffix.length() : 0;</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 242</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> StringBuilder sb = <span class="keyword">new</span> StringBuilder(prefixLength + principal.length() + suffixLength);</pre></td></tr> |
| <tr> <td class="numLineCover"> 243</td> <td class="nbHitsUncovered"><a title="Line 243: Conditional coverage 50% (1/2)."> 4</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 243: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (prefixLength > 0) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 244</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> sb.append(prefix);</pre></td></tr> |
| <tr> <td class="numLine"> 245</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 246</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> sb.append(principal);</pre></td></tr> |
| <tr> <td class="numLineCover"> 247</td> <td class="nbHitsUncovered"><a title="Line 247: Conditional coverage 50% (1/2)."> 4</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 247: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (suffixLength > 0) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 248</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> sb.append(suffix);</pre></td></tr> |
| <tr> <td class="numLine"> 249</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 250</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> <span class="keyword">return</span> sb.toString();</pre></td></tr> |
| <tr> <td class="numLine"> 251</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 252</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 253</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 254</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Sets the LdapContextFactory instance used to acquire connections to the LDAP directory during authentication</span></pre></td></tr> |
| <tr> <td class="numLine"> 255</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * attempts and authorization queries. Unless specified otherwise, the default is a {@link JndiLdapContextFactory}</span></pre></td></tr> |
| <tr> <td class="numLine"> 256</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * instance.</span></pre></td></tr> |
| <tr> <td class="numLine"> 257</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 258</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param contextFactory the LdapContextFactory instance used to acquire connections to the LDAP directory during</span></pre></td></tr> |
| <tr> <td class="numLine"> 259</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * authentication attempts and authorization queries</span></pre></td></tr> |
| <tr> <td class="numLine"> 260</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 261</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @SuppressWarnings({<span class="string">"UnusedDeclaration"</span>})</pre></td></tr> |
| <tr> <td class="numLine"> 262</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> setContextFactory(LdapContextFactory contextFactory) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 263</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.contextFactory = contextFactory;</pre></td></tr> |
| <tr> <td class="numLineCover"> 264</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 265</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 266</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 267</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the LdapContextFactory instance used to acquire connections to the LDAP directory during authentication</span></pre></td></tr> |
| <tr> <td class="numLine"> 268</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * attempts and authorization queries. Unless specified otherwise, the default is a {@link JndiLdapContextFactory}</span></pre></td></tr> |
| <tr> <td class="numLine"> 269</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * instance.</span></pre></td></tr> |
| <tr> <td class="numLine"> 270</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 271</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the LdapContextFactory instance used to acquire connections to the LDAP directory during</span></pre></td></tr> |
| <tr> <td class="numLine"> 272</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * authentication attempts and authorization queries</span></pre></td></tr> |
| <tr> <td class="numLine"> 273</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 274</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> LdapContextFactory getContextFactory() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 275</td> <td class="nbHitsCovered"> 14</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">this</span>.contextFactory;</pre></td></tr> |
| <tr> <td class="numLine"> 276</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 277</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 278</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/*--------------------------------------------</span></pre></td></tr> |
| <tr> <td class="numLine"> 279</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> | M E T H O D S |</span></pre></td></tr> |
| <tr> <td class="numLine"> 280</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> ============================================*/</span></pre></td></tr> |
| <tr> <td class="numLine"> 281</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 282</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 283</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Delegates to {@link #queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, LdapContextFactory)},</span></pre></td></tr> |
| <tr> <td class="numLine"> 284</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * wrapping any {@link NamingException}s in a Shiro {@link AuthenticationException} to satisfy the parent method</span></pre></td></tr> |
| <tr> <td class="numLine"> 285</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * signature.</span></pre></td></tr> |
| <tr> <td class="numLine"> 286</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 287</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param token the authentication token containing the user's principal and credentials.</span></pre></td></tr> |
| <tr> <td class="numLine"> 288</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the {@link AuthenticationInfo} acquired after a successful authentication attempt</span></pre></td></tr> |
| <tr> <td class="numLine"> 289</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @throws AuthenticationException if the authentication attempt fails or if a</span></pre></td></tr> |
| <tr> <td class="numLine"> 290</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link NamingException} occurs.</span></pre></td></tr> |
| <tr> <td class="numLine"> 291</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 292</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) <span class="keyword">throws</span> AuthenticationException {</pre></td></tr> |
| <tr> <td class="numLine"> 293</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> AuthenticationInfo info;</pre></td></tr> |
| <tr> <td class="numLine"> 294</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">try</span> {</pre></td></tr> |
| <tr> <td class="numLineCover"> 295</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> info = queryForAuthenticationInfo(token, getContextFactory());</pre></td></tr> |
| <tr> <td class="numLineCover"> 296</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> } <span class="keyword">catch</span> (AuthenticationNotSupportedException e) {</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 297</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> String msg = <span class="string">"Unsupported configured authentication mechanism"</span>;</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 298</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">throw</span> <span class="keyword">new</span> UnsupportedAuthenticationMechanismException(msg, e);</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 299</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> } <span class="keyword">catch</span> (javax.naming.AuthenticationException e) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 300</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">throw</span> <span class="keyword">new</span> AuthenticationException(<span class="string">"LDAP authentication failed."</span>, e);</pre></td></tr> |
| <tr> <td class="numLineCover"> 301</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> } <span class="keyword">catch</span> (NamingException e) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 302</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> String msg = <span class="string">"LDAP naming error while attempting to authenticate user."</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 303</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">throw</span> <span class="keyword">new</span> AuthenticationException(msg, e);</pre></td></tr> |
| <tr> <td class="numLineCover"> 304</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 305</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 306</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> <span class="keyword">return</span> info;</pre></td></tr> |
| <tr> <td class="numLine"> 307</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 308</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 309</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 310</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {</pre></td></tr> |
| <tr> <td class="numLine"> 311</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> AuthorizationInfo info;</pre></td></tr> |
| <tr> <td class="numLine"> 312</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">try</span> {</pre></td></tr> |
| <tr> <td class="numLineCover"> 313</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> info = queryForAuthorizationInfo(principals, getContextFactory());</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 314</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> } <span class="keyword">catch</span> (NamingException e) {</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 315</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> String msg = <span class="string">"LDAP naming error while attempting to retrieve authorization for user ["</span> + principals + <span class="string">"]."</span>;</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 316</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">throw</span> <span class="keyword">new</span> AuthorizationException(msg, e);</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 317</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> }</span></pre></td></tr> |
| <tr> <td class="numLine"> 318</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 319</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">return</span> info;</span></pre></td></tr> |
| <tr> <td class="numLine"> 320</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 321</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 322</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 323</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the principal to use when creating the LDAP connection for an authentication attempt.</span></pre></td></tr> |
| <tr> <td class="numLine"> 324</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 325</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This implementation uses a heuristic: it checks to see if the specified token's</span></pre></td></tr> |
| <tr> <td class="numLine"> 326</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link AuthenticationToken#getPrincipal() principal} is a {@code String}, and if so,</span></pre></td></tr> |
| <tr> <td class="numLine"> 327</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getUserDn(String) converts it} from what is</span></pre></td></tr> |
| <tr> <td class="numLine"> 328</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * assumed to be a raw uid or username {@code String} into a User DN {@code String}. Almost all LDAP directories</span></pre></td></tr> |
| <tr> <td class="numLine"> 329</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * expect the authentication connection to present a User DN and not an unqualified username or uid.</span></pre></td></tr> |
| <tr> <td class="numLine"> 330</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 331</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If the token's {@code principal} is not a String, it is assumed to already be in the format supported by the</span></pre></td></tr> |
| <tr> <td class="numLine"> 332</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * underlying {@link LdapContextFactory} implementation and the raw principal is returned directly.</span></pre></td></tr> |
| <tr> <td class="numLine"> 333</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 334</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param token the {@link AuthenticationToken} submitted during the authentication process</span></pre></td></tr> |
| <tr> <td class="numLine"> 335</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the User DN or raw principal to use to acquire the LdapContext.</span></pre></td></tr> |
| <tr> <td class="numLine"> 336</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @see LdapContextFactory#getLdapContext(Object, Object)</span></pre></td></tr> |
| <tr> <td class="numLine"> 337</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 338</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> Object getLdapPrincipal(AuthenticationToken token) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 339</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> Object principal = token.getPrincipal();</pre></td></tr> |
| <tr> <td class="numLineCover"> 340</td> <td class="nbHitsCovered"><a title="Line 340: Conditional coverage 100% (2/2)."> 4</a></td> <td class="src"><pre class="src"> <a title="Line 340: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (principal <span class="keyword">instanceof</span> String) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 341</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> String sPrincipal = (String) principal;</pre></td></tr> |
| <tr> <td class="numLineCover"> 342</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> <span class="keyword">return</span> getUserDn(sPrincipal);</pre></td></tr> |
| <tr> <td class="numLine"> 343</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 344</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span> principal;</pre></td></tr> |
| <tr> <td class="numLine"> 345</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 346</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 347</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 348</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This implementation opens an LDAP connection using the token's</span></pre></td></tr> |
| <tr> <td class="numLine"> 349</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getLdapPrincipal(org.apache.shiro.authc.AuthenticationToken) discovered principal} and provided</span></pre></td></tr> |
| <tr> <td class="numLine"> 350</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link AuthenticationToken#getCredentials() credentials}. If the connection opens successfully, the</span></pre></td></tr> |
| <tr> <td class="numLine"> 351</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * authentication attempt is immediately considered successful and a new</span></pre></td></tr> |
| <tr> <td class="numLine"> 352</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link AuthenticationInfo} instance is</span></pre></td></tr> |
| <tr> <td class="numLine"> 353</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #createAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, Object, Object, javax.naming.ldap.LdapContext) created}</span></pre></td></tr> |
| <tr> <td class="numLine"> 354</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * and returned. If the connection cannot be opened, either because LDAP authentication failed or some other</span></pre></td></tr> |
| <tr> <td class="numLine"> 355</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * JNDI problem, an {@link NamingException} will be thrown.</span></pre></td></tr> |
| <tr> <td class="numLine"> 356</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 357</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param token the submitted authentication token that triggered the authentication attempt.</span></pre></td></tr> |
| <tr> <td class="numLine"> 358</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param ldapContextFactory factory used to retrieve LDAP connections.</span></pre></td></tr> |
| <tr> <td class="numLine"> 359</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return an {@link AuthenticationInfo} instance representing the authenticated user's information.</span></pre></td></tr> |
| <tr> <td class="numLine"> 360</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @throws NamingException if any LDAP errors occur.</span></pre></td></tr> |
| <tr> <td class="numLine"> 361</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 362</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token,</pre></td></tr> |
| <tr> <td class="numLine"> 363</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> LdapContextFactory ldapContextFactory)</pre></td></tr> |
| <tr> <td class="numLine"> 364</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">throws</span> NamingException {</pre></td></tr> |
| <tr> <td class="numLine"> 365</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 366</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> Object principal = token.getPrincipal();</pre></td></tr> |
| <tr> <td class="numLineCover"> 367</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> Object credentials = token.getCredentials();</pre></td></tr> |
| <tr> <td class="numLine"> 368</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 369</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> log.debug(<span class="string">"Authenticating user '{}' through LDAP"</span>, principal);</pre></td></tr> |
| <tr> <td class="numLine"> 370</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 371</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> principal = getLdapPrincipal(token);</pre></td></tr> |
| <tr> <td class="numLine"> 372</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 373</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> LdapContext ctx = <span class="keyword">null</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 374</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">try</span> {</pre></td></tr> |
| <tr> <td class="numLineCover"> 375</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> ctx = ldapContextFactory.getLdapContext(principal, credentials);</pre></td></tr> |
| <tr> <td class="numLine"> 376</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//context was opened successfully, which means their credentials were valid. Return the AuthenticationInfo:</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 377</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> <span class="keyword">return</span> createAuthenticationInfo(token, principal, credentials, ctx);</pre></td></tr> |
| <tr> <td class="numLine"> 378</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> } <span class="keyword">finally</span> {</pre></td></tr> |
| <tr> <td class="numLineCover"> 379</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> LdapUtils.closeContext(ctx);</pre></td></tr> |
| <tr> <td class="numLine"> 380</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 381</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 382</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 383</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 384</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the {@link AuthenticationInfo} resulting from a Subject's successful LDAP authentication attempt.</span></pre></td></tr> |
| <tr> <td class="numLine"> 385</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 386</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This implementation ignores the {@code ldapPrincipal}, {@code ldapCredentials}, and the opened</span></pre></td></tr> |
| <tr> <td class="numLine"> 387</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code ldapContext} arguments and merely returns an {@code AuthenticationInfo} instance mirroring the</span></pre></td></tr> |
| <tr> <td class="numLine"> 388</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * submitted token's principal and credentials. This is acceptable because this method is only ever invoked after</span></pre></td></tr> |
| <tr> <td class="numLine"> 389</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * a successful authentication attempt, which means the provided principal and credentials were correct, and can</span></pre></td></tr> |
| <tr> <td class="numLine"> 390</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * be used directly to populate the (now verified) {@code AuthenticationInfo}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 391</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 392</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Subclasses however are free to override this method for more advanced construction logic.</span></pre></td></tr> |
| <tr> <td class="numLine"> 393</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 394</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param token the submitted {@code AuthenticationToken} that resulted in a successful authentication</span></pre></td></tr> |
| <tr> <td class="numLine"> 395</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param ldapPrincipal the LDAP principal used when creating the LDAP connection. Unlike the token's</span></pre></td></tr> |
| <tr> <td class="numLine"> 396</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link AuthenticationToken#getPrincipal() principal}, this value is usually a constructed</span></pre></td></tr> |
| <tr> <td class="numLine"> 397</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * User DN and not a simple username or uid. The exact value is depending on the</span></pre></td></tr> |
| <tr> <td class="numLine"> 398</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * configured</span></pre></td></tr> |
| <tr> <td class="numLine"> 399</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <a href="http://download-llnw.oracle.com/javase/tutorial/jndi/ldap/auth_mechs.html"></span></pre></td></tr> |
| <tr> <td class="numLine"> 400</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * LDAP authentication mechanism</a> in use.</span></pre></td></tr> |
| <tr> <td class="numLine"> 401</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param ldapCredentials the LDAP credentials used when creating the LDAP connection.</span></pre></td></tr> |
| <tr> <td class="numLine"> 402</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param ldapContext the LdapContext created that resulted in a successful authentication. It can be used</span></pre></td></tr> |
| <tr> <td class="numLine"> 403</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * further by subclasses for more complex operations. It does not need to be closed -</span></pre></td></tr> |
| <tr> <td class="numLine"> 404</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * it will be closed automatically after this method returns.</span></pre></td></tr> |
| <tr> <td class="numLine"> 405</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the {@link AuthenticationInfo} resulting from a Subject's successful LDAP authentication attempt.</span></pre></td></tr> |
| <tr> <td class="numLine"> 406</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @throws NamingException if there was any problem using the {@code LdapContext}</span></pre></td></tr> |
| <tr> <td class="numLine"> 407</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 408</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @SuppressWarnings({<span class="string">"UnusedDeclaration"</span>})</pre></td></tr> |
| <tr> <td class="numLine"> 409</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> AuthenticationInfo createAuthenticationInfo(AuthenticationToken token, Object ldapPrincipal,</pre></td></tr> |
| <tr> <td class="numLine"> 410</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> Object ldapCredentials, LdapContext ldapContext)</pre></td></tr> |
| <tr> <td class="numLine"> 411</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">throws</span> NamingException {</pre></td></tr> |
| <tr> <td class="numLineCover"> 412</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">new</span> SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName());</pre></td></tr> |
| <tr> <td class="numLine"> 413</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 414</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 415</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 416</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 417</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Method that should be implemented by subclasses to build an</span></pre></td></tr> |
| <tr> <td class="numLine"> 418</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link AuthorizationInfo} object by querying the LDAP context for the</span></pre></td></tr> |
| <tr> <td class="numLine"> 419</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * specified principal.</p></span></pre></td></tr> |
| <tr> <td class="numLine"> 420</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 421</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param principals the principals of the Subject whose AuthenticationInfo should be queried from the LDAP server.</span></pre></td></tr> |
| <tr> <td class="numLine"> 422</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param ldapContextFactory factory used to retrieve LDAP connections.</span></pre></td></tr> |
| <tr> <td class="numLine"> 423</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return an {@link AuthorizationInfo} instance containing information retrieved from the LDAP server.</span></pre></td></tr> |
| <tr> <td class="numLine"> 424</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @throws NamingException if any LDAP errors occur during the search.</span></pre></td></tr> |
| <tr> <td class="numLine"> 425</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 426</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals,</pre></td></tr> |
| <tr> <td class="numLine"> 427</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> LdapContextFactory ldapContextFactory) <span class="keyword">throws</span> NamingException {</pre></td></tr> |
| <tr> <td class="numLineCover"> 428</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">return</span> <span class="keyword">null</span>;</span></pre></td></tr> |
| <tr> <td class="numLine"> 429</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 430</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| </table> |
| |
| <div class="footer">Report generated by <a href="http://cobertura.sourceforge.net/" target="_top">Cobertura</a> 1.9.4.1 on 3/4/16 6:04 PM.</div> |
| </body> |
| </html> |