Java Code Examples for org.apache.directory.api.ldap.model.message.BindRequest#getSaslMechanism()
The following examples show how to use
org.apache.directory.api.ldap.model.message.BindRequest#getSaslMechanism() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: BindRequestHandler.java From MyVirtualDirectory with Apache License 2.0 | 5 votes |
|
private void handleSaslAuthPending( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
{
// First, check that we have the same mechanism
String saslMechanism = bindRequest.getSaslMechanism();
// The empty mechanism is also a request for a new Bind session
if ( Strings.isEmpty( saslMechanism )
|| !ldapSession.getSaslProperty( SaslConstants.SASL_MECH ).equals( saslMechanism ) )
{
sendAuthMethNotSupported( ldapSession, bindRequest );
return;
}
// We have already received a first BindRequest, and sent back some challenge.
// First, check if the mechanism is the same
MechanismHandler mechanismHandler = handlers.get( saslMechanism );
if ( mechanismHandler == null )
{
String message = I18n.err( I18n.ERR_161, saslMechanism );
// Clear the saslProperties, and move to the anonymous state
ldapSession.clearSaslProperties();
ldapSession.setAnonymous();
LOG.error( message );
throw new IllegalArgumentException( message );
}
// Get the previously created SaslServer instance
SaslServer ss = mechanismHandler.handleMechanism( ldapSession, bindRequest );
generateSaslChallengeOrComplete( ldapSession, ss, bindRequest );
}
Example 2
| Source File: BindRequestHandler.java From MyVirtualDirectory with Apache License 2.0 | 5 votes |
|
private void handleSaslAuthPending(LdapSession ldapSession, BindRequest bindRequest) throws Exception {
// First, check that we have the same mechanism
String saslMechanism = bindRequest.getSaslMechanism();
// The empty mechanism is also a request for a new Bind session
if (Strings.isEmpty(saslMechanism)
|| !ldapSession.getSaslProperty(SaslConstants.SASL_MECH).equals(saslMechanism)) {
sendAuthMethNotSupported(ldapSession, bindRequest);
return;
}
// We have already received a first BindRequest, and sent back some challenge.
// First, check if the mechanism is the same
MechanismHandler mechanismHandler = handlers.get(saslMechanism);
if (mechanismHandler == null) {
String message = I18n.err(I18n.ERR_161, saslMechanism);
// Clear the saslProperties, and move to the anonymous state
ldapSession.clearSaslProperties();
ldapSession.setAnonymous();
LOG.error(message);
throw new IllegalArgumentException(message);
}
// Get the previously created SaslServer instance
SaslServer ss = mechanismHandler.handleMechanism(ldapSession, bindRequest);
generateSaslChallengeOrComplete(ldapSession, ss, bindRequest);
}
Example 3
| Source File: BindRequestHandler.java From MyVirtualDirectory with Apache License 2.0 | 4 votes |
|
/**
* For challenge/response exchange, generate the challenge.
* If the exchange is complete then send bind success.
*
* @param ldapSession
* @param ss
* @param bindRequest
*/
private void generateSaslChallengeOrComplete( LdapSession ldapSession, SaslServer ss,
BindRequest bindRequest ) throws Exception
{
LdapResult result = bindRequest.getResultResponse().getLdapResult();
// SaslServer will throw an exception if the credentials are null.
if ( bindRequest.getCredentials() == null )
{
bindRequest.setCredentials( StringConstants.EMPTY_BYTES );
}
try
{
// Compute the challenge
byte[] tokenBytes = ss.evaluateResponse( bindRequest.getCredentials() );
if ( ss.isComplete() )
{
// This is the end of the C/R exchange
if ( tokenBytes != null )
{
/*
* There may be a token to return to the client. We set it here
* so it will be returned in a SUCCESS message, after an LdapContext
* has been initialized for the client.
*/
ldapSession.putSaslProperty( SaslConstants.SASL_CREDS, tokenBytes );
}
LdapPrincipal ldapPrincipal = ( LdapPrincipal ) ldapSession
.getSaslProperty( SaslConstants.SASL_AUTHENT_USER );
if ( ldapPrincipal != null )
{
DirectoryService ds = ldapSession.getLdapServer().getDirectoryService();
String saslMechanism = bindRequest.getSaslMechanism();
byte[] password = null;
if ( ldapPrincipal.getUserPasswords() != null )
{
password = ldapPrincipal.getUserPasswords()[0];
}
CoreSession userSession = ds.getSession( ldapPrincipal.getDn(),
password, saslMechanism, null );
// Set the user session into the ldap session
ldapSession.setCoreSession( userSession );
// Store the IoSession in the coreSession
( ( DefaultCoreSession ) userSession ).setIoSession( ldapSession.getIoSession() );
}
// Mark the user as authenticated
ldapSession.setAuthenticated();
// Call the cleanup method for the selected mechanism
MechanismHandler handler = ( MechanismHandler ) ldapSession
.getSaslProperty( SaslConstants.SASL_MECH_HANDLER );
handler.cleanup( ldapSession );
// Return the successful response
sendBindSuccess( ldapSession, bindRequest, tokenBytes );
}
else
{
// The SASL bind must continue, we are sending the computed challenge
LOG.info( "Continuation token had length " + tokenBytes.length );
// Build the response
result.setResultCode( ResultCodeEnum.SASL_BIND_IN_PROGRESS );
BindResponse resp = bindRequest.getResultResponse();
// Store the challenge
resp.setServerSaslCreds( tokenBytes );
// Switch to SASLAuthPending
ldapSession.setSaslAuthPending();
// And write back the response
ldapSession.getIoSession().write( resp );
LOG.debug( "Returning final authentication data to client to complete context." );
}
}
catch ( SaslException se )
{
sendInvalidCredentials( ldapSession, bindRequest, se );
}
}
Example 4
| Source File: BindRequestHandler.java From MyVirtualDirectory with Apache License 2.0 | 4 votes |
|
/**
* Handle the SASL authentication. If the mechanism is known, we are
* facing three cases :
* <ul>
* <li>The user does not has a session yet</li>
* <li>The user already has a session</li>
* <li>The user has started a SASL negotiation</li>
* </lu><br/>
*
* In the first case, we initiate a SaslBind session, which will be used all
* along the negotiation.<br/>
* In the second case, we first have to unbind the user, and initiate a new
* SaslBind session.<br/>
* In the third case, we have sub cases :
* <ul>
* <li>The mechanism is not provided : that means the user want to reset the
* current negotiation. We move back to an Anonymous state</li>
* <li>The mechanism is provided : the user is initializing a new negotiation
* with another mechanism. The current SaslBind session is reinitialized</li>
* <li></li>
* </ul><br/>
*
* @param ldapSession The associated Session
* @param bindRequest The BindRequest received
* @throws Exception If the authentication cannot be done
*/
public void handleSaslAuth( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
{
String saslMechanism = bindRequest.getSaslMechanism();
// Case #2 : the user does have a session. We have to unbind him
if ( ldapSession.isAuthenticated() )
{
// We already have a bound session for this user. We have to
// close the previous session first.
ldapSession.getCoreSession().unbind();
// Reset the status to Anonymous
ldapSession.setAnonymous();
// Clean the sasl properties
ldapSession.clearSaslProperties();
// Now we can continue as if the client was Anonymous from the beginning
}
// case #1 : The user does not have a session.
if ( ldapSession.isAnonymous() )
{
// fist check that the mechanism exists
if ( !checkMechanism( saslMechanism ) )
{
// get out !
sendAuthMethNotSupported( ldapSession, bindRequest );
return;
}
// Store the mechanism in the ldap session
ldapSession.putSaslProperty( SaslConstants.SASL_MECH, saslMechanism );
// Get the handler for this mechanism
MechanismHandler mechanismHandler = handlers.get( saslMechanism );
// Store the mechanism handler in the salsProperties
ldapSession.putSaslProperty( SaslConstants.SASL_MECH_HANDLER, mechanismHandler );
// Initialize the mechanism specific data
mechanismHandler.init( ldapSession );
// Get the SaslServer instance which manage the C/R exchange
SaslServer ss = mechanismHandler.handleMechanism( ldapSession, bindRequest );
// We have to generate a challenge
generateSaslChallengeOrComplete( ldapSession, ss, bindRequest );
// And get back
return;
}
else if ( ldapSession.isAuthPending() )
{
try
{
handleSaslAuthPending( ldapSession, bindRequest );
}
catch ( SaslException se )
{
sendInvalidCredentials( ldapSession, bindRequest, se );
}
return;
}
}
Example 5
| Source File: BindRequestHandler.java From MyVirtualDirectory with Apache License 2.0 | 4 votes |
|
/**
* For challenge/response exchange, generate the challenge. If the exchange is complete then send bind success.
*
* @param ldapSession
* @param ss
* @param bindRequest
*/
private void generateSaslChallengeOrComplete(LdapSession ldapSession, SaslServer ss,
BindRequest bindRequest) throws Exception {
LdapResult result = bindRequest.getResultResponse().getLdapResult();
// SaslServer will throw an exception if the credentials are null.
if (bindRequest.getCredentials() == null) {
bindRequest.setCredentials(StringConstants.EMPTY_BYTES);
}
try {
// Compute the challenge
byte[] tokenBytes = ss.evaluateResponse(bindRequest.getCredentials());
if (ss.isComplete()) {
// This is the end of the C/R exchange
if (tokenBytes != null) {
/*
* There may be a token to return to the client. We set it here
* so it will be returned in a SUCCESS message, after an LdapContext
* has been initialized for the client.
*/
ldapSession.putSaslProperty(SaslConstants.SASL_CREDS, tokenBytes);
}
LdapPrincipal ldapPrincipal = (LdapPrincipal) ldapSession
.getSaslProperty(SaslConstants.SASL_AUTHENT_USER);
if (ldapPrincipal != null) {
DirectoryService ds = ldapSession.getLdapServer().getDirectoryService();
String saslMechanism = bindRequest.getSaslMechanism();
byte[] password = null;
if (ldapPrincipal.getUserPasswords() != null) {
password = ldapPrincipal.getUserPasswords()[0];
}
CoreSession userSession = ds.getSession(ldapPrincipal.getDn(),
password, saslMechanism, null);
// Set the user session into the ldap session
ldapSession.setCoreSession(userSession);
// Store the IoSession in the coreSession
((DefaultCoreSession) userSession).setIoSession(ldapSession.getIoSession());
}
// Mark the user as authenticated
ldapSession.setAuthenticated();
// Call the cleanup method for the selected mechanism
MechanismHandler handler = (MechanismHandler) ldapSession
.getSaslProperty(SaslConstants.SASL_MECH_HANDLER);
handler.cleanup(ldapSession);
// Return the successful response
sendBindSuccess(ldapSession, bindRequest, tokenBytes);
} else {
// The SASL bind must continue, we are sending the computed challenge
LOG.info("Continuation token had length " + tokenBytes.length);
// Build the response
result.setResultCode(ResultCodeEnum.SASL_BIND_IN_PROGRESS);
BindResponse resp = (BindResponse) bindRequest.getResultResponse();
// Store the challenge
resp.setServerSaslCreds(tokenBytes);
// Switch to SASLAuthPending
ldapSession.setSaslAuthPending();
// And write back the response
ldapSession.getIoSession().write(resp);
LOG.debug("Returning final authentication data to client to complete context.");
}
} catch (SaslException se) {
sendInvalidCredentials(ldapSession, bindRequest, se);
}
}
Example 6
| Source File: BindRequestHandler.java From MyVirtualDirectory with Apache License 2.0 | 4 votes |
|
/**
* Handle the SASL authentication. If the mechanism is known, we are facing three cases : <ul> <li>The user does not has a session yet</li> <li>The user
* already has a session</li> <li>The user has started a SASL negotiation</li> </lu><br/>
* <p>
* In the first case, we initiate a SaslBind session, which will be used all along the negotiation.<br/> In the second case, we first have to unbind the
* user, and initiate a new SaslBind session.<br/> In the third case, we have sub cases : <ul> <li>The mechanism is not provided : that means the user want
* to reset the current negotiation. We move back to an Anonymous state</li> <li>The mechanism is provided : the user is initializing a new negotiation with
* another mechanism. The current SaslBind session is reinitialized</li> <li></li> </ul><br/>
*
* @param ldapSession The associated Session
* @param bindRequest The BindRequest received
* @throws Exception If the authentication cannot be done
*/
public void handleSaslAuth(LdapSession ldapSession, BindRequest bindRequest) throws Exception {
String saslMechanism = bindRequest.getSaslMechanism();
// Case #2 : the user does have a session. We have to unbind him
if (ldapSession.isAuthenticated()) {
// We already have a bound session for this user. We have to
// close the previous session first.
ldapSession.getCoreSession().unbind();
// Reset the status to Anonymous
ldapSession.setAnonymous();
// Clean the sasl properties
ldapSession.clearSaslProperties();
// Now we can continue as if the client was Anonymous from the beginning
}
// case #1 : The user does not have a session.
if (ldapSession.isAnonymous()) {
// fist check that the mechanism exists
if (!checkMechanism(saslMechanism)) {
// get out !
sendAuthMethNotSupported(ldapSession, bindRequest);
return;
}
// Store the mechanism in the ldap session
ldapSession.putSaslProperty(SaslConstants.SASL_MECH, saslMechanism);
// Get the handler for this mechanism
MechanismHandler mechanismHandler = handlers.get(saslMechanism);
// Store the mechanism handler in the salsProperties
ldapSession.putSaslProperty(SaslConstants.SASL_MECH_HANDLER, mechanismHandler);
// Initialize the mechanism specific data
mechanismHandler.init(ldapSession);
// Get the SaslServer instance which manage the C/R exchange
SaslServer ss = mechanismHandler.handleMechanism(ldapSession, bindRequest);
// We have to generate a challenge
generateSaslChallengeOrComplete(ldapSession, ss, bindRequest);
// And get back
return;
} else if (ldapSession.isAuthPending()) {
try {
handleSaslAuthPending(ldapSession, bindRequest);
} catch (SaslException se) {
sendInvalidCredentials(ldapSession, bindRequest, se);
}
return;
}
}
