Java Code Examples for org.apache.directory.api.ldap.model.message.BindRequest#setCredentials()

The following examples show how to use org.apache.directory.api.ldap.model.message.BindRequest#setCredentials() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Dsmlv2Engine.java    From directory-ldap-api with Apache License 2.0 5 votes vote down vote up
/**
 * Binds to the ldap server
 * 
 * @param messageId the message Id
 * @throws LdapException If we had an issue while binding
 * @throws IOException If we had an issue while transmitting the request or re ceiving the response
 */
protected void bind( int messageId ) throws LdapException, IOException
{
    if ( ( connection != null ) && connection.isAuthenticated() )
    {
        return;
    }

    if ( connection == null )
    {
        throw new IOException( I18n.err( I18n.ERR_02002_MISSING_CONNECTION_TO_BIND ) );
    }

    BindRequest bindRequest = new BindRequestImpl();
    bindRequest.setSimple( true );
    bindRequest.setCredentials( Strings.getBytesUtf8( password ) );
    bindRequest.setName( user );
    bindRequest.setVersion3( true );
    bindRequest.setMessageId( messageId );

    BindResponse bindResponse = connection.bind( bindRequest );

    if ( bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS )
    {
        if ( LOG.isWarnEnabled() )
        {
            LOG.warn( I18n.msg( I18n.MSG_02003_ERROR, bindResponse.getLdapResult().getDiagnosticMessage() ) );
        }
    }
}
 
Example 2
Source File: AbstractLdapConnection.java    From directory-ldap-api with Apache License 2.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public void bind( Dn name ) throws LdapException
{
    byte[] credBytes = Strings.EMPTY_BYTES;

    BindRequest bindRequest = new BindRequestImpl();
    bindRequest.setDn( name );
    bindRequest.setCredentials( credBytes );

    BindResponse bindResponse = bind( bindRequest );

    processResponse( bindResponse );
}
 
Example 3
Source File: AbstractLdapConnection.java    From directory-ldap-api with Apache License 2.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public void bind( Dn name, String credentials ) throws LdapException
{
    byte[] credBytes = credentials == null ? Strings.EMPTY_BYTES : Strings.getBytesUtf8( credentials );

    BindRequest bindRequest = new BindRequestImpl();
    bindRequest.setDn( name );
    bindRequest.setCredentials( credBytes );

    BindResponse bindResponse = bind( bindRequest );

    processResponse( bindResponse );
}
 
Example 4
Source File: AbstractLdapConnection.java    From directory-ldap-api with Apache License 2.0 5 votes vote down vote up
/**
 * Create a complete BindRequest ready to be sent.
 *
 * @param name The DN to bind with
 * @param credentials The user's password
 * @param saslMechanism The SASL mechanism to use
 * @param controls The controls to send
 * @return The created BindRequest
 */
protected BindRequest createBindRequest( String name, byte[] credentials, String saslMechanism, Control... controls )
{
    // Set the new messageId
    BindRequest bindRequest = new BindRequestImpl();

    // Set the version
    bindRequest.setVersion3( true );

    // Set the name
    bindRequest.setName( name );

    // Set the credentials
    if ( Strings.isEmpty( saslMechanism ) )
    {
        // Simple bind
        bindRequest.setSimple( true );
        bindRequest.setCredentials( credentials );
    }
    else
    {
        // SASL bind
        bindRequest.setSimple( false );
        bindRequest.setCredentials( credentials );
        bindRequest.setSaslMechanism( saslMechanism );
    }

    // Add the controls
    if ( ( controls != null ) && ( controls.length != 0 ) )
    {
        bindRequest.addAllControls( controls );
    }

    return bindRequest;
}
 
Example 5
Source File: StoreSaslCredentials.java    From directory-ldap-api with Apache License 2.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public void action( LdapMessageContainer<BindRequest> container )
{
    BindRequest bindRequestMessage = container.getMessage();

    // Get the Value and store it in the BindRequest
    TLV tlv = container.getCurrentTLV();

    // We have to handle the special case of a 0 length
    // credentials
    if ( tlv.getLength() == 0 )
    {
        bindRequestMessage.setCredentials( Strings.EMPTY_BYTES );
    }
    else
    {
        bindRequestMessage.setCredentials( tlv.getValue().getData() );
    }

    // We can have an END transition
    container.setGrammarEndAllowed( true );

    if ( LOG.isDebugEnabled() )
    {
        LOG.debug( I18n.msg( I18n.MSG_05117_SASL_CREDENTIALS_DECODED ) );
    }
}
 
Example 6
Source File: StoreSimpleAuth.java    From directory-ldap-api with Apache License 2.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public void action( LdapMessageContainer<BindRequest> container )
{
    BindRequest bindRequestMessage = container.getMessage();
    TLV tlv = container.getCurrentTLV();

    // Allocate the Authentication Object
    bindRequestMessage.setSimple( true );

    // We have to handle the special case of a 0 length simple
    if ( tlv.getLength() == 0 )
    {
        bindRequestMessage.setCredentials( Strings.EMPTY_BYTES );
    }
    else
    {
        bindRequestMessage.setCredentials( tlv.getValue().getData() );
    }

    // We can have an END transition
    container.setGrammarEndAllowed( true );

    if ( LOG.isDebugEnabled() )
    {
        LOG.debug( I18n.msg( I18n.MSG_05119_SIMPLE_CREDENTIAL_DECODED ) );
    }
}
 
Example 7
Source File: LdapDataProvider.java    From directory-fortress-core with Apache License 2.0 5 votes vote down vote up
/**
 * Calls the PoolMgr to perform an LDAP bind for a user/password combination.  This function is valid
 * if and only if the user entity is a member of the USERS data set.
 *
 * @param connection connection to ldap server.
 * @param szUserDn   contains the LDAP dn to the user entry in String format.
 * @param password   contains the password in clear text.
 * @return bindResponse contains the result of the operation.
 * @throws LdapException in the event of LDAP error.
 */
protected BindResponse bind( LdapConnection connection, String szUserDn, String password ) throws LdapException
{
    COUNTERS.incrementBind();
    Dn userDn = new Dn( szUserDn );
    BindRequest bindReq = new BindRequestImpl();
    bindReq.setDn( userDn );
    bindReq.setCredentials( password );
    bindReq.addControl( PP_REQ_CTRL );
    return connection.bind( bindReq );
}
 
Example 8
Source File: BindRequestHandler.java    From MyVirtualDirectory with Apache License 2.0 4 votes vote down vote up
/**
 * For challenge/response exchange, generate the challenge. 
 * If the exchange is complete then send bind success.
 *
 * @param ldapSession
 * @param ss
 * @param bindRequest
 */
private void generateSaslChallengeOrComplete( LdapSession ldapSession, SaslServer ss,
    BindRequest bindRequest ) throws Exception
{
    LdapResult result = bindRequest.getResultResponse().getLdapResult();

    // SaslServer will throw an exception if the credentials are null.
    if ( bindRequest.getCredentials() == null )
    {
        bindRequest.setCredentials( StringConstants.EMPTY_BYTES );
    }

    try
    {
        // Compute the challenge
        byte[] tokenBytes = ss.evaluateResponse( bindRequest.getCredentials() );

        if ( ss.isComplete() )
        {
            // This is the end of the C/R exchange
            if ( tokenBytes != null )
            {
                /*
                 * There may be a token to return to the client.  We set it here
                 * so it will be returned in a SUCCESS message, after an LdapContext
                 * has been initialized for the client.
                 */
                ldapSession.putSaslProperty( SaslConstants.SASL_CREDS, tokenBytes );
            }

            LdapPrincipal ldapPrincipal = ( LdapPrincipal ) ldapSession
                .getSaslProperty( SaslConstants.SASL_AUTHENT_USER );

            if ( ldapPrincipal != null )
            {
                DirectoryService ds = ldapSession.getLdapServer().getDirectoryService();
                String saslMechanism = bindRequest.getSaslMechanism();
                byte[] password = null;

                if ( ldapPrincipal.getUserPasswords() != null )
                {
                    password = ldapPrincipal.getUserPasswords()[0];
                }

                CoreSession userSession = ds.getSession( ldapPrincipal.getDn(),
                    password, saslMechanism, null );

                // Set the user session into the ldap session 
                ldapSession.setCoreSession( userSession );

                // Store the IoSession in the coreSession
                ( ( DefaultCoreSession ) userSession ).setIoSession( ldapSession.getIoSession() );
            }

            // Mark the user as authenticated
            ldapSession.setAuthenticated();

            // Call the cleanup method for the selected mechanism
            MechanismHandler handler = ( MechanismHandler ) ldapSession
                .getSaslProperty( SaslConstants.SASL_MECH_HANDLER );
            handler.cleanup( ldapSession );

            // Return the successful response
            sendBindSuccess( ldapSession, bindRequest, tokenBytes );
        }
        else
        {
            // The SASL bind must continue, we are sending the computed challenge
            LOG.info( "Continuation token had length " + tokenBytes.length );

            // Build the response
            result.setResultCode( ResultCodeEnum.SASL_BIND_IN_PROGRESS );
            BindResponse resp = bindRequest.getResultResponse();

            // Store the challenge
            resp.setServerSaslCreds( tokenBytes );

            // Switch to SASLAuthPending
            ldapSession.setSaslAuthPending();

            // And write back the response
            ldapSession.getIoSession().write( resp );

            LOG.debug( "Returning final authentication data to client to complete context." );
        }
    }
    catch ( SaslException se )
    {
        sendInvalidCredentials( ldapSession, bindRequest, se );
    }
}
 
Example 9
Source File: BindRequestHandler.java    From MyVirtualDirectory with Apache License 2.0 4 votes vote down vote up
/**
 * For challenge/response exchange, generate the challenge. If the exchange is complete then send bind success.
 *
 * @param ldapSession
 * @param ss
 * @param bindRequest
 */
private void generateSaslChallengeOrComplete(LdapSession ldapSession, SaslServer ss,
                                             BindRequest bindRequest) throws Exception {
    LdapResult result = bindRequest.getResultResponse().getLdapResult();

    // SaslServer will throw an exception if the credentials are null.
    if (bindRequest.getCredentials() == null) {
        bindRequest.setCredentials(StringConstants.EMPTY_BYTES);
    }

    try {
        // Compute the challenge
        byte[] tokenBytes = ss.evaluateResponse(bindRequest.getCredentials());

        if (ss.isComplete()) {
            // This is the end of the C/R exchange
            if (tokenBytes != null) {
                /*
                 * There may be a token to return to the client.  We set it here
                 * so it will be returned in a SUCCESS message, after an LdapContext
                 * has been initialized for the client.
                 */
                ldapSession.putSaslProperty(SaslConstants.SASL_CREDS, tokenBytes);
            }

            LdapPrincipal ldapPrincipal = (LdapPrincipal) ldapSession
                    .getSaslProperty(SaslConstants.SASL_AUTHENT_USER);

            if (ldapPrincipal != null) {
                DirectoryService ds = ldapSession.getLdapServer().getDirectoryService();
                String saslMechanism = bindRequest.getSaslMechanism();
                byte[] password = null;

                if (ldapPrincipal.getUserPasswords() != null) {
                    password = ldapPrincipal.getUserPasswords()[0];
                }

                CoreSession userSession = ds.getSession(ldapPrincipal.getDn(),
                                                        password, saslMechanism, null);

                // Set the user session into the ldap session 
                ldapSession.setCoreSession(userSession);

                // Store the IoSession in the coreSession
                ((DefaultCoreSession) userSession).setIoSession(ldapSession.getIoSession());
            }

            // Mark the user as authenticated
            ldapSession.setAuthenticated();

            // Call the cleanup method for the selected mechanism
            MechanismHandler handler = (MechanismHandler) ldapSession
                    .getSaslProperty(SaslConstants.SASL_MECH_HANDLER);
            handler.cleanup(ldapSession);

            // Return the successful response
            sendBindSuccess(ldapSession, bindRequest, tokenBytes);
        } else {
            // The SASL bind must continue, we are sending the computed challenge
            LOG.info("Continuation token had length " + tokenBytes.length);

            // Build the response
            result.setResultCode(ResultCodeEnum.SASL_BIND_IN_PROGRESS);
            BindResponse resp = (BindResponse) bindRequest.getResultResponse();

            // Store the challenge
            resp.setServerSaslCreds(tokenBytes);

            // Switch to SASLAuthPending
            ldapSession.setSaslAuthPending();

            // And write back the response
            ldapSession.getIoSession().write(resp);

            LOG.debug("Returning final authentication data to client to complete context.");
        }
    } catch (SaslException se) {
        sendInvalidCredentials(ldapSession, bindRequest, se);
    }
}