You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@brooklyn.apache.org by he...@apache.org on 2020/11/24 20:47:47 UTC

[brooklyn-server] branch master updated: ldap enhancement

This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git


The following commit(s) were added to refs/heads/master by this push:
     new c78ac86  ldap enhancement
c78ac86 is described below

commit c78ac86470d845d68b91a79b2afb2ae400f118a2
Author: Alex Heneveld <al...@cloudsoftcorp.com>
AuthorDate: Tue Nov 24 20:47:22 2020 +0000

    ldap enhancement
---
 .../brooklyn/rest/security/provider/LdapSecurityProvider.java      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java
index 1421222..52a9674 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java
@@ -85,6 +85,11 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
         if (user==null) return false;
         checkCanLoad();
 
+        if (Strings.isBlank(pass)) {
+            // InitialDirContext doesn't do authentication if no password is supplied!
+            return false;
+        }
+
         Hashtable env = new Hashtable();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.PROVIDER_URL, ldapUrl);
@@ -93,7 +98,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
         env.put(Context.SECURITY_CREDENTIALS, pass);
 
         try {
-            new InitialDirContext(env);
+            new InitialDirContext(env);  // will throw if password is invalid
             return allow(sessionSupplierOnSuccess.get(), user);
         } catch (NamingException e) {
             return false;