You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2020/11/24 20:47:47 UTC
[brooklyn-server] branch master updated: ldap enhancement
This is an automated email from the ASF dual-hosted git repository.
heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
The following commit(s) were added to refs/heads/master by this push:
new c78ac86 ldap enhancement
c78ac86 is described below
commit c78ac86470d845d68b91a79b2afb2ae400f118a2
Author: Alex Heneveld <al...@cloudsoftcorp.com>
AuthorDate: Tue Nov 24 20:47:22 2020 +0000
ldap enhancement
---
.../brooklyn/rest/security/provider/LdapSecurityProvider.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java
index 1421222..52a9674 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java
@@ -85,6 +85,11 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
if (user==null) return false;
checkCanLoad();
+ if (Strings.isBlank(pass)) {
+ // InitialDirContext doesn't do authentication if no password is supplied!
+ return false;
+ }
+
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
@@ -93,7 +98,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
env.put(Context.SECURITY_CREDENTIALS, pass);
try {
- new InitialDirContext(env);
+ new InitialDirContext(env); // will throw if password is invalid
return allow(sessionSupplierOnSuccess.get(), user);
} catch (NamingException e) {
return false;