You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2015/04/14 16:20:01 UTC
svn commit: r1673431 - in
/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl:
DebugTimer.java LdapIdentityProvider.java LdapProviderConfig.java
PoolableUnboundConnectionFactory.java
Author: angela
Date: Tue Apr 14 14:20:01 2015
New Revision: 1673431
URL: http://svn.apache.org/r1673431
Log:
OAK-2674 : Fix FindBug Issues
Modified:
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java?rev=1673431&r1=1673430&r2=1673431&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/DebugTimer.java Tue Apr 14 14:20:01 2015
@@ -49,7 +49,7 @@ public class DebugTimer {
if (b.length() > 0) {
b.append(", ");
} else {
- b.append("(");
+ b.append('(');
}
int u = 0;
double time = t.time;
@@ -62,7 +62,7 @@ public class DebugTimer {
return b.append(')').toString();
}
- private static class TimeStamp {
+ private static final class TimeStamp {
private final long time;
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1673431&r1=1673430&r2=1673431&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Tue Apr 14 14:20:01 2015
@@ -23,6 +23,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
@@ -128,6 +129,7 @@ public class LdapIdentityProvider implem
init();
}
+ //----------------------------------------------------< SCR integration >---
@SuppressWarnings("UnusedDeclaration")
@Activate
private void activate(Map<String, Object> properties) {
@@ -143,63 +145,6 @@ public class LdapIdentityProvider implem
}
/**
- * Initializes the ldap identity provider.
- */
- private void init() {
- if (adminConnectionFactory != null) {
- throw new IllegalStateException("Provider already initialized.");
- }
-
- // setup admin connection pool
- LdapConnectionConfig cc = createConnectionConfig();
- String bindDN = config.getBindDN();
- if (bindDN != null && !bindDN.isEmpty()) {
- cc.setName(bindDN);
- cc.setCredentials(config.getBindPassword());
- }
- adminConnectionFactory = new PoolableLdapConnectionFactory(cc);
-
- if (config.getAdminPoolConfig().getMaxActive() != 0) {
- adminPool = new LdapConnectionPool(adminConnectionFactory);
- adminPool.setTestOnBorrow(true);
- adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive());
- adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
- }
-
- // setup unbound connection pool. let's create a new version of the config
- cc = createConnectionConfig();
-
- userConnectionFactory = new PoolableUnboundConnectionFactory(cc);
- if (config.getUserPoolConfig().getMaxActive() != 0) {
- userPool = new UnboundLdapConnectionPool(userConnectionFactory);
- userPool.setTestOnBorrow(true);
- userPool.setMaxActive(config.getUserPoolConfig().getMaxActive());
- userPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
- }
-
- log.info("LdapIdentityProvider initialized: {}", config);
- }
-
- /**
- * Creates a new connection config based on the config.
- * @return the connection config.
- */
- @Nonnull
- private LdapConnectionConfig createConnectionConfig() {
- LdapConnectionConfig cc = new LdapConnectionConfig();
- cc.setLdapHost(config.getHostname());
- cc.setLdapPort(config.getPort());
- cc.setUseSsl(config.useSSL());
- cc.setUseTls(config.useTLS());
-
- // todo: implement better trustmanager/keystore management (via sling/felix)
- if (config.noCertCheck()) {
- cc.setTrustManagers(new NoVerificationTrustManager());
- }
- return cc;
- }
-
- /**
* Closes this provider and releases the internal pool. This should be called by Non-OSGi users of this provider.
*/
public void close() {
@@ -222,7 +167,7 @@ public class LdapIdentityProvider implem
}
-
+ //-------------------------------------------< ExternalIdentityProvider >---
@Nonnull
@Override
public String getName() {
@@ -249,8 +194,7 @@ public class LdapIdentityProvider implem
return null;
}
} catch (LdapException e) {
- log.error("Error during ldap lookup", e);
- throw new ExternalIdentityException("Error during ldap lookup.", e);
+ throw lookupFailedException(e, null);
} finally {
disconnect(connection);
}
@@ -273,11 +217,9 @@ public class LdapIdentityProvider implem
return null;
}
} catch (LdapException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.", e);
+ throw lookupFailedException(e, timer);
} catch (CursorException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.", e);
+ throw lookupFailedException(e, timer);
} finally {
disconnect(connection);
}
@@ -300,11 +242,9 @@ public class LdapIdentityProvider implem
return null;
}
} catch (LdapException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.", e);
+ throw lookupFailedException(e, timer);
} catch (CursorException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.", e);
+ throw lookupFailedException(e, timer);
} finally {
disconnect(connection);
}
@@ -339,11 +279,9 @@ public class LdapIdentityProvider implem
}
};
} catch (LdapException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.", e);
+ throw lookupFailedException(e, timer);
} catch (CursorException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.", e);
+ throw lookupFailedException(e, timer);
} finally {
disconnect(connection);
}
@@ -378,17 +316,217 @@ public class LdapIdentityProvider implem
}
};
} catch (LdapException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.", e);
+ throw lookupFailedException(e, timer);
} catch (CursorException e) {
- log.error("Error during ldap lookup. " + timer.getString(), e);
- throw new ExternalIdentityException("Error during ldap lookup.", e);
+ throw lookupFailedException(e, timer);
+ } finally {
+ disconnect(connection);
+ }
+ }
+
+ @Override
+ public ExternalUser authenticate(@Nonnull Credentials credentials) throws ExternalIdentityException, LoginException {
+ if (!(credentials instanceof SimpleCredentials)) {
+ log.debug("LDAP IDP can only authenticate SimpleCredentials.");
+ return null;
+ }
+ final SimpleCredentials creds = (SimpleCredentials) credentials;
+ final ExternalUser user = getUser(creds.getUserID());
+ if (user != null) {
+ // OAK-2078: check for non-empty passwords to avoid anonymous bind on weakly configured servers
+ // see http://tools.ietf.org/html/rfc4513#section-5.1.1 for details.
+ if (creds.getPassword().length == 0) {
+ throw new LoginException("Refusing to authenticate against LDAP server: Empty passwords not allowed.");
+ }
+
+ // authenticate
+ LdapConnection connection = null;
+ try {
+ DebugTimer timer = new DebugTimer();
+ if (userPool == null) {
+ connection = userConnectionFactory.makeObject();
+ } else {
+ connection = userPool.getConnection();
+ }
+ timer.mark("connect");
+ connection.bind(user.getExternalId().getId(), new String(creds.getPassword()));
+ timer.mark("bind");
+ if (log.isDebugEnabled()) {
+ log.debug("authenticate({}) {}", user.getId(), timer.getString());
+ }
+ } catch (LdapAuthenticationException e) {
+ throw new LoginException("Unable to authenticate against LDAP server: " + e.getMessage());
+ } catch (Exception e) {
+ throw new ExternalIdentityException("Error while binding user credentials", e);
+ } finally {
+ if (connection != null) {
+ try {
+ if (userPool == null) {
+ userConnectionFactory.destroyObject(connection);
+ } else {
+ userPool.releaseConnection(connection);
+ }
+ } catch (Exception e) {
+ // ignore
+ }
+ }
+ }
+ }
+ return user;
+ }
+
+ //-----------------------------------------------------------< internal >---
+ /**
+ * Collects the declared (direct) groups of an identity
+ * @param ref reference to the identity
+ * @return map of identities where the key is the DN of the LDAP entity
+ */
+ Map<String, ExternalIdentityRef> getDeclaredGroupRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
+ if (!isMyRef(ref)) {
+ return Collections.emptyMap();
+ }
+ String searchFilter = config.getMemberOfSearchFilter(ref.getId());
+
+ LdapConnection connection = null;
+ SearchCursor searchCursor = null;
+ try {
+ // Create the SearchRequest object
+ SearchRequest req = new SearchRequestImpl();
+ req.setScope(SearchScope.SUBTREE);
+ req.addAttributes(SchemaConstants.NO_ATTRIBUTE);
+ req.setTimeLimit((int) config.getSearchTimeout());
+ req.setBase(new Dn(config.getGroupConfig().getBaseDN()));
+ req.setFilter(searchFilter);
+
+ Map<String, ExternalIdentityRef> groups = new HashMap<String, ExternalIdentityRef>();
+ DebugTimer timer = new DebugTimer();
+ connection = connect();
+ timer.mark("connect");
+
+ searchCursor = connection.search(req);
+ timer.mark("search");
+ while (searchCursor.next()) {
+ Response response = searchCursor.get();
+ if (response instanceof SearchResultEntry) {
+ Entry resultEntry = ((SearchResultEntry) response).getEntry();
+ ExternalIdentityRef groupRef = new ExternalIdentityRef(resultEntry.getDn().toString(), this.getName());
+ groups.put(groupRef.getId(), groupRef);
+ }
+ }
+ timer.mark("iterate");
+ if (log.isDebugEnabled()) {
+ log.debug("search below {} with {} found {} entries. {}",
+ config.getGroupConfig().getBaseDN(), searchFilter, groups.size(), timer.getString());
+ }
+ return groups;
+ } catch (Exception e) {
+ log.error("Error during ldap membership search." ,e);
+ throw new ExternalIdentityException("Error during ldap membership search.", e);
} finally {
+ if (searchCursor != null) {
+ searchCursor.close();
+ }
disconnect(connection);
}
}
- private Entry getEntry(LdapConnection connection, LdapProviderConfig.Identity idConfig, String id)
+ /**
+ * Collects the declared (direct) members of a group
+ * @param ref the reference to the group
+ * @return map of identity refers
+ * @throws ExternalIdentityException if an error occurs
+ */
+ Map<String, ExternalIdentityRef> getDeclaredMemberRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
+ if (!isMyRef(ref)) {
+ return Collections.emptyMap();
+ }
+ LdapConnection connection = null;
+ try {
+ Map<String, ExternalIdentityRef> members = new HashMap<String, ExternalIdentityRef>();
+ DebugTimer timer = new DebugTimer();
+ connection = connect();
+ timer.mark("connect");
+ Entry entry = connection.lookup(ref.getId());
+ timer.mark("lookup");
+ Attribute attr = entry.get(config.getGroupMemberAttribute());
+ for (Value value: attr) {
+ ExternalIdentityRef memberRef = new ExternalIdentityRef(value.getString(), this.getName());
+ members.put(memberRef.getId(), memberRef);
+ }
+ timer.mark("iterate");
+ if (log.isDebugEnabled()) {
+ log.debug("members lookup of {} found {} members. {}", ref.getId(), members.size(), timer.getString());
+ }
+ return members;
+ } catch (Exception e) {
+ String msg = "Error during ldap group members lookup.";
+ log.error(msg ,e);
+ throw new ExternalIdentityException(msg, e);
+ } finally {
+ disconnect(connection);
+ }
+ }
+
+ //------------------------------------------------------------< private >---
+ /**
+ * Initializes the ldap identity provider.
+ */
+ private void init() {
+ if (adminConnectionFactory != null) {
+ throw new IllegalStateException("Provider already initialized.");
+ }
+
+ // setup admin connection pool
+ LdapConnectionConfig cc = createConnectionConfig();
+ String bindDN = config.getBindDN();
+ if (bindDN != null && !bindDN.isEmpty()) {
+ cc.setName(bindDN);
+ cc.setCredentials(config.getBindPassword());
+ }
+ adminConnectionFactory = new PoolableLdapConnectionFactory(cc);
+
+ if (config.getAdminPoolConfig().getMaxActive() != 0) {
+ adminPool = new LdapConnectionPool(adminConnectionFactory);
+ adminPool.setTestOnBorrow(true);
+ adminPool.setMaxActive(config.getAdminPoolConfig().getMaxActive());
+ adminPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
+ }
+
+ // setup unbound connection pool. let's create a new version of the config
+ cc = createConnectionConfig();
+
+ userConnectionFactory = new PoolableUnboundConnectionFactory(cc);
+ if (config.getUserPoolConfig().getMaxActive() != 0) {
+ userPool = new UnboundLdapConnectionPool(userConnectionFactory);
+ userPool.setTestOnBorrow(true);
+ userPool.setMaxActive(config.getUserPoolConfig().getMaxActive());
+ userPool.setWhenExhaustedAction(GenericObjectPool.WHEN_EXHAUSTED_BLOCK);
+ }
+
+ log.info("LdapIdentityProvider initialized: {}", config);
+ }
+
+ /**
+ * Creates a new connection config based on the config.
+ * @return the connection config.
+ */
+ @Nonnull
+ private LdapConnectionConfig createConnectionConfig() {
+ LdapConnectionConfig cc = new LdapConnectionConfig();
+ cc.setLdapHost(config.getHostname());
+ cc.setLdapPort(config.getPort());
+ cc.setUseSsl(config.useSSL());
+ cc.setUseTls(config.useTLS());
+
+ // todo: implement better trustmanager/keystore management (via sling/felix)
+ if (config.noCertCheck()) {
+ cc.setTrustManagers(new NoVerificationTrustManager());
+ }
+ return cc;
+ }
+
+ @CheckForNull
+ private Entry getEntry(@Nonnull LdapConnection connection, @Nonnull LdapProviderConfig.Identity idConfig, @Nonnull String id)
throws CursorException, LdapException {
String searchFilter = idConfig.getSearchFilter(id);
@@ -434,7 +572,8 @@ public class LdapIdentityProvider implem
* currently fetch all entries so that we can close the connection afterwards. maybe switch to an iterator approach
* later.
*/
- private List<Entry> getEntries(LdapConnection connection, LdapProviderConfig.Identity idConfig)
+ @Nonnull
+ private List<Entry> getEntries(@Nonnull LdapConnection connection, @Nonnull LdapProviderConfig.Identity idConfig)
throws CursorException, LdapException {
StringBuilder filter = new StringBuilder();
int num = 0;
@@ -445,12 +584,12 @@ public class LdapIdentityProvider implem
.append(')');
}
String extraFilter = idConfig.getExtraFilter();
- if (extraFilter != null && extraFilter.length() > 0) {
+ if (extraFilter != null && !extraFilter.isEmpty()) {
num++;
filter.append(extraFilter);
}
String searchFilter = num > 1
- ? "(&" + filter + ")"
+ ? "(&" + filter + ')'
: filter.toString();
// Create the SearchRequest object
@@ -489,18 +628,19 @@ public class LdapIdentityProvider implem
return result;
}
- private ExternalUser createUser(Entry e, String id)
+ @Nonnull
+ private ExternalUser createUser(@Nonnull Entry entry, @CheckForNull String id)
throws LdapInvalidAttributeValueException {
- ExternalIdentityRef ref = new ExternalIdentityRef(e.getDn().getName(), this.getName());
+ ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
if (id == null) {
- id = e.get(config.getUserConfig().getIdAttribute()).getString();
+ id = entry.get(config.getUserConfig().getIdAttribute()).getString();
}
String path = config.getUserConfig().makeDnPath()
- ? createDNPath(e.getDn())
+ ? createDNPath(entry.getDn())
: null;
LdapUser user = new LdapUser(this, ref, id, path);
Map<String, Object> props = user.getProperties();
- for (Attribute attr: e.getAttributes()) {
+ for (Attribute attr: entry.getAttributes()) {
if (attr.isHumanReadable()) {
props.put(attr.getId(), attr.getString());
}
@@ -508,18 +648,19 @@ public class LdapIdentityProvider implem
return user;
}
- private ExternalGroup createGroup(Entry e, String name)
+ @Nonnull
+ private ExternalGroup createGroup(@Nonnull Entry entry, @CheckForNull String name)
throws LdapInvalidAttributeValueException {
- ExternalIdentityRef ref = new ExternalIdentityRef(e.getDn().getName(), this.getName());
+ ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
if (name == null) {
- name = e.get(config.getGroupConfig().getIdAttribute()).getString();
+ name = entry.get(config.getGroupConfig().getIdAttribute()).getString();
}
String path = config.getGroupConfig().makeDnPath()
- ? createDNPath(e.getDn())
+ ? createDNPath(entry.getDn())
: null;
LdapGroup group = new LdapGroup(this, ref, name, path);
Map<String, Object> props = group.getProperties();
- for (Attribute attr: e.getAttributes()) {
+ for (Attribute attr: entry.getAttributes()) {
if (attr.isHumanReadable()) {
props.put(attr.getId(), attr.getString());
}
@@ -536,13 +677,14 @@ public class LdapIdentityProvider implem
} else {
return adminPool.getConnection();
}
- } catch (Throwable e) {
- log.error("Error while connecting to the ldap server.", e);
- throw new ExternalIdentityException("Error while connecting and binding to the ldap server", e);
+ } catch (Exception e) {
+ String msg = "Error while connecting to the ldap server.";
+ log.error(msg, e);
+ throw new ExternalIdentityException(msg, e);
}
}
- private void disconnect(@Nullable LdapConnection connection) throws ExternalIdentityException {
+ private void disconnect(@Nullable LdapConnection connection) {
try {
if (connection != null) {
if (adminPool == null) {
@@ -556,150 +698,9 @@ public class LdapIdentityProvider implem
}
}
- @Override
- public ExternalUser authenticate(@Nonnull Credentials credentials) throws ExternalIdentityException, LoginException {
- if (!(credentials instanceof SimpleCredentials)) {
- log.debug("LDAP IDP can only authenticate SimpleCredentials.");
- return null;
- }
- final SimpleCredentials creds = (SimpleCredentials) credentials;
- final ExternalUser user = getUser(creds.getUserID());
- if (user != null) {
- // OAK-2078: check for non-empty passwords to avoid anonymous bind on weakly configured servers
- // see http://tools.ietf.org/html/rfc4513#section-5.1.1 for details.
- if (creds.getPassword().length == 0) {
- throw new LoginException("Refusing to authenticate against LDAP server: Empty passwords not allowed.");
- }
-
- // authenticate
- LdapConnection connection = null;
- try {
- DebugTimer timer = new DebugTimer();
- if (userPool == null) {
- connection = userConnectionFactory.makeObject();
- } else {
- connection = userPool.getConnection();
- }
- timer.mark("connect");
- connection.bind(user.getExternalId().getId(), new String(creds.getPassword()));
- timer.mark("bind");
- if (log.isDebugEnabled()) {
- log.debug("authenticate({}) {}", user.getId(), timer.getString());
- }
- } catch (LdapAuthenticationException e) {
- throw new LoginException("Unable to authenticate against LDAP server: " + e.getMessage());
- } catch (Exception e) {
- throw new ExternalIdentityException("Error while binding user credentials", e);
- } finally {
- if (connection != null) {
- try {
- if (userPool == null) {
- userConnectionFactory.destroyObject(connection);
- } else {
- userPool.releaseConnection(connection);
- }
- } catch (Exception e) {
- // ignore
- }
- }
- }
- }
- return user;
- }
-
private boolean isMyRef(@Nonnull ExternalIdentityRef ref) {
final String refProviderName = ref.getProviderName();
- return refProviderName == null || refProviderName.length() == 0 || getName().equals(refProviderName);
- }
-
- /**
- * Collects the declared (direct) groups of an identity
- * @param ref reference to the identity
- * @return map of identities where the key is the DN of the LDAP entity
- */
- public Map<String, ExternalIdentityRef> getDeclaredGroupRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
- if (!isMyRef(ref)) {
- return Collections.emptyMap();
- }
- String searchFilter = config.getMemberOfSearchFilter(ref.getId());
-
- LdapConnection connection = null;
- SearchCursor searchCursor = null;
- try {
- // Create the SearchRequest object
- SearchRequest req = new SearchRequestImpl();
- req.setScope(SearchScope.SUBTREE);
- req.addAttributes(SchemaConstants.NO_ATTRIBUTE);
- req.setTimeLimit((int) config.getSearchTimeout());
- req.setBase(new Dn(config.getGroupConfig().getBaseDN()));
- req.setFilter(searchFilter);
-
- Map<String, ExternalIdentityRef> groups = new HashMap<String, ExternalIdentityRef>();
- DebugTimer timer = new DebugTimer();
- connection = connect();
- timer.mark("connect");
-
- searchCursor = connection.search(req);
- timer.mark("search");
- while (searchCursor.next()) {
- Response response = searchCursor.get();
- if (response instanceof SearchResultEntry) {
- Entry resultEntry = ((SearchResultEntry) response).getEntry();
- ExternalIdentityRef groupRef = new ExternalIdentityRef(resultEntry.getDn().toString(), this.getName());
- groups.put(groupRef.getId(), groupRef);
- }
- }
- timer.mark("iterate");
- if (log.isDebugEnabled()) {
- log.debug("search below {} with {} found {} entries. {}",
- config.getGroupConfig().getBaseDN(), searchFilter, groups.size(), timer.getString());
- }
- return groups;
- } catch (Exception e) {
- log.error("Error during ldap membership search." ,e);
- throw new ExternalIdentityException("Error during ldap membership search.", e);
- } finally {
- if (searchCursor != null) {
- searchCursor.close();
- }
- disconnect(connection);
- }
- }
-
- /**
- * Collects the declared (direct) members of a group
- * @param ref the reference to the group
- * @return map of identity refers
- * @throws ExternalIdentityException if an error occurs
- */
- public Map<String, ExternalIdentityRef> getDeclaredMemberRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
- if (!isMyRef(ref)) {
- return Collections.emptyMap();
- }
- LdapConnection connection = null;
- try {
- Map<String, ExternalIdentityRef> members = new HashMap<String, ExternalIdentityRef>();
- DebugTimer timer = new DebugTimer();
- connection = connect();
- timer.mark("connect");
- Entry entry = connection.lookup(ref.getId());
- timer.mark("lookup");
- Attribute attr = entry.get(config.getGroupMemberAttribute());
- for (Value value: attr) {
- ExternalIdentityRef memberRef = new ExternalIdentityRef(value.getString(), this.getName());
- members.put(memberRef.getId(), memberRef);
- }
- timer.mark("iterate");
- if (log.isDebugEnabled()) {
- log.debug("members lookup of {} found {} members. {}", ref.getId(), members.size(), timer.getString());
- }
- return members;
- } catch (Exception e) {
- log.error("Error during ldap group members lookup." ,e);
- throw new ExternalIdentityException("Error during ldap group members lookup.", e);
- } finally {
- disconnect(connection);
- }
+ return refProviderName == null || refProviderName.isEmpty() || getName().equals(refProviderName);
}
/**
@@ -707,7 +708,7 @@ public class LdapIdentityProvider implem
* @param dn the dn of the identity
* @return the intermediate path or {@code null} if disabled by config
*/
- public String createDNPath(Dn dn) {
+ private static String createDNPath(Dn dn) {
StringBuilder path = new StringBuilder();
for (Rdn rnd: dn.getRdns()) {
if (path.length() > 0) {
@@ -717,4 +718,10 @@ public class LdapIdentityProvider implem
}
return path.toString();
}
+
+ private static ExternalIdentityException lookupFailedException(@Nonnull Exception e, @CheckForNull DebugTimer timer) {
+ String msg = "Error during ldap lookup. ";
+ log.error(msg + ((timer != null) ? timer.getString() : ""), e);
+ return new ExternalIdentityException(msg, e);
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java?rev=1673431&r1=1673430&r2=1673431&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java Tue Apr 14 14:20:01 2015
@@ -987,7 +987,7 @@ public class LdapProviderConfig {
StringBuilder sb = null;
for (int i = 0; i < value.length(); i++) {
char ch = value.charAt(i);
- String replace = null;
+ String replace;
switch (ch) {
case '*':
replace = "\\2A";
@@ -1008,6 +1008,9 @@ public class LdapProviderConfig {
case '\0':
replace = "\\00";
break;
+
+ default:
+ replace = null;
}
if (replace != null) {
if (sb == null) {
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java?rev=1673431&r1=1673430&r2=1673431&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/PoolableUnboundConnectionFactory.java Tue Apr 14 14:20:01 2015
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.security.authentication.ldap.impl;
+import java.io.IOException;
+
import org.apache.commons.pool.PoolableObjectFactory;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.exception.LdapException;
@@ -55,7 +57,7 @@ public class PoolableUnboundConnectionFa
/**
* {@inheritDoc}
*/
- public void activateObject(LdapConnection connection) throws Exception {
+ public void activateObject(LdapConnection connection) {
log.debug("activate connection: {}", connection);
}
@@ -63,7 +65,7 @@ public class PoolableUnboundConnectionFa
/**
* {@inheritDoc}
*/
- public void destroyObject(LdapConnection connection) throws Exception {
+ public void destroyObject(LdapConnection connection) throws IOException {
log.debug("destroy connection: {}", connection);
connection.close();
}
@@ -72,7 +74,7 @@ public class PoolableUnboundConnectionFa
/**
* {@inheritDoc}
*/
- public LdapConnection makeObject() throws Exception {
+ public LdapConnection makeObject() throws LdapException {
LdapNetworkConnection connection = config.isUseTls()
? new TlsGuardingConnection(config)
: new LdapNetworkConnection(config);
@@ -85,7 +87,7 @@ public class PoolableUnboundConnectionFa
/**
* {@inheritDoc}
*/
- public void passivateObject(LdapConnection connection) throws Exception {
+ public void passivateObject(LdapConnection connection) {
log.debug("passivate connection: {}", connection);
}
@@ -112,7 +114,7 @@ public class PoolableUnboundConnectionFa
*
* @see org.apache.directory.ldap.client.api.LdapNetworkConnection#bindAsync(org.apache.directory.api.ldap.model.message.BindRequest)
*/
- private static class TlsGuardingConnection extends LdapNetworkConnection {
+ private static final class TlsGuardingConnection extends LdapNetworkConnection {
private boolean tlsStarted;