Commit 1c30edaf authored by Fabien Viale's avatar Fabien Viale
Browse files

Fix anonymous connection in LDAP

 - when LDAP server connection is globally anonymous, one should still be able to validate user/password
 - minor fix in SchedulerBackupRunner
parent 4c72f889
...@@ -435,7 +435,7 @@ public abstract class LDAPLoginModule extends FileLoginModule implements Loggabl ...@@ -435,7 +435,7 @@ public abstract class LDAPLoginModule extends FileLoginModule implements Loggabl
logger.debug("check password for user: " + userDN); logger.debug("check password for user: " + userDN);
} }
ContextHandler handler = createLdapContext(userDN, password); ContextHandler handler = createLdapContext(userDN, password, true);
closeContext(handler); closeContext(handler);
return handler != null; return handler != null;
} }
...@@ -459,15 +459,19 @@ public abstract class LDAPLoginModule extends FileLoginModule implements Loggabl ...@@ -459,15 +459,19 @@ public abstract class LDAPLoginModule extends FileLoginModule implements Loggabl
} }
} }
private ContextHandler createLdapContext(String user, String password) { private ContextHandler createLdapContext(String user, String password, boolean requireAuthentication) {
LdapContext ctx = null; LdapContext ctx = null;
StartTlsResponse tls = null; StartTlsResponse tls = null;
Hashtable<String, String> env = createBasicEnvForInitalContext(); Hashtable<String, String> env = createBasicEnvForInitalContext();
try { try {
if (!START_TLS) { if (!START_TLS) {
if (!AUTHENTICATION_METHOD.equals(ANONYMOUS_LDAP_CONNECTION)) { if (requireAuthentication || !AUTHENTICATION_METHOD.equals(ANONYMOUS_LDAP_CONNECTION)) {
env.put(Context.SECURITY_AUTHENTICATION, AUTHENTICATION_METHOD); if (requireAuthentication) {
env.put(Context.SECURITY_AUTHENTICATION, "simple");
} else {
env.put(Context.SECURITY_AUTHENTICATION, AUTHENTICATION_METHOD);
}
env.put(Context.SECURITY_PRINCIPAL, user); env.put(Context.SECURITY_PRINCIPAL, user);
env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.SECURITY_CREDENTIALS, password);
} }
...@@ -500,8 +504,12 @@ public abstract class LDAPLoginModule extends FileLoginModule implements Loggabl ...@@ -500,8 +504,12 @@ public abstract class LDAPLoginModule extends FileLoginModule implements Loggabl
} else { } else {
tls.negotiate(); tls.negotiate();
} }
if (!AUTHENTICATION_METHOD.equals(ANONYMOUS_LDAP_CONNECTION)) { if (requireAuthentication || !AUTHENTICATION_METHOD.equals(ANONYMOUS_LDAP_CONNECTION)) {
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, AUTHENTICATION_METHOD); if (requireAuthentication) {
env.put(Context.SECURITY_AUTHENTICATION, "simple");
} else {
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, AUTHENTICATION_METHOD);
}
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, user); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, user);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
} }
...@@ -595,7 +603,7 @@ public abstract class LDAPLoginModule extends FileLoginModule implements Loggabl ...@@ -595,7 +603,7 @@ public abstract class LDAPLoginModule extends FileLoginModule implements Loggabl
*/ */
private ContextHandler connectAndGetContext() throws NamingException { private ContextHandler connectAndGetContext() throws NamingException {
// Create the initial directory context // Create the initial directory context
return createLdapContext(BIND_LOGIN, BIND_PASSWD); return createLdapContext(BIND_LOGIN, BIND_PASSWD, false);
} }
/** /**
......
...@@ -127,8 +127,7 @@ public class SchedulerBackupRunner implements Runnable { ...@@ -127,8 +127,7 @@ public class SchedulerBackupRunner implements Runnable {
File backupFile = new File(resolvedDestination, backupFileName); File backupFile = new File(resolvedDestination, backupFileName);
LOGGER.info("Performing backup to " + backupFile); LOGGER.info("Performing backup to " + backupFile);
String[] foldersToZip = targets.stream() String[] foldersToZip = targets.stream()
.map(target -> (new File(PASchedulerProperties.SCHEDULER_HOME.getValueAsString(), .map(target -> PASchedulerProperties.getAbsolutePath(target))
target)).getAbsolutePath())
.toArray(String[]::new); .toArray(String[]::new);
LOGGER.info("Backup of the following folders : " + Arrays.toString(foldersToZip)); LOGGER.info("Backup of the following folders : " + Arrays.toString(foldersToZip));
try { try {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment