Commits

Anonymous committed 45705fb

Fixed some things in the LDAPCredentialsProvider, see:
http://jira.atlassian.com/secure/ViewIssue.jspa?key=JRA-2024
Also changed build.xml to generate proper timestamps from GMT
(for reference this commit makes osuser-1.0-dev-19Nov03.jar)

  • Participants
  • Parent commits e777fb1

Comments (0)

Files changed (2)

 
   <!-- Setup details -->
   <target name="init">
-    <tstamp/>
+    <tstamp>
+      <format property="release" pattern="-dMMMyy" locale="en" timezone="GMT"/>
+    </tstamp>
     <property name="lib" value="lib"/>
     <property name="lib.core" value="${lib}/core"/>
     <property name="lib.build" value="${lib}/build"/>
   <!-- Build jar archive -->
   <target name="jar" depends="format">
     <mkdir dir="${dist}"/>
-    <jar basedir="${build.java}" jarfile="${dist}/${name}-${version}.jar"/>
+    <jar basedir="${build.java}" jarfile="${dist}/${name}-${version}${release}.jar"/>
   </target>
 
   <target name="example" depends="jar">

src/java/com/opensymphony/user/provider/ldap/LDAPCredentialsProvider.java

  * DOCUMENT ME!
  *
  * @author $author$
- * @version $Revision: 1.1.1.1 $
+ * @version $Revision: 1.2 $
  */
 public class LDAPCredentialsProvider implements CredentialsProvider {
     //~ Static fields/initializers /////////////////////////////////////////////
     //~ Methods ////////////////////////////////////////////////////////////////
 
     public boolean authenticate(String name, String password) {
+        // Do NOT allow null or empty passwords
+        // This is required as LDAP (by default) allows an empty password for an existing user
+        // (if the password is not specified LDAP allows the user to connect, and treats the user as
+        // an unauthenticated - anonymous user)
+        if ((password == null) || "".equals(password)) {
+            return false;
+        }
+
         // check cache
         TimeAndPassword tp = (TimeAndPassword) cache.get(name);
 
                 return true;
             }
         } catch (NamingException ne) {
+            // The authentication against the LDAP has failed (the user DOES exist in LDAP)
+            // Do NOT try other providers
+            return false;
         }
 
-        if (log.isDebugEnabled()) {
-            log.debug("Couldn't authenticate against LDAP server, trying other Credentials");
+        if (
+            // If we are here it means that the user was NOT found in the LDAP server,
+            // try other providers.
+            log.isDebugEnabled()) {
+            // If we are here it means that the user was NOT found in the LDAP server,
+            // try other providers.
+            log.debug("Couldn't find the user in LDAP server, trying other Credential Providers");
         }
 
         Collection credentialsProviders = UserManager.getInstance().getCredentialsProviders();