mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 5f06b4f9 | patch | commit | ignore whitespace
Ludovic Poitou
21.42.2013 4bbd5afe4f915d70cc9547f303b7e37f33c7f7e7 
Fix OPENDJ-1183: Can not reset userPassword through REST interface due to lack of privileges.
Use a root connection to do the initial user search, and then avoid explicitly setting authentication info, since it's done by the bind operation itself.
1 files modified
24 ■■■■■ changed files
opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java 24 ●●●●● patch | view | raw | blame | history 
 opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java


@@ -39,6 +39,7 @@


import javax.servlet.http.HttpServletResponseWrapper;




import org.forgerock.json.resource.ResourceException;


import org.forgerock.opendj.adapter.server2x.Adapters;


import org.forgerock.opendj.ldap.*;


import org.forgerock.opendj.ldap.Filter;


import org.forgerock.opendj.ldap.requests.BindRequest;


@@ -53,12 +54,10 @@


import org.opends.server.loggers.debug.DebugTracer;


import org.opends.server.schema.SchemaConstants;


import org.opends.server.types.AddressMask;


import org.opends.server.types.AuthenticationInfo;


import org.opends.server.types.DebugLogLevel;


import org.opends.server.types.DisconnectReason;


import org.opends.server.util.Base64;




import static org.forgerock.opendj.adapter.server2x.Converters.*;


import static org.opends.messages.ProtocolMessages.*;


import static org.opends.server.loggers.AccessLogger.*;


import static org.opends.server.loggers.ErrorLogger.*;


@@ -142,7 +141,7 @@


        // wipe it from memory for security reasons


        ctx.password = null;


        ctx.connection.bindAsync(bindRequest, null,


            new CallDoFilterResultHandler(ctx, resultEntry));


            new CallDoFilterResultHandler(ctx));


      }


    }




@@ -157,13 +156,10 @@


  {




    private final HTTPRequestContext ctx;


    private final SearchResultEntry resultEntry;




    private CallDoFilterResultHandler(HTTPRequestContext ctx,


        SearchResultEntry resultEntry)


    private CallDoFilterResultHandler(HTTPRequestContext ctx)


    {


      this.ctx = ctx;


      this.resultEntry = resultEntry;


    }




    @Override


@@ -177,11 +173,9 @@


    {


      ctx.clientConnection.setAuthUser(ctx.userName);




      final AuthenticationInfo authInfo = new AuthenticationInfo(


          to(resultEntry), to(resultEntry.getName()), false);


      try


      {


        doFilter(ctx, authInfo);


        doFilter(ctx);


      }


      catch (Exception e)


      {


@@ -295,13 +289,13 @@




        ctx.asyncContext = getAsyncContext(request);




        ctx.connection.searchSingleEntryAsync(buildSearchRequest(ctx.userName),


            new DoBindResultHandler(ctx));


        Adapters.newRootConnection().searchSingleEntryAsync(


            buildSearchRequest(ctx.userName), new DoBindResultHandler(ctx));


      }


      else if (this.connectionHandler.acceptUnauthenticatedRequests())


      {


        // use unauthenticated user


        doFilter(ctx, new AuthenticationInfo());


        doFilter(ctx);


      }


      else


      {


@@ -314,11 +308,9 @@


    }


  }




  private void doFilter(HTTPRequestContext ctx, AuthenticationInfo authInfo)


  private void doFilter(HTTPRequestContext ctx)


      throws Exception


  {


    ctx.clientConnection.setAuthenticationInfo(authInfo);




    /*


     * WARNING: This action triggers 3-4 others: Set the connection for use with


     * this request on the HttpServletRequest. It will make