From a163179dc83360c41ce15fa0060efade1007bf9a Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Tue, 23 Apr 2013 14:08:38 +0000
Subject: [PATCH] OPENDJ-830 (CR-1595) Implement authentication and authorization for HTTP connection handler
---
opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java | 42 ++++++++++++++++++++++++++++++------------
1 files changed, 30 insertions(+), 12 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java b/opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java
index 9ee9af3..8a4c71e 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java
@@ -55,6 +55,7 @@
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ErrorResultException;
import org.forgerock.opendj.ldap.Filter;
+import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.ResultHandler;
import org.forgerock.opendj.ldap.requests.BindRequest;
import org.forgerock.opendj.ldap.requests.Requests;
@@ -156,7 +157,16 @@
@Override
public void handleErrorResult(ErrorResultException error)
{
- onFailure(error, ctx);
+ final ResultCode rc = error.getResult().getResultCode();
+ if (ResultCode.CLIENT_SIDE_NO_RESULTS_RETURNED.equals(rc)
+ || ResultCode.CLIENT_SIDE_UNEXPECTED_RESULTS_RETURNED.equals(rc))
+ {
+ sendAuthenticationFailure(ctx);
+ }
+ else
+ {
+ onFailure(error, ctx);
+ }
}
@Override
@@ -255,9 +265,7 @@
final String userName = userPassword[0];
ctx.password = userPassword[1];
- final AsyncContext asyncContext = getAsyncContext(request);
- asyncContext.setTimeout(60 * 1000);
- ctx.asyncContext = asyncContext;
+ ctx.asyncContext = getAsyncContext(request);
ctx.connection.searchSingleEntryAsync(buildSearchRequest(userName),
new DoBindResultHandler(ctx));
@@ -298,15 +306,25 @@
private void sendAuthenticationFailure(HTTPRequestContext ctx)
{
- // The user could not be authenticated. Send an HTTP Basic authentication
- // challenge if HTTP Basic authentication is enabled.
- ResourceException unauthorizedException =
- ResourceException.getException(HttpServletResponse.SC_UNAUTHORIZED,
- "Invalid Credentials");
- sendErrorReponse(ctx.response, ctx.prettyPrint, unauthorizedException);
+ try
+ {
+ // The user could not be authenticated. Send an HTTP Basic authentication
+ // challenge if HTTP Basic authentication is enabled.
+ ResourceException unauthorizedException =
+ ResourceException.getException(HttpServletResponse.SC_UNAUTHORIZED,
+ "Invalid Credentials");
+ sendErrorReponse(ctx.response, ctx.prettyPrint, unauthorizedException);
- ctx.clientConnection.disconnect(DisconnectReason.INVALID_CREDENTIALS,
- false, null);
+ ctx.clientConnection.disconnect(DisconnectReason.INVALID_CREDENTIALS,
+ false, null);
+ }
+ finally
+ {
+ if (ctx.asyncContext != null)
+ {
+ ctx.asyncContext.complete();
+ }
+ }
}
private void onFailure(Exception e, HTTPRequestContext ctx)
--
Gitblit v1.10.0