From cae0b3dbcf69335667bde9e7586d1ba146dda0cd Mon Sep 17 00:00:00 2001
From: Yannick Lecaillez <yannick.lecaillez@forgerock.com>
Date: Fri, 03 Jun 2016 12:19:33 +0000
Subject: [PATCH] Fix: Use the LDAPContext to get an internal connection.
---
opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContext.java | 11 ++---
opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContextInjectionFilter.java | 32 ++--------------
opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/HttpBasicAuthorizationMechanism.java | 17 +++-----
opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/InternalProxyAuthzFilter.java | 10 +++--
4 files changed, 21 insertions(+), 49 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContext.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContext.java
index bb99b76..6370220 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContext.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContext.java
@@ -17,10 +17,10 @@
package org.opends.server.protocols.http;
import org.forgerock.opendj.ldap.Connection;
-import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.services.context.AbstractContext;
import org.forgerock.services.context.Context;
+import org.opends.server.types.Entry;
/**
* Context provided by a Directory Server. It contains a reference to a
@@ -64,13 +64,12 @@
/**
* Get a direct {@link Connection} to this Directory Server.
*
- * @param userDN
- * DN of the user's used to validate authorization.
+ * @param userEntry
+ * The returned connection will be authenticated as userEntry.
* @return A direct {@link Connection} to this Directory Server.
* @throws LdapException
- * If a connection cannot be create (i.e: because the userDN
- * doesn't exists).
+ * If a connection cannot be created (i.e: because an administrative limit has been exceeded).
*/
- Connection getConnection(DN userDN) throws LdapException;
+ Connection getAuthenticatedConnection(Entry userEntry) throws LdapException;
}
}
\ No newline at end of file
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContextInjectionFilter.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContextInjectionFilter.java
index a750273..091b007 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContextInjectionFilter.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/LDAPContextInjectionFilter.java
@@ -20,7 +20,6 @@
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.opendj.ldap.Connection;
-import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.services.context.Context;
@@ -30,7 +29,6 @@
import org.opends.server.core.ServerContext;
import org.opends.server.protocols.http.LDAPContext.InternalConnectionFactory;
import org.opends.server.types.AuthenticationInfo;
-import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
/**
@@ -55,11 +53,11 @@
final LDAPContext djContext = new LDAPContext(context, new InternalConnectionFactory()
{
@Override
- public Connection getConnection(DN userDN) throws LdapException
+ public Connection getAuthenticatedConnection(Entry userEntry) throws LdapException
{
final HTTPClientConnection clientConnection =
new HTTPClientConnection(serverContext, httpConnectionHandler, context, request);
- clientConnection.setAuthenticationInfo(getAuthInfoForDN(userDN));
+ clientConnection.setAuthenticationInfo(getAuthInfoForUserEntry(userEntry));
if (clientConnection.getConnectionID() < 0)
{
throw LdapException.newLdapException(ResultCode.ADMIN_LIMIT_EXCEEDED);
@@ -68,31 +66,9 @@
return new SdkConnectionAdapter(clientConnection);
}
- private AuthenticationInfo getAuthInfoForDN(DN userDN) throws LdapException
+ private AuthenticationInfo getAuthInfoForUserEntry(Entry userEntry)
{
- if (userDN == null || userDN.isRootDN())
- {
- return new AuthenticationInfo();
- }
- final DN rootUserDN = DirectoryServer.getActualRootBindDN(userDN);
- if (rootUserDN != null)
- {
- userDN = rootUserDN;
- }
- Entry userEntry;
- try
- {
- userEntry = DirectoryServer.getEntry(userDN);
- }
- catch (DirectoryException e)
- {
- throw LdapException.newLdapException(e.getResultCode());
- }
- if (userEntry == null)
- {
- throw LdapException.newLdapException(ResultCode.INVALID_CREDENTIALS);
- }
- return new AuthenticationInfo(userEntry, DirectoryServer.isRootDN(userDN));
+ return new AuthenticationInfo(userEntry, DirectoryServer.isRootDN(userEntry.getName()));
}
});
return next.handle(djContext, request);
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/HttpBasicAuthorizationMechanism.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/HttpBasicAuthorizationMechanism.java
index becc6b6..4699624 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/HttpBasicAuthorizationMechanism.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/HttpBasicAuthorizationMechanism.java
@@ -16,7 +16,6 @@
package org.opends.server.protocols.http.authz;
import static org.forgerock.http.filter.Filters.chainOf;
-import static org.forgerock.opendj.adapter.server3x.Adapters.newConnection;
import static org.forgerock.opendj.adapter.server3x.Adapters.newRootConnectionFactory;
import static org.forgerock.opendj.ldap.LdapException.newLdapException;
import static org.forgerock.opendj.ldap.ResultCode.INVALID_CREDENTIALS;
@@ -32,7 +31,6 @@
import static org.forgerock.util.promise.Promises.newExceptionPromise;
import static org.forgerock.util.promise.Promises.newResultPromise;
import static org.opends.server.core.DirectoryServer.getIdentityMapper;
-import static org.opends.server.core.DirectoryServer.isRootDN;
import java.util.HashMap;
import java.util.Map;
@@ -55,8 +53,7 @@
import org.forgerock.util.promise.Promise;
import org.opends.server.api.IdentityMapper;
import org.opends.server.core.ServerContext;
-import org.opends.server.protocols.internal.InternalClientConnection;
-import org.opends.server.types.AuthenticationInfo;
+import org.opends.server.protocols.http.LDAPContext;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
@@ -130,7 +127,11 @@
{
final Entry userEntry = getMappedIdentity(username);
doBind(userEntry.getName().toString(), password);
- final Context authcContext = new AuthenticatedConnectionContext(parentContext, newConnectionAs(userEntry));
+ final Connection connection =
+ parentContext.asContext(LDAPContext.class)
+ .getInternalConnectionFactory()
+ .getAuthenticatedConnection(userEntry);
+ final Context authcContext = new AuthenticatedConnectionContext(parentContext, connection);
final Map<String, Object> authz = new HashMap<>();
authz.put(AUTHZID_DN, userEntry.getName().toString());
@@ -171,11 +172,5 @@
}
}
}
-
- private Connection newConnectionAs(Entry userEntry)
- {
- return newConnection(new InternalClientConnection(
- new AuthenticationInfo(userEntry, isRootDN(userEntry.getName()))));
- }
}
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/InternalProxyAuthzFilter.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/InternalProxyAuthzFilter.java
index d7b54b9..4437bcf 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/InternalProxyAuthzFilter.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/InternalProxyAuthzFilter.java
@@ -42,6 +42,7 @@
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;
import org.opends.server.api.IdentityMapper;
+import org.opends.server.core.DirectoryServer;
import org.opends.server.protocols.http.LDAPContext;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
@@ -71,7 +72,8 @@
Connection tmp = null;
try
{
- tmp = ldapContext.getInternalConnectionFactory().getConnection(getUserDN(securityContext));
+ tmp = ldapContext.getInternalConnectionFactory()
+ .getAuthenticatedConnection(getUserEntry(securityContext));
}
catch (LdapException | DirectoryException e)
{
@@ -90,14 +92,14 @@
});
}
- private DN getUserDN(final SecurityContext securityContext) throws LdapException, DirectoryException
+ private Entry getUserEntry(final SecurityContext securityContext) throws LdapException, DirectoryException
{
final Map<String, Object> authz = securityContext.getAuthorization();
if (authz.containsKey(AUTHZID_DN))
{
try
{
- return DN.valueOf(authz.get(AUTHZID_DN).toString(), schema);
+ return DirectoryServer.getEntry(DN.valueOf(authz.get(AUTHZID_DN).toString(), schema));
}
catch (LocalizedIllegalArgumentException e)
{
@@ -111,7 +113,7 @@
{
throw LdapException.newLdapException(ResultCode.INVALID_CREDENTIALS);
}
- return entry.getName();
+ return entry;
}
throw LdapException.newLdapException(ResultCode.AUTHORIZATION_DENIED);
}
--
Gitblit v1.10.0