safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1115: Split bindAs() into LDAP- and Guacamole-specific versions of the same.

Browse Source
This commit is contained in:
Michael Jumper
2015-10-23 15:17:57 -07:00
parent c563fa43b4
commit eca825c899
1 changed files with 56 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/AuthenticationProviderService.java
View File

@@ -111,13 +111,14 @@ public class AuthenticationProviderService {
}
/**
* Binds to the LDAP server using the provided Guacamole credentials. The
* DN of the user is derived using the LDAP configuration properties
* provided in guacamole.properties, as is the server hostname and port
* information.
* Binds to the LDAP server using the provided user DN and password.
*
* @param credentials
* The credentials to use to bind to the LDAP server.
* @param userDN
* The DN of the user to bind as, or null to bind anonymously.
*
* @param password
* The password to use when binding as the specified user, or null to
* attempt to bind without a password.
*
* @return
* A bound LDAP connection, or null if the connection could not be
@@ -126,27 +127,11 @@ public class AuthenticationProviderService {
* @throws GuacamoleException
* If an error occurs while binding to the LDAP server.
*/
private LDAPConnection bindAs(Credentials credentials)
private LDAPConnection bindAs(String userDN, String password)
throws GuacamoleException {
LDAPConnection ldapConnection;
// Get username and password from credentials
String username = credentials.getUsername();
String password = credentials.getPassword();
// Require username
if (username == null || username.isEmpty()) {
logger.debug("Anonymous bind is not currently allowed by the LDAP authentication provider.");
return null;
}
// Require password, and do not allow anonymous binding
if (password == null || password.isEmpty()) {
logger.debug("Anonymous bind is not currently allowed by the LDAP authentication provider.");
return null;
}
// Connect to LDAP server
try {
ldapConnection = new LDAPConnection();
@@ -164,13 +149,6 @@ public class AuthenticationProviderService {
// Bind using provided credentials
try {
// Determine user DN
String userDN = getUserBindDN(username);
if (userDN == null) {
logger.error("Unable to determine DN for user \"{}\".", username);
return null;
}
// Bind as user
try {
ldapConnection.bind(LDAPConnection.LDAP_V3, userDN,
@@ -198,6 +176,53 @@ public class AuthenticationProviderService {
}
/**
* Binds to the LDAP server using the provided Guacamole credentials. The
* DN of the user is derived using the LDAP configuration properties
* provided in guacamole.properties, as is the server hostname and port
* information.
*
* @param credentials
* The credentials to use to bind to the LDAP server.
*
* @return
* A bound LDAP connection, or null if the connection could not be
* bound.
*
* @throws GuacamoleException
* If an error occurs while binding to the LDAP server.
*/
private LDAPConnection bindAs(Credentials credentials)
throws GuacamoleException {
// Get username and password from credentials
String username = credentials.getUsername();
String password = credentials.getPassword();
// Require username
if (username == null || username.isEmpty()) {
logger.debug("Anonymous bind is not currently allowed by the LDAP authentication provider.");
return null;
}
// Require password, and do not allow anonymous binding
if (password == null || password.isEmpty()) {
logger.debug("Anonymous bind is not currently allowed by the LDAP authentication provider.");
return null;
}
// Determine user DN
String userDN = getUserBindDN(username);
if (userDN == null) {
logger.error("Unable to determine DN for user \"{}\".", username);
return null;
}
// Bind using user's DN
return bindAs(userDN, password);
}
/**
* Returns an AuthenticatedUser representing the user authenticated by the
* given credentials.