diff --git a/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/jaas/spi/LdapLoginModule.java b/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/jaas/spi/LdapLoginModule.java index df639aced782..362627f5c65f 100644 --- a/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/jaas/spi/LdapLoginModule.java +++ b/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/jaas/spi/LdapLoginModule.java @@ -41,7 +41,6 @@ import org.eclipse.jetty.security.UserPrincipal; import org.eclipse.jetty.security.jaas.callback.ObjectCallback; -import org.eclipse.jetty.util.StringUtil; import org.eclipse.jetty.util.TypeUtil; import org.eclipse.jetty.util.security.Credential; import org.slf4j.Logger; @@ -240,7 +239,7 @@ public JAASUser getUser(String username) throws Exception protected String doRFC2254Encoding(String inputString) { - StringBuffer buf = new StringBuffer(inputString.length()); + StringBuilder buf = new StringBuilder(inputString.length()); for (int i = 0; i < inputString.length(); i++) { char c = inputString.charAt(i); @@ -279,11 +278,10 @@ protected String doRFC2254Encoding(String inputString) private Attributes getUserAttributes(String username) throws LoginException { SearchResult result = findUser(username); - Attributes attributes = result.getAttributes(); - return attributes; + return result.getAttributes(); } - private String getUserCredentials(Attributes attributes) throws LoginException + private String getUserCredentials(Attributes attributes) { String ldapCredential = null; @@ -421,7 +419,7 @@ public boolean login() throws LoginException return isAuthenticated(); } - boolean authed = false; + boolean authed; if (_forceBindingLogin) { @@ -514,7 +512,7 @@ public boolean bindingLogin(String username, Object password) throws LoginExcept Hashtable environment = getEnvironment(); - if (userDn == null || "".equals(userDn)) + if (userDn == null || userDn.isEmpty()) { throw new FailedLoginException("username may not be empty"); } @@ -533,10 +531,6 @@ public boolean bindingLogin(String username, Object password) throws LoginExcept setAuthenticated(true); return true; } - catch (AuthenticationException e) - { - throw new FailedLoginException(e.getMessage()); - } catch (NamingException e) { throw new FailedLoginException(e.getMessage()); @@ -548,7 +542,7 @@ private SearchResult findUser(String username) throws LoginException String filter = "(&(objectClass={0})({1}={2}))"; if (LOG.isDebugEnabled()) - LOG.debug("Searching for user {} with filter: \'{}\' from base dn: {}", username, filter, _userBaseDn); + LOG.debug("Searching for user {} with filter: '{}' from base dn: {}", username, filter, _userBaseDn); Object[] filterArguments = new Object[]{ _userObjectClass, @@ -581,7 +575,7 @@ private SearchResult findUser(DirContext dirContext, String filter, Object[] fil if (!results.hasMoreElements()) throw new FailedLoginException("User not found."); - SearchResult searchResult = (SearchResult)results.nextElement(); + SearchResult searchResult = results.nextElement(); if (results.hasMoreElements()) throw new FailedLoginException("Search result contains ambiguous entries"); @@ -610,7 +604,8 @@ public void initialize(Subject subject, _port = Integer.parseInt((String)options.get("port")); _contextFactory = (String)options.get("contextFactory"); _bindDn = (String)options.get("bindDn"); - _bindPassword = (String)options.get("bindPassword"); + String bindPassword = (String)options.get("bindPassword"); + _bindPassword = bindPassword == null ? null : Credential.getCredential(bindPassword).toString(); _authenticationMethod = (String)options.get("authenticationMethod"); _userBaseDn = (String)options.get("userBaseDn"); @@ -731,13 +726,13 @@ public static String convertCredentialLdapToJetty(String encryptedPassword) if (encryptedPassword.toUpperCase(Locale.ENGLISH).startsWith("{MD5}")) { - String src = encryptedPassword.substring("{MD5}".length(), encryptedPassword.length()); + String src = encryptedPassword.substring("{MD5}".length()); return "MD5:" + base64ToHex(src); } if (encryptedPassword.toUpperCase(Locale.ENGLISH).startsWith("{CRYPT}")) { - return "CRYPT:" + encryptedPassword.substring("{CRYPT}".length(), encryptedPassword.length()); + return "CRYPT:" + encryptedPassword.substring("{CRYPT}".length()); } return encryptedPassword; @@ -748,10 +743,4 @@ private static String base64ToHex(String src) byte[] bytes = Base64.getDecoder().decode(src); return TypeUtil.toString(bytes, 16); } - - private static String hexToBase64(String src) - { - byte[] bytes = StringUtil.fromHexString(src); - return Base64.getEncoder().encodeToString(bytes); - } } diff --git a/jetty-core/jetty-security/src/test/java/org/eclipse/jetty/security/jaas/JAASLdapLoginServiceTest.java b/jetty-core/jetty-security/src/test/java/org/eclipse/jetty/security/jaas/JAASLdapLoginServiceTest.java index e2692df08b5b..502ed4733af3 100644 --- a/jetty-core/jetty-security/src/test/java/org/eclipse/jetty/security/jaas/JAASLdapLoginServiceTest.java +++ b/jetty-core/jetty-security/src/test/java/org/eclipse/jetty/security/jaas/JAASLdapLoginServiceTest.java @@ -164,7 +164,7 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String name) options.put("port", Integer.toString(ldapServer.getTransports()[0].getPort())); options.put("contextFactory", "com.sun.jndi.ldap.LdapCtxFactory"); options.put("bindDn", "uid=admin,ou=system"); - options.put("bindPassword", "secret"); + options.put("bindPassword", "OBF:1yta1t331v8w1v9q1t331ytc"); options.put("userBaseDn", "ou=people,dc=jetty,dc=org"); options.put("roleBaseDn", "ou=groups,dc=jetty,dc=org"); options.put("roleNameAttribute", "cn");