AnsweredAssumed Answered

modificacion al modulo de autenticacion

Question asked by alephx1979 on Aug 8, 2008
Estoy modificando el modulo de autenticacion del Alfresco Community 2.1 para autenticar contra OpenLDAP con multiples 'ou', el codigo es el siguiente basado en el modulo de Alfresco:


package org.alfresco.repo.security.authentication.ldap;

import java.util.Map;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;

/**
* @author Darien J. Alvarez de la Cruz mailto:dalvarez@uci.cu
*
*/
public class MyLDAPAuthenticationComponentImpl extends AbstractAuthenticationComponent {

private LDAPInitialDirContextFactory ldapInitialContextFactory;
private static String principalName;
private static String principalPass;

private String userNameFormat;

public MyLDAPAuthenticationComponentImpl() {
super();
}

public void setUserNameFormat(String userNameFormat)
{
this.userNameFormat = userNameFormat;
}

public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory) {
this.ldapInitialContextFactory = ldapInitialDirContextFactory;
}

public void authenticate(String userName, char[] password) throws AuthenticationException {

InitialDirContext ctx = null;

try {
Map<String, String> env = ((LDAPInitialDirContextFactoryImpl)ldapInitialContextFactory).getInitialDirContextEnvironment();

if (principalName == null) {
principalName = env.get(Context.SECURITY_PRINCIPAL);
principalPass = env.get(Context.SECURITY_CREDENTIALS);
}

env.put( Context.SECURITY_PRINCIPAL, principalName);
env.put( Context.SECURITY_CREDENTIALS, principalPass);

ctx = ldapInitialContextFactory.getDefaultIntialDirContext();

SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);

NamingEnumeration<SearchResult> searchResult = ctx.search("", "(objectclass=*)", searchControls);

SearchResult result = null;
String resultName = "";

while(searchResult.hasMore()){
result = searchResult.next();
resultName =result.getName();

if (resultName != null && resultName != "") {

if (resultName.startsWith("ou")) {

resultName = resultName.substring(resultName.indexOf("=")+1);

try {
ctx = ldapInitialContextFactory.getInitialDirContext ( String.format(userNameFormat, new Object[]{userName + ",ou=" + resultName}) , String.valueOf(password) );

setCurrentUser(userName);
} catch ( Exception e ) { }
}
}
}
} catch (NamingException e) {
throw new AuthenticationException("Failed Authenticate", e);
}
finally {

if (ctx != null) {

try {

ctx.close();

} catch (NamingException e) {

clearCurrentSecurityContext();

throw new AuthenticationException("Failed to close connection", e);
}
}
}
}

protected boolean implementationAllowsGuestLogin() {

return false;
}

}

Esto funciona perfectamente cuando el user:password son correctos, sin embargo cuando el usuario se equivoca en la autenticacion me lanza el siguiente error:


javax.faces.FacesException: Error calling action method of component with id loginForm:submit
caused by:
javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
caused by:
net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext

javax.faces.FacesException: Error calling action method of component with id loginForm:submit
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)
at javax.faces.component.UICommand.broadcast(UICommand.java:109)
at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:94)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)

Alguna idea…
Saludos.

Outcomes