java - Extending LdapLoginModule is not authorizing user -

-

i trying install custom authentication(required in application) using jaas. standalone.xml looks like

<security-domain name="other" cache-type="default">                 <authentication>                     <login-module code="com.app.user.extendedsec.extendedldapextloginmodule" flag="optional">                         <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.ldapctxfactory"/>                         <module-option name="java.naming.provider.url" value="ldap://app.user.in:389"/>                         <module-option name="java.naming.security.authentication" value="simple"/>                         <module-option name="password-stacking" value="usefirstpass"/>                         <module-option name="principaldnprefix" value="cn="/>                         <module-option name="principaldnsuffix" value=",ou=test,dc=ads,dc=exilant,dc=in"/>                         <module-option name="rolesctxdn" value="ou=test,dc=ads,dc=exilant,dc=in"/>                         <module-option name="uidattributeid" value="member"/>                         <module-option name="matchonuserdn" value="false"/>                         <module-option name="roleattributeid" value="samaccountname"/>                         <module-option name="roleattributeisdn" value="true"/>                     </login-module>                     <login-module code="com.app.user.extendedsec.extendedusernamepasswordloginmodule" flag="required">                         <module-option name="unauthenticatedidentity" value="guest"/>                         <module-option name="password-stacking" value="usefirstpass"/>                         <module-option name="dsjndiname" value="java:/session-tracking-datasource-orcl"/>                         <module-option name="principalsquery" value="select password fusion_users userid=? , lockflag='false' , (upper(active_ind) != 'n' or active_ind null)"/>                         <module-option name="rolesquery" value="select usertype, 'roles' fusion_user_groups userid=?"/>                     </login-module>

when authenticating , authorizing using db working fine. not able authenticate/authorize using ldap server

public class extendedldapextloginmodule extends ldaploginmodule {  private static logger _logger=logger.getlogger(extendedldapextloginmodule.class.getclass());    /**  * @param inputpassword: encrypted password request; expectedpassword: password active directive  * @return passed super class. true success, false failure.  */ @override protected boolean validatepassword(string inputpassword, string expectedpassword) {     _logger.debug("extendedldapextloginmodule: input encrypted: " + inputpassword);     _logger.debug("extendedldapextloginmodule: input decrypted: " + passwordcodec.getdecryptedpassword(inputpassword));     _logger.debug("extendedldapextloginmodule: expected: " +expectedpassword);      //  decrypt password before pass comparison     return super.validatepassword(passwordcodec.getdecryptedpassword(inputpassword), expectedpassword); }

}

the password getting decrypted @ server side correctly.

am missing here?

thanks

assuming extending org.jboss.security.auth.spi.ldaploginmodule, should not override validatepassword() tries bind operation ldap server.

judging source code , comments @ jboss docs can use vanilla ldaploginmodule#validatepassword() , try login instead of password retrieval.

specifically, these comments jboss source code clarify this: 

/** overriden return empty password string typically 1 cannot obtain user's password. override validatepassword ok. @return , empty password string */ protected string getuserspassword() throws loginexception {   return ""; }  /** validate inputpassword creating ldap initialcontext security_credentials set password.  @param inputpassword password validate. @param expectedpassword ignored */ protected boolean validatepassword(string inputpassword, string expectedpassword)

Comments

Post a Comment

Popular posts from this blog

google api - Incomplete response from Gmail API threads.list -

-
i plot number of emails in inbox on time using gmail api , i'm seeing lot of drop-outs, whatever reason i'm getting incomplete count of messages @ single time points. my plots here: https://plot.ly/~tdsmith/2 -- "drop-outs" i'm complaining trace shoots downwards , recovers previous level @ next timepoint. the code i'm using count emails here: https://github.com/tdsmith/gmail-plotly/blob/master/gmail-plotly.py#l47-l64 what can diagnose these faults?
Read more

Installing Android SQLite Asset Helper -

-
i need use ready made database. search solution on internet did not work until decided use mentioned library found here . however, found hard use library in installation procedures shallow beginners. i appreciate step step procedure on how use android studio. in struggle tried copying sources main/libs , adding line gradle did not work. use api 19 if helps. update here build.gradle // top-level build file can add configuration options common sub-projects/modules. buildscript { repositories { mavencentral() } dependencies { classpath 'com.android.tools.build:gradle:0.11.+' compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+' // note: not place application dependencies here; belong // in individual module build.gradle files } } allprojects { repositories { mavencentral() } } trying compile project error error:(9, 0) no signature of method: org.gradle.api.internal.artifacts
Read more

Qt Creator - Searching files with Locator including folder -

-
one quick question qtcreator : know possible use locator open files using "ctrl-k" shortcut. however, possible search files including locations? for example, let's want locate file named "main.cpp" in folder named "myfolder" , have lots of other main.cpp files. what should type locator in order open ? just type myfolder/main.cpp in locator
Read more