From 3c8749d5d72d742f65c1890f6f60cd6f58dbe906 Mon Sep 17 00:00:00 2001 From: Felix Albani Date: Tue, 15 Aug 2017 14:47:23 -0400 Subject: [PATCH] Nifi-ldap-iaa support for PasswordComparisonAuthenticator --- .../apache/nifi/ldap/AuthenticatorType.java | 10 +++++ .../org/apache/nifi/ldap/LdapProvider.java | 42 ++++++++++++++++--- 2 files changed, 47 insertions(+), 5 deletions(-) create mode 100644 nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/AuthenticatorType.java diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/AuthenticatorType.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/AuthenticatorType.java new file mode 100644 index 000000000000..ae99e004b8b1 --- /dev/null +++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/AuthenticatorType.java @@ -0,0 +1,10 @@ +package org.apache.nifi.ldap; + +/** + * + */ +public enum AuthenticatorType { + + BIND, + PASSWORD +} \ No newline at end of file diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java index 58751cd425e6..b65450b53c3f 100644 --- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java +++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java @@ -38,11 +38,10 @@ import org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.authentication.encoding.LdapShaPasswordEncoder; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider; -import org.springframework.security.ldap.authentication.BindAuthenticator; -import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; +import org.springframework.security.ldap.authentication.*; import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; import org.springframework.security.ldap.search.LdapUserSearch; import org.springframework.security.ldap.userdetails.LdapUserDetails; @@ -193,8 +192,41 @@ public final void onConfigured(final LoginIdentityProviderConfigurationContext c final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context); - // bind - final BindAuthenticator authenticator = new BindAuthenticator(context); + + String rawAuthenticatorType = configurationContext.getProperty("Authenticator Type"); + AuthenticatorType authenticatorType; + + if (StringUtils.isBlank(rawAuthenticatorType)) + { + logger.info(String.format("Authenticator Type is not configured, defaulting type to %s.", new Object[] { AuthenticatorType.BIND })); + + authenticatorType = AuthenticatorType.BIND; + } + else + { + try + { + authenticatorType = AuthenticatorType.valueOf(rawAuthenticatorType); + } + catch (IllegalArgumentException iae) + { + throw new ProviderCreationException(String.format("Unrecognized authenticator type '%s'. Possible values are [%s]", new Object[] { rawAuthenticatorType, + StringUtils.join(AuthenticatorType.values(), ", ") })); + } + } + + AbstractLdapAuthenticator authenticator; + + if (authenticatorType == AuthenticatorType.BIND) + { + authenticator = new BindAuthenticator(context); + } + else + { + authenticator = new PasswordComparisonAuthenticator(context); + ((PasswordComparisonAuthenticator)authenticator).setPasswordEncoder(new LdapShaPasswordEncoder()); + } + authenticator.setUserSearch(userSearch); // identity strategy