Skip to content

Commit

Permalink
AMQ-8035 - ensure propagated credentials are visible for bind and rem…
Browse files Browse the repository at this point in the history
…oved for subsequent mapping operations
  • Loading branch information
gtully committed Sep 7, 2020
1 parent 4450c17 commit 73e2916
Show file tree
Hide file tree
Showing 3 changed files with 66 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -440,6 +440,7 @@ protected boolean bindUser(DirContext context, String dn, String password) throw
if (log.isDebugEnabled()) {
log.debug("Binding the user.");
}
context.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
context.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
try {
Expand All @@ -465,7 +466,7 @@ protected boolean bindUser(DirContext context, String dn, String password) throw
} else {
context.removeFromEnvironment(Context.SECURITY_CREDENTIALS);
}

context.addToEnvironment(Context.SECURITY_AUTHENTICATION, getLDAPPropertyValue(AUTHENTICATION));
return isValid;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@

import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.integ.ServerIntegrationUtils;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
Expand All @@ -34,11 +33,11 @@
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.security.auth.callback.*;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import java.io.IOException;
import java.net.URL;
import java.util.HashSet;
import java.util.Hashtable;

Expand All @@ -47,7 +46,7 @@
import static org.junit.Assert.fail;

@RunWith ( FrameworkRunner.class )
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port=1024)})
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port=1024)}, allowAnonymousAccess = true)
@ApplyLdifFiles(
"test.ldif"
)
Expand Down Expand Up @@ -172,4 +171,47 @@ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallback
}


@Test
public void testAuthenticatedViaBindOnAnonConnection() throws Exception {
LoginContext context = new LoginContext("AnonBindCheckUserLDAPLogin", new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName("first");
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword("wrongSecret".toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
try {
context.login();
fail("Should have failed authenticating");
} catch (FailedLoginException expected) {
}
}

@Test
public void testAuthenticatedOkViaBindOnAnonConnection() throws Exception {
LoginContext context = new LoginContext("AnonBindCheckUserLDAPLogin", new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName("first");
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
context.login();
context.logout();
}

}
19 changes: 19 additions & 0 deletions activemq-jaas/src/test/resources/login.config
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,25 @@ UnAuthenticatedLDAPLogin {
;
};

AnonBindCheckUserLDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://localhost:1024"
connectionUsername=none
connectionPassword=none
connectionProtocol=s
authentication=none
userBase="ou=system"
userSearchMatching="(uid={0})"
userSearchSubtree=false
roleBase="ou=system"
roleName=cn
roleSearchMatching="(member=uid={1},ou=system)"
roleSearchSubtree=false
;
};

ExpandedLDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
Expand Down

0 comments on commit 73e2916

Please sign in to comment.