|
|
@@ -16,6 +16,7 @@
|
|
|
package org.springframework.security.ldap.authentication.ad;
|
|
|
|
|
|
import org.springframework.dao.IncorrectResultSizeDataAccessException;
|
|
|
+import org.springframework.ldap.CommunicationException;
|
|
|
import org.springframework.ldap.core.DirContextOperations;
|
|
|
import org.springframework.ldap.core.DistinguishedName;
|
|
|
import org.springframework.ldap.core.support.DefaultDirObjectFactory;
|
|
|
@@ -24,6 +25,7 @@ import org.springframework.security.authentication.AccountExpiredException;
|
|
|
import org.springframework.security.authentication.BadCredentialsException;
|
|
|
import org.springframework.security.authentication.CredentialsExpiredException;
|
|
|
import org.springframework.security.authentication.DisabledException;
|
|
|
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
|
|
|
import org.springframework.security.authentication.LockedException;
|
|
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
|
|
import org.springframework.security.core.GrantedAuthority;
|
|
|
@@ -141,12 +143,15 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
|
|
|
UsernamePasswordAuthenticationToken auth) {
|
|
|
String username = auth.getName();
|
|
|
String password = (String) auth.getCredentials();
|
|
|
-
|
|
|
- DirContext ctx = bindAsUser(username, password);
|
|
|
+ DirContext ctx = null;
|
|
|
|
|
|
try {
|
|
|
+ ctx = bindAsUser(username, password);
|
|
|
return searchForUser(ctx, username);
|
|
|
}
|
|
|
+ catch (CommunicationException e) {
|
|
|
+ throw badLdapConnection(e);
|
|
|
+ }
|
|
|
catch (NamingException e) {
|
|
|
logger.error("Failed to locate directory entry for authenticated user: "
|
|
|
+ username, e);
|
|
|
@@ -208,8 +213,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
|
|
|
|| (e instanceof OperationNotSupportedException)) {
|
|
|
handleBindException(bindPrincipal, e);
|
|
|
throw badCredentials(e);
|
|
|
- }
|
|
|
- else {
|
|
|
+ } else {
|
|
|
throw LdapUtils.convertLdapException(e);
|
|
|
}
|
|
|
}
|
|
|
@@ -311,6 +315,12 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
|
|
|
return (BadCredentialsException) badCredentials().initCause(cause);
|
|
|
}
|
|
|
|
|
|
+ private InternalAuthenticationServiceException badLdapConnection(Throwable cause) {
|
|
|
+ return new InternalAuthenticationServiceException(messages.getMessage(
|
|
|
+ "LdapAuthenticationProvider.badLdapConnection",
|
|
|
+ "Connection to LDAP server failed."), cause);
|
|
|
+ }
|
|
|
+
|
|
|
private DirContextOperations searchForUser(DirContext context, String username)
|
|
|
throws NamingException {
|
|
|
SearchControls searchControls = new SearchControls();
|
|
|
@@ -325,6 +335,9 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
|
|
|
searchControls, searchRoot, searchFilter,
|
|
|
new Object[] { bindPrincipal, username });
|
|
|
}
|
|
|
+ catch (CommunicationException ldapCommunicationException) {
|
|
|
+ throw badLdapConnection(ldapCommunicationException);
|
|
|
+ }
|
|
|
catch (IncorrectResultSizeDataAccessException incorrectResults) {
|
|
|
// Search should never return multiple results if properly configured - just
|
|
|
// rethrow
|
Dávid Kovács