From 0004664c124313f94c96f883ff9589415d9e7b98 Mon Sep 17 00:00:00 2001 From: Dave Ward Date: Fri, 9 Dec 2011 17:21:15 +0000 Subject: [PATCH] ALF-9920: Prevent multiple invalid password checks to the same LDAP account in multiple subsystems (use a static Set of checked environments) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@32685 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../LDAPInitialDirContextFactoryImpl.java | 50 ++++++++++++------- 1 file changed, 31 insertions(+), 19 deletions(-) diff --git a/source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java b/source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java index 577845621c..4ff779df38 100644 --- a/source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java @@ -20,8 +20,10 @@ package org.alfresco.repo.security.authentication.ldap; import java.io.IOException; import java.util.Collections; +import java.util.HashSet; import java.util.Hashtable; import java.util.Map; +import java.util.Set; import javax.naming.AuthenticationNotSupportedException; import javax.naming.Context; @@ -49,6 +51,9 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa { private static final Log logger = LogFactory.getLog(LDAPInitialDirContextFactoryImpl.class); + private static Set> checkedEnvs = Collections.synchronizedSet(new HashSet>( + 11)); + private Map defaultEnvironment = Collections. emptyMap(); private Map authenticatedEnvironment = Collections. emptyMap(); @@ -381,27 +386,34 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa env.putAll(authenticatedEnvironment); env.put(Context.SECURITY_PRINCIPAL, principal); env.put(Context.SECURITY_CREDENTIALS, "sdasdasdasdasd123123123"); - try + if (!checkedEnvs.contains(env)) { - new InitialDirContext(env); - - throw new AuthenticationException( - "The ldap server at " - + env.get(Context.PROVIDER_URL) - + " falls back to use anonymous bind for a known principal if invalid security credentials are presented. This is not supported."); - } - catch (javax.naming.AuthenticationException ax) - { - logger.info("LDAP server does not fall back to anonymous bind for known principal and invalid credentials at " + env.get(Context.PROVIDER_URL)); - } - catch (AuthenticationNotSupportedException e) - { - logger.info("LDAP server does not support the required authentication mechanism"); - } - catch (NamingException nx) - { - // already done + try + { + + new InitialDirContext(env); + + throw new AuthenticationException( + "The ldap server at " + + env.get(Context.PROVIDER_URL) + + " falls back to use anonymous bind for a known principal if invalid security credentials are presented. This is not supported."); + } + catch (javax.naming.AuthenticationException ax) + { + logger.info("LDAP server does not fall back to anonymous bind for known principal and invalid credentials at " + env.get(Context.PROVIDER_URL)); + } + catch (AuthenticationNotSupportedException e) + { + logger.info("LDAP server does not support the required authentication mechanism"); + } + catch (NamingException nx) + { + // already done + } + // Record this environment as checked so that we don't check it again on further restarts / other subsystem + // instances + checkedEnvs.add(env); } } }