ALF-9920: Prevent multiple invalid password checks to the same LDAP account in multiple subsystems (use a static Set of checked environments)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@32685 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2011-12-09 17:21:15 +00:00
parent cbd56c1bc1
commit 0004664c12
1 changed files with 31 additions and 19 deletions
--- a/source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java
+++ b/source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java
@@ -20,8 +20,10 @@ package org.alfresco.repo.security.authentication.ldap;

 import java.io.IOException;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.Map;
+import java.util.Set;

 import javax.naming.AuthenticationNotSupportedException;
 import javax.naming.Context;
@@ -49,6 +51,9 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa
 {
    private static final Log logger = LogFactory.getLog(LDAPInitialDirContextFactoryImpl.class);

+    private static Set<Map<String, String>> checkedEnvs = Collections.synchronizedSet(new HashSet<Map<String, String>>(
+            11));
+
    private Map<String, String> defaultEnvironment = Collections.<String, String> emptyMap();
    private Map<String, String> authenticatedEnvironment = Collections.<String, String> emptyMap();

@@ -381,27 +386,34 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa
            env.putAll(authenticatedEnvironment);
            env.put(Context.SECURITY_PRINCIPAL, principal);
            env.put(Context.SECURITY_CREDENTIALS, "sdasdasdasdasd123123123");
-            try
+            if (!checkedEnvs.contains(env))
            {

-                new InitialDirContext(env);
-
-                throw new AuthenticationException(
-                        "The ldap server at "
-                                + env.get(Context.PROVIDER_URL)
-                                + " falls back to use anonymous bind for a known principal if  invalid security credentials are presented. This is not supported.");
-            }
-            catch (javax.naming.AuthenticationException ax)
-            {
-                logger.info("LDAP server does not fall back to anonymous bind for known principal and invalid credentials at " + env.get(Context.PROVIDER_URL));
-            }
-            catch (AuthenticationNotSupportedException e)
-            {
-                logger.info("LDAP server does not support the required authentication mechanism");
-            }
-            catch (NamingException nx)
-            {
-                // already done
+                try
+                {
+    
+                    new InitialDirContext(env);
+    
+                    throw new AuthenticationException(
+                            "The ldap server at "
+                                    + env.get(Context.PROVIDER_URL)
+                                    + " falls back to use anonymous bind for a known principal if  invalid security credentials are presented. This is not supported.");
+                }
+                catch (javax.naming.AuthenticationException ax)
+                {
+                    logger.info("LDAP server does not fall back to anonymous bind for known principal and invalid credentials at " + env.get(Context.PROVIDER_URL));
+                }
+                catch (AuthenticationNotSupportedException e)
+                {
+                    logger.info("LDAP server does not support the required authentication mechanism");
+                }
+                catch (NamingException nx)
+                {
+                    // already done
+                }
+                // Record this environment as checked so that we don't check it again on further restarts / other subsystem
+                // instances
+                checkedEnvs.add(env);
            }
        }
    }