authenticate method should not log errors (LDAP-170)

This commit is contained in:
Ulrik Sandberg
2010-10-17 10:38:59 +00:00
parent ce9042ebcf
commit fb6b20de57
4 changed files with 19 additions and 8 deletions

View File

@@ -34,6 +34,12 @@ Changes in version 1.3.1 (October 2010)
* Added authentication methods that provide a possible authentication
exception through an AuthenticationErrorCallback. (LDAP-192)
* Authentication methods now treat a search result of more than one user as
an error and throw IncorrectResultSizeDataAccessException. (LDAP-170)
* Authentication methods now log problems at level INFO rather than ERROR.
(LDAP-170)
* DefaultDirObjectFactory calls a Java5 version of the IllegalArgumentException
constructor. (LDAP 196).

View File

@@ -1482,6 +1482,7 @@ public interface LdapOperations {
* @param errorCallback the callback that will be called if an exception is caught.
* @return <code>true</code> if the authentication was successful,
* <code>false</code> otherwise.
* @throws IncorrectResultSizeDataAccessException if more than one users were found
* @see #authenticate(String, String, String, AuthenticatedLdapEntryContextCallback, AuthenticationErrorCallback)
* @since 1.3.1
*/

View File

@@ -1480,10 +1480,13 @@ public class LdapTemplate implements LdapOperations, InitializingBean {
final AuthenticatedLdapEntryContextCallback callback, final AuthenticationErrorCallback errorCallback) {
List result = search(base, filter, new LdapEntryIdentificationContextMapper());
if (result.size() != 1) {
log.error("Unable to find unique entry matching in authentication; base: '" + base + "'; filter: '"
+ filter + "'. Found " + result.size() + " matching entries");
if (result.size() == 0) {
String msg = "No results found for search, base: '" + base + "'; filter: '" + filter + "'.";
log.info(msg);
return false;
} else if (result.size() > 1) {
String msg = "base: '" + base + "'; filter: '" + filter + "'.";
throw new IncorrectResultSizeDataAccessException(msg, 1, result.size());
}
final LdapEntryIdentification entryIdentification = (LdapEntryIdentification) result.get(0);
@@ -1499,7 +1502,7 @@ public class LdapTemplate implements LdapOperations, InitializingBean {
return true;
}
catch (Exception e) {
log.error("Authentication failed for entry with DN '" + entryIdentification.getAbsoluteDn() + "'", e);
log.info("Authentication failed for entry with DN '" + entryIdentification.getAbsoluteDn() + "'", e);
errorCallback.execute(e);
return false;
}

View File

@@ -26,6 +26,7 @@ import javax.naming.directory.DirContext;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.ldap.core.AuthenticatedLdapEntryContextCallback;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.LdapEntryIdentification;
@@ -101,13 +102,13 @@ public class LdapTemplateAuthenticationITest extends AbstractLdapTemplateIntegra
assertFalse(tested.authenticate("", filter.toString(), "password"));
}
@Test
@Test(expected=IncorrectResultSizeDataAccessException.class)
public void testAuthenticateWithFilterThatMatchesSeveralEntries() {
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person")).and(new WhitespaceWildcardsFilter("uid", "some.person"));
assertFalse(tested.authenticate("", filter.toString(), "password"));
filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("cn", "Some Person"));
tested.authenticate("", filter.toString(), "password");
}
@Test
public void testLookupAttemptingCallback() {
AndFilter filter = new AndFilter();