From 2eeb1518d7c53757eab782e78af86dec8e4db6aa Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Wed, 11 Jul 2018 10:50:41 +0200 Subject: [PATCH] [Fix] Allow local users in LdapPrivilegeHandler --- .../handler/DefaultPrivilegeHandler.java | 24 +++++++++---------- .../handler/LdapPrivilegeHandler.java | 9 +++++-- 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java index e7ac760a2..e5d28fb27 100644 --- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java +++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java @@ -69,60 +69,60 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { /** * Map keeping a reference to all active sessions */ - private Map privilegeContextMap; + protected Map privilegeContextMap; /** * Map of {@link PrivilegePolicy} classes */ - private Map> policyMap; + protected Map> policyMap; /** * The persistence handler is used for getting objects and saving changes */ - private PersistenceHandler persistenceHandler; + protected PersistenceHandler persistenceHandler; /** * The encryption handler is used for generating hashes and tokens */ - private EncryptionHandler encryptionHandler; + protected EncryptionHandler encryptionHandler; /** * The Single Sign On Handler */ - private SingleSignOnHandler ssoHandler; + protected SingleSignOnHandler ssoHandler; /** * The {@link UserChallengeHandler} is used to challenge a user which tries to authenticate and/or change their * password */ - private UserChallengeHandler userChallengeHandler; + protected UserChallengeHandler userChallengeHandler; /** * flag to define if already initialized */ - private boolean initialized; + protected boolean initialized; /** * flag to define if a persist should be performed after a user changes their own data */ - private boolean autoPersistOnUserChangesData; + protected boolean autoPersistOnUserChangesData; /** * flag to define if sessions should be persisted */ - private boolean persistSessions; + protected boolean persistSessions; /** * Path to sessions file for persistence */ - private File persistSessionsPath; + protected File persistSessionsPath; /** * Secret key */ - private SecretKey secretKey; + protected SecretKey secretKey; - private PrivilegeConflictResolution privilegeConflictResolution; + protected PrivilegeConflictResolution privilegeConflictResolution; @Override public EncryptionHandler getEncryptionHandler() throws PrivilegeException { diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/LdapPrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/LdapPrivilegeHandler.java index 3cee1e7ef..5f079aaad 100644 --- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/LdapPrivilegeHandler.java +++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/LdapPrivilegeHandler.java @@ -61,6 +61,11 @@ public class LdapPrivilegeHandler extends DefaultPrivilegeHandler { @Override protected synchronized User checkCredentialsAndUserState(String username, char[] password) throws InvalidCredentialsException, AccessDeniedException { + + // first see if this is a local user + if (this.persistenceHandler.getUser(username) != null) + return super.checkCredentialsAndUserState(username, password); + // Set up the environment for creating the initial context Hashtable env = new Hashtable<>(); @@ -87,8 +92,8 @@ public class LdapPrivilegeHandler extends DefaultPrivilegeHandler { //Specify the search scope searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); - String searchFilter = "(&(objectCategory=person)(objectClass=user)(userPrincipalName=" + username + domain - + "))"; + String searchFilter = + "(&(objectCategory=person)(objectClass=user)(userPrincipalName=" + username + domain + "))"; // Search for objects using the filter NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);