Example usage for javax.naming.ldap LdapContext removeFromEnvironment

List of usage examples for javax.naming.ldap LdapContext removeFromEnvironment

  1. HOME
  2. Java
  3. javax
  4. javax.naming.ldap.*
  5. LdapContext
  6. removeFromEnvironment

Introduction

In this page you can find the example usage for javax.naming.ldap LdapContext removeFromEnvironment.

Prototype

public Object removeFromEnvironment(String propName) throws NamingException;

Source Link

Document

Removes an environment property from the environment of this context.

Usage

From source file:org.fao.geonet.kernel.security.ldap.LdapUserDetailsManager.java

/**
 * Changes the password for the current user. The username is obtained from the security
 * context. <p> If the old password is supplied, the update will be made by rebinding as the
 * user, thus modifying the password using the user's permissions. If <code>oldPassword</code>
 * is null, the update will be attempted using a standard read/write context supplied by the
 * context source. </p>/*  w w  w. j a  va  2 s .c  o m*/
 *
 * @param oldPassword the old password
 * @param newPassword the new value of the password.
 */
public void changePassword(final String oldPassword, final String newPassword) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    Assert.notNull(authentication,
            "No authentication object found in security context. Can't change current user's password!");

    String username = authentication.getName();

    logger.debug("Changing password for user '" + username);

    final DistinguishedName dn = usernameMapper.buildDn(username);
    final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(
            DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) };

    if (oldPassword == null) {
        template.modifyAttributes(dn, passwordChange);
        return;
    }

    template.executeReadWrite(new ContextExecutor() {

        public Object executeWithContext(DirContext dirCtx) throws NamingException {
            LdapContext ctx = (LdapContext) dirCtx;
            ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(dn, ctx).toString());
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword);
            // TODO: reconnect doesn't appear to actually change the
            // credentials
            try {
                ctx.reconnect(null);
            } catch (javax.naming.AuthenticationException e) {
                throw new BadCredentialsException("Authentication for password change failed.");
            }

            ctx.modifyAttributes(dn, passwordChange);

            return null;
        }
    });
}

From source file:org.ligoj.app.plugin.id.ldap.dao.UserLdapRepository.java

@Override
public void setPassword(final UserOrg userLdap, final String password, final String newPassword) {
    log.info("Changing password for {} ...", userLdap.getId());
    final ModificationItem[] passwordChange = { new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
            new BasicAttribute(PASSWORD_ATTRIBUTE, digest(newPassword))) };

    // Unlock account when the user is locked by ppolicy
    set(userLdap, PWD_ACCOUNT_LOCKED_ATTRIBUTE, null);

    // Authenticate the user is needed before changing the password.
    template.executeReadWrite(new ContextExecutor<>() {
        @Override//from  w  ww .ja  va2  s .co m
        public Object executeWithContext(final DirContext dirCtx) throws NamingException {
            LdapContext ctx = (LdapContext) dirCtx;
            ctx.removeFromEnvironment(LDAP_CONNECT_POOL);
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userLdap.getDn());
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,
                    password == null ? getTmpPassword(userLdap) : password);

            try {
                ctx.reconnect(null);
                ctx.modifyAttributes(userLdap.getDn(), passwordChange);
            } catch (final AuthenticationException e) {
                log.info("Authentication failed for {}: {}", userLdap.getId(), e.getMessage());
                throw new ValidationJsonException("password", "login");
            } catch (final InvalidAttributeValueException e) {
                log.info("Password change failed due to: {}", e.getMessage());
                throw new ValidationJsonException("password", "password-policy");
            }
            return null;
        }
    });
}

From source file:org.springframework.security.ldap.userdetails.LdapUserDetailsManager.java

private void changePasswordUsingAttributeModification(DistinguishedName userDn, String oldPassword,
        String newPassword) {/* ww w.  java 2  s .c o  m*/

    final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(
            DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) };

    if (oldPassword == null) {
        template.modifyAttributes(userDn, passwordChange);
        return;
    }

    template.executeReadWrite(dirCtx -> {
        LdapContext ctx = (LdapContext) dirCtx;
        ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
        ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(userDn, ctx).toString());
        ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword);
        // TODO: reconnect doesn't appear to actually change the credentials
        try {
            ctx.reconnect(null);
        } catch (javax.naming.AuthenticationException e) {
            throw new BadCredentialsException("Authentication for password change failed.");
        }

        ctx.modifyAttributes(userDn, passwordChange);

        return null;
    });

}