diff --git a/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticationProvider.java b/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticationProvider.java
deleted file mode 100755
index 358f49fd83..0000000000
--- a/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticationProvider.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- *
- */
-package org.acegisecurity.ui.ntlm.ldap.authenticator;
-
-import org.acegisecurity.*;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
-import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
-import org.acegisecurity.ui.ntlm.NtlmUsernamePasswordAuthenticationToken;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.dao.DataAccessException;
-import org.springframework.util.StringUtils;
-import org.springframework.ldap.core.DirContextOperations;
-
-/**
- * This provider implements specialized behaviour if the supplied {@link Authentication} object is
- * from NTLM. In other cases calls the parent implementation.
- *
- * @author sylvain.mougenot
- *
- */
-public class NtlmAwareLdapAuthenticationProvider extends LdapAuthenticationProvider {
- private static final Log logger = LogFactory.getLog(NtlmAwareLdapAuthenticationProvider.class);
-
- /**
- * NTLM aware authenticator
- */
- private NtlmAwareLdapAuthenticator authenticator;
-
- /**
- * @param authenticator
- * @param authoritiesPopulator
- */
- public NtlmAwareLdapAuthenticationProvider(NtlmAwareLdapAuthenticator authenticator,
- LdapAuthoritiesPopulator authoritiesPopulator) {
- super(authenticator, authoritiesPopulator);
- this.authenticator = authenticator;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see org.acegisecurity.providers.ldap.LdapAuthenticationProvider#retrieveUser(java.lang.String,
- * org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
- */
- protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
- throws AuthenticationException {
- final UserDetails myDetails;
-
- if (authentication instanceof NtlmUsernamePasswordAuthenticationToken) {
- if (logger.isDebugEnabled()) {
- logger.debug("Ntlm Token for Authentication"); //$NON-NLS-1$
- }
-
- // Only loads LDAP data
- myDetails = retrieveUser(username, (NtlmUsernamePasswordAuthenticationToken) authentication);
- } else {
- // calls parent implementation
- myDetails = super.retrieveUser(username, authentication);
- }
-
- return myDetails;
- }
-
- /**
- * Authentication has already been done. We need a particular behviour
- * because the parent check password consistency. But we do not have the
- * password (even if the user is authenticated).
- *
- * @see NtlmUsernamePasswordAuthenticationToken#DEFAULT_PASSWORD
- * @param username
- * @param authentication
- * @return
- * @throws AuthenticationException
- */
- protected UserDetails retrieveUser(String username, NtlmUsernamePasswordAuthenticationToken authentication)
- throws AuthenticationException {
- // identifiant obligatoire
- if (!StringUtils.hasLength(username)) {
- throw new BadCredentialsException(messages.getMessage(
- "LdapAuthenticationProvider.emptyUsername",
- "Empty Username"));
- }
-
- // NB: password is just the default value
-
- if (logger.isDebugEnabled()) {
- logger.debug("Retrieving user " + username);
- }
-
- try {
- // Complies with our lack of password (can't bind)
- DirContextOperations ldapUser = authenticator.authenticate(authentication);
-
- GrantedAuthority[] extraAuthorities = getAuthoritiesPopulator().getGrantedAuthorities(ldapUser, username);
-
- return getUserDetailsContextMapper().mapUserFromContext(ldapUser, username, extraAuthorities);
-
- } catch (DataAccessException ldapAccessFailure) {
- throw new AuthenticationServiceException(ldapAccessFailure
- .getMessage(), ldapAccessFailure);
- }
- }
-}
diff --git a/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticator.java b/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticator.java
deleted file mode 100755
index 15a76cb5c4..0000000000
--- a/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticator.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- *
- */
-package org.acegisecurity.ui.ntlm.ldap.authenticator;
-
-import org.acegisecurity.providers.ldap.LdapAuthenticator;
-import org.acegisecurity.ui.ntlm.NtlmUsernamePasswordAuthenticationToken;
-import org.springframework.ldap.core.DirContextOperations;
-
-/**
- * Authenticator compliant with NTLM part done previously (for authentication).
- *
- * @author sylvain.mougenot
- *
- */
-public interface NtlmAwareLdapAuthenticator extends LdapAuthenticator {
- /**
- * Authentication was done previously by NTLM.
- * Obtains additional user informations from the directory.
- *
- * @param aUserToken Ntlm issued authentication Token
- * @return the details of the successfully authenticated user.
- */
- DirContextOperations authenticate(NtlmUsernamePasswordAuthenticationToken aUserToken);
-}
diff --git a/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticatorImpl.java b/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticatorImpl.java
index 78fde50eef..1c9a1ce73a 100755
--- a/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticatorImpl.java
+++ b/ntlm/src/main/java/org/acegisecurity/ui/ntlm/ldap/authenticator/NtlmAwareLdapAuthenticatorImpl.java
@@ -1,5 +1,5 @@
/**
- *
+ *
*/
package org.acegisecurity.ui.ntlm.ldap.authenticator;
@@ -16,11 +16,11 @@ import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.DirContextOperations;
/**
- * Fullfill the User details after NTLM authentication was done. Or (if no NTLM
- * authentication done) act as the parent to authenticate the user
- *
+ * Loads the UserDetails if authentication was already performed by NTLM (indicated by the type of authentication
+ * token submitted). Otherwise falls back to the parent class behaviour, attempting to bind as the user.
+ *
* @author sylvain.mougenot
- *
+ *
*/
public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
/**
@@ -37,7 +37,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
/**
* Prepare the template without bind requirements.
- *
+ *
* @param aUserDn
* @param aUserName
* @see #loadDetail(SpringSecurityLdapTemplate, String, String)
@@ -50,7 +50,7 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
/**
* Load datas
- *
+ *
* @param aTemplate
* @param aUserDn
* @param aUserName
@@ -68,20 +68,20 @@ public class NtlmAwareLdapAuthenticatorImpl extends BindAuthenticator {
// exception
// unless a subclass wishes to implement more specialized behaviour.
if (logger.isDebugEnabled()) {
- logger.debug("Failed to bind as " + aUserDn + ": "
- + e.getMessage(), e);
+ logger.debug("Failed to bind as " + aUserDn + ": " + e.getMessage(), e);
}
}
return null;
}
- /*
- * (non-Javadoc)
- *
- * @see org.acegisecurity.ui.ntlm.NtlmAwareLdapAuthenticator#authenticate(org.acegisecurity.ui.ntlm.NtlmUsernamePasswordAuthenticationToken)
+ /**
+ * If the supplied Authentication object is of type NtlmUsernamePasswordAuthenticationToken,
+ * the information stored in the user's directory entry is loaded without attempting to authenticate them.
+ * Otherwise the parent class is called to perform a bind operation to authenticate the user.
*/
public DirContextOperations authenticate(Authentication authentication) {
if (!(authentication instanceof NtlmUsernamePasswordAuthenticationToken)) {
+ // Not NTLM authenticated, so call the base class to authenticate the user.
return super.authenticate(authentication);
}