From 2daea069f9727648c6e65702ca2930619022f8e3 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Wed, 8 Feb 2006 02:17:44 +0000
Subject: [PATCH] Refactoring of BindAuthenticator to allow an extended version
 which uses ppolicy controls. Added no-cause constructor in
 LdapDataAccessException for use in data parsing errors.

---
 .../ldap/LdapDataAccessException.java         |  7 ++++-
 .../ldap/authenticator/BindAuthenticator.java | 30 +++++++++++--------
 2 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/LdapDataAccessException.java b/core/src/main/java/org/acegisecurity/providers/ldap/LdapDataAccessException.java
index 611ad2fb05..a8f327629b 100644
--- a/core/src/main/java/org/acegisecurity/providers/ldap/LdapDataAccessException.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/LdapDataAccessException.java
@@ -18,13 +18,18 @@ package org.acegisecurity.providers.ldap;
 import org.acegisecurity.AuthenticationServiceException;
 
 /**
- * Used to wrap unexpected NamingExceptions while accessing the LDAP server.
+ * Used to wrap unexpected NamingExceptions while accessing the LDAP server
+ * or for other LDAP-related data problems such as data we can't handle.
  *
  * @author Luke Taylor
  * @version $Id$
  */
 public class LdapDataAccessException extends AuthenticationServiceException {
 
+    public LdapDataAccessException(String msg) {
+        super(msg);
+    }
+
     public LdapDataAccessException(String msg, Throwable ex) {
         super(msg, ex);
     }
diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java
index 3cacaf1015..ebd1628967 100644
--- a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java
@@ -33,7 +33,7 @@ import java.util.Iterator;
  * @author Luke Taylor
  * @version $Id$
  */
-public final class BindAuthenticator extends AbstractLdapAuthenticator {
+public class BindAuthenticator extends AbstractLdapAuthenticator {
 
     //~ Static fields/initializers =============================================
 
@@ -55,14 +55,14 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
         Iterator dns = getUserDns(username).iterator();
 
         while(dns.hasNext() && user == null) {
-            user = authenticateWithDn((String)dns.next(), password);
+            user = bindWithDn((String)dns.next(), password);
         }
 
         // Otherwise use the configured locator to find the user
         // and authenticate with the returned DN.
         if (user == null && getUserSearch() != null) {
             LdapUserInfo userFromSearch = getUserSearch().searchForUser(username);
-            user = authenticateWithDn(userFromSearch.getDn(), password);
+            user = bindWithDn(userFromSearch.getDn(), password);
         }
 
         if(user == null) {
@@ -75,10 +75,9 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
 
     }
 
-    private LdapUserInfo authenticateWithDn(String userDn, String password) {
+    LdapUserInfo bindWithDn(String userDn, String password) {
         DirContext ctx = null;
         LdapUserInfo user = null;
-        Attributes attributes = null;
 
         if (logger.isDebugEnabled()) {
             logger.debug("Attempting to bind with DN = " + userDn);
@@ -86,15 +85,9 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
 
         try {
             ctx = getInitialDirContextFactory().newInitialDirContext(userDn, password);
-            attributes = ctx.getAttributes(
-                    LdapUtils.getRelativeName(userDn, ctx),
-                    getUserAttributes());
+            Attributes attributes = loadAttributes(ctx, userDn);
             user = new LdapUserInfo(userDn, attributes);
 
-        } catch(NamingException ne) {
-            throw new LdapDataAccessException(messages.getMessage(
-                            "BindAuthenticator.failedToLoadAttributes", new String[] {userDn},
-                            "Failed to load attributes for user {0}"), ne);
         } catch(BadCredentialsException e) {
             // This will be thrown if an invalid user name is used and the method may
             // be called multiple times to try different names, so we trap the exception.
@@ -108,4 +101,17 @@ public final class BindAuthenticator extends AbstractLdapAuthenticator {
         return user;
     }
 
+    Attributes loadAttributes(DirContext ctx, String userDn) {
+        try {
+            return ctx.getAttributes(
+                    LdapUtils.getRelativeName(userDn, ctx),
+                    getUserAttributes());
+
+        } catch(NamingException ne) {
+            throw new LdapDataAccessException(messages.getMessage(
+                            "BindAuthenticator.failedToLoadAttributes", new String[] {userDn},
+                            "Failed to load attributes for user {0}"), ne);
+        }
+    }
+
 }