Examples of com.esri.gpt.framework.security.credentials.UsernamePasswordCredentials

• com.esri.gpt.framework.security.credentials.UsernamePasswordCredentials
  Stores username/password credentials.

  LdapClient client = null;
  try {

    // initialize parameters
    String sUsername = user.getProfile().getUsername();
    UsernamePasswordCredentials origCred = criteria.getOriginalCredentials();
    UsernamePasswordCredentials newCred = criteria.getNewCredentials();
    origCred.setUsername(sUsername);
    newCred.setUsername(sUsername);

    // ensure that the old password was supplied correctly for the user
    UsernamePasswordCredentials testCred = new UsernamePasswordCredentials();
    testCred.setUsername(origCred.getUsername());
    testCred.setPassword(origCred.getPassword());
    User testUser = new User();
    testUser.setCredentials(testCred);
    authenticate(testUser);

    // ensure that the new credentials are valid

  LdapClient client = null;
  try {

    // ensure that the new credentials are valid
    CredentialPolicy policy = new CredentialPolicy();
    UsernamePasswordCredentials cred;
    cred = user.getCredentials().getUsernamePasswordCredentials();
    policy.validateUsernamePolicy(cred);
    policy.validatePasswordPolicy(cred);
    policy.validateEmailPolicy(user.getProfile().getEmailAddress());

/** Default constructor. */
public LdapConnectionProperties() {
  setInitialContextFactoryName(ICTX_FACTORY_NAME);
  setSecurityAuthenticationLevel("simple");
  setServiceAccountCredentials(new UsernamePasswordCredentials());
}

 * @param credentials the credentials
 */
public void setServiceAccountCredentials(Credentials credentials) {
  _serviceAccountCredentials = credentials;
  if (_serviceAccountCredentials == null) {
    _serviceAccountCredentials = new UsernamePasswordCredentials();
  }
}

  sb.append(" securityProtocol=\"").append(
      getSecurityProtocol()).append("\"\n");

  Credentials cred = getServiceAccountCredentials();
  if ((cred != null) && (cred instanceof UsernamePasswordCredentials)) {
    UsernamePasswordCredentials upCred = (UsernamePasswordCredentials)cred;
    int nPwdLen = 0;
    if (upCred.getPassword() != null) {
      nPwdLen = upCred.getPassword().length();
    }
    sb.append(" serviceAccount(");
    sb.append("securityPrincipal=\"").append(upCred.getUsername()).append("\"");
    sb.append(" securityCredentials=\"");
    for (int i=0;i<nPwdLen;i++) sb.append("*");
    sb.append("\")\n");
  }

    String sTargetedGroupDN = "";
    LdapUserProperties userProps = getConfiguration().getUserProperties();

    // determine the authentication method
    Credentials credentials = user.getCredentials();
    UsernamePasswordCredentials upCredentials = null;
    boolean bUseDirectConnect = false;
    boolean bUseLoginPattern  = false;
    if (credentials != null) {
      if (credentials instanceof UsernamePasswordCredentials) {
        upCredentials = (UsernamePasswordCredentials)credentials;
        upCredentials.setTargetedGroupDN("");
        sUsername = upCredentials.getUsername();
        String sPattern  = userProps.getUsernameSearchPattern();
        if (sUsername.length() > 0) {
          if (userProps.hasSpecialDNCharacter(sUsername)) {
            bUseDirectConnect = true;
          } else {
            bUseLoginPattern = (sPattern.length() > 0);
          }
        }

      } else if (credentials instanceof DistinguishedNameCredential) {
        DistinguishedNameCredential dnCredential;
        dnCredential = (DistinguishedNameCredential)credentials;
        sAuthenticatedDN = dnCredential.getDistinguishedName();

      } else if (credentials instanceof UsernameCredential) {
        UsernameCredential unCredential = (UsernameCredential)credentials;
        String sBaseDN = userProps.getUserSearchDIT();
        String sFilter = userProps.returnUserLoginSearchFilter(unCredential.getUsername());
        StringSet ssDNs = getQueryFunctions().searchDNs(
                          getConnectedContext(),sBaseDN,sFilter);
        if (ssDNs.size() > 1) {
          throw new IdentityException("Multiple LDAP usernames matched for:"+ unCredential.getUsername());
        } else if (ssDNs.size() == 1) {
          sAuthenticatedDN = ssDNs.iterator().next();
        }
      }
    }

    // Attempt to connect with the supplied credentials.
    // An AuthenticationException will be thrown if the credentials are invalid
    if (bUseDirectConnect) {
      connectionClient = new LdapClient(getConfiguration(),upCredentials);
      sAuthenticatedDN = connectionClient.connect();
      bUseLoginPattern = false;
      connectionClient.close();
      connectionClient = null;
    }

    // Attempt to authenticate by first executing a search for all users
    // matching the input username, then checking the supplied password against
    // each matching DN.
    // An AuthenticationException will be thrown if the credentials are invalid.
    if (bUseLoginPattern) {
      sAuthenticatedDN = searchForUser(upCredentials);
      sTargetedGroupDN = upCredentials.getTargetedGroupDN();
    }

    // ensure an authenticated DN
    if (sAuthenticatedDN.length() == 0) {
      throw new AuthenticationException("Invalid credentials.");

  // check the credentials
  Credentials credentials = getCredentials();
  if (credentials != null) {
    if (credentials instanceof UsernamePasswordCredentials) {
      UsernamePasswordCredentials upCredentials = (UsernamePasswordCredentials)credentials;
      checkDistinguishedName(upCredentials);
      sPrincipal = upCredentials.getDistinguishedName();
      sPassword = upCredentials.getPassword();
    }
  }

  // make the environment map
  Hashtable<String,String> env = new Hashtable<String,String>(11);

  // authenticate
  Credentials credentials = user.getCredentials();
  if (credentials != null) {
    if (credentials instanceof UsernamePasswordCredentials) {
      UsernamePasswordCredentials upCreds = (UsernamePasswordCredentials)credentials;
      bAuthenticated = (getUsername().length() > 0) &&
                       (getPassword().length() > 0) &&
                       upCreds.getUsername().equalsIgnoreCase(getUsername()) &&
                       upCreds.getPassword().equals(getPassword());
    } else if (credentials instanceof DistinguishedNameCredential) {
      DistinguishedNameCredential dnCred = (DistinguishedNameCredential)credentials;
      bAuthenticated = (getDN().length() > 0) &&
                       dnCred.getDistinguishedName().equalsIgnoreCase(getDN());
    } else if (credentials instanceof UsernameCredential) {

protected User recoverUserPassword(DirContext dirContext,
                                   String username,
                                   String emailAddress)
  throws NamingException {
  User userFound = null;
  UsernamePasswordCredentials credentials = null;
  username = Val.chkStr(username);
  emailAddress = Val.chkStr(emailAddress);
  if ((username.length() > 0) && (emailAddress.length() > 0)) {
    LdapQueryFunctions queryFunctions = new LdapQueryFunctions(getConfiguration());
    LdapUserProperties userProps = getConfiguration().getUserProperties();
    boolean bMultipleFound = false;
    String sBaseDN = userProps.getUserSearchDIT();
    String sFilter = userProps.returnUserLoginSearchFilter(username);
    StringSet ssDNs = queryFunctions.searchDNs(dirContext,sBaseDN,sFilter);

    // loop through each DN found, check for an email address match
    for (String sDN: ssDNs) {
      User userTmp = new User();
      userTmp.setDistinguishedName(sDN);
      queryFunctions.readUserProfile(dirContext,userTmp);
      if (userTmp.getProfile().getEmailAddress().equals(emailAddress)) {
        if (userFound == null) {
          credentials = new UsernamePasswordCredentials();
          credentials.setUsername(username);
          credentials.generatePassword();
          userFound = userTmp;
          userFound.setCredentials(credentials);
        } else {
          bMultipleFound = true;
          userFound = null;

  // initialize
  user.setDistinguishedName("");
  LdapUserProperties userProps = getConfiguration().getUserProperties();
  LdapGroupProperties groupProps = getConfiguration().getGroupProperties();
  UsernamePasswordCredentials upCreds;
  upCreds = user.getCredentials().getUsernamePasswordCredentials();
  if (upCreds != null) {
    user.setDistinguishedName(userProps.returnNewUserDN(upCreds.getUsername()));
  }

  if (upCreds == null) {
    throw new CredentialPolicyException("The credentials were not supplied.");
  } else if (user.getDistinguishedName().length() == 0) {
    throw new CredentialPolicyException("The supplied username is invalid.");
  } else if ((upCreds.getPassword() == null) || (upCreds.getPassword().length() == 0)) {
    throw new CredentialPolicyException("The supplied password is invalid.");
  }

  // prepare attributes and add the new user to LDAP
  Attributes attributes = prepareRegistrationAttributes(upCreds,user.getProfile());