Class CrowdTlsDirContextAuthenticationStrategy
java.lang.Object
org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy
com.atlassian.crowd.directory.ssl.CrowdTlsDirContextAuthenticationStrategy
- All Implemented Interfaces:
org.springframework.ldap.core.support.DirContextAuthenticationStrategy
public class CrowdTlsDirContextAuthenticationStrategy
extends org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy
This authentication strategy is replacement for
DefaultTlsDirContextAuthenticationStrategy,
and is a workaround for bug affecting JDK9-JDK13. Bug is fixed in JDK14.
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8217606
https://github.com/spring-projects/spring-ldap/issues/502
DefaultTlsDirContextAuthenticationStrategy initiates ssl connection and then performs an authentication.
At the end of the authentication process LdapContext.reconnect(Control[]) is called.
This call in JDK9-JDK13 creates new non-ssl connection, and replaces previously created ssl connection.
This is a security vulnerability.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidapplyAuthentication(LdapContext ctx, String userDn, String password) Methods inherited from class org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy
processContextAfterCreation, setHostnameVerifier, setShutdownTlsGracefully, setSslSocketFactory, setupEnvironment
-
Constructor Details
-
CrowdTlsDirContextAuthenticationStrategy
public CrowdTlsDirContextAuthenticationStrategy()
-
-
Method Details
-
applyAuthentication
public void applyAuthentication(LdapContext ctx, String userDn, String password) throws NamingException - Specified by:
applyAuthenticationin classorg.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy- Throws:
NamingException
-