Java Code Examples for javax.security.sasl.AuthorizeCallback#setAuthorized()

The following examples show how to use javax.security.sasl.AuthorizeCallback#setAuthorized() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ServerCallbackHandler.java    From jstorm with Apache License 2.0 6 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authenticationID = ac.getAuthenticationID();
    LOG.info("Successfully authenticated client: authenticationID = " + authenticationID + " authorizationID = " + ac.getAuthorizationID());

    // if authorizationId is not set, set it to authenticationId.
    if (ac.getAuthorizationID() == null) {
        ac.setAuthorizedID(authenticationID);
    }

    // When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We
    // add the authNid as the real user in reqContext's subject which will be used during authorization.
    if (!authenticationID.equals(ac.getAuthorizationID())) {
        LOG.info("Impersonation attempt  authenticationID = " + ac.getAuthenticationID() + " authorizationID = " + ac.getAuthorizationID());
        ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
    }

    ac.setAuthorized(true);
}
 
Example 2
Source File: ServerCallbackHandler.java    From jstorm with Apache License 2.0 6 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authenticationID = ac.getAuthenticationID();
    LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + " authorizationID= " + ac.getAuthorizationID());

    // if authorizationId is not set, set it to authenticationId.
    if (ac.getAuthorizationID() == null) {
        ac.setAuthorizedID(authenticationID);
    }

    // When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We
    // add the authNid as the real user in reqContext's subject which will be used during authorization.
    if (!ac.getAuthenticationID().equals(ac.getAuthorizationID())) {
        ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
    }

    ac.setAuthorized(true);
}
 
Example 3
Source File: ServerCallbackHandler.java    From tutorials with MIT License 6 votes vote down vote up
@Override
public void handle(Callback[] cbs) throws IOException, UnsupportedCallbackException {
    for (Callback cb : cbs) {
        if (cb instanceof AuthorizeCallback) {
            AuthorizeCallback ac = (AuthorizeCallback) cb;
            ac.setAuthorized(true);
        } else if (cb instanceof NameCallback) {
            NameCallback nc = (NameCallback) cb;
            nc.setName("username");

        } else if (cb instanceof PasswordCallback) {
            PasswordCallback pc = (PasswordCallback) cb;
            pc.setPassword("password".toCharArray());
        } else if (cb instanceof RealmCallback) {
            RealmCallback rc = (RealmCallback) cb;
            rc.setText("myServer");
        }
    }
}
 
Example 4
Source File: PulsarSaslServer.java    From pulsar with Apache License 2.0 6 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authenticationID = ac.getAuthenticationID();
    String authorizationID = ac.getAuthorizationID();
    if (!authenticationID.equals(authorizationID)) {
        ac.setAuthorized(false);
        log.info("Forbidden access to client: authenticationID: {} is different from authorizationID: {}",
            authenticationID, authorizationID);
        return;
    }
    if (!allowedIdsPattern.matcher(authenticationID).matches()) {
        ac.setAuthorized(false);
        log.info("Forbidden access to client: authenticationID {}, is not allowed (see {} property).",
            authenticationID, SaslConstants.JAAS_CLIENT_ALLOWED_IDS);
        return;
    }

    ac.setAuthorized(true);
    log.info("Successfully authenticated client: authenticationID: {};  authorizationID: {}.",
        authenticationID, authorizationID);
}
 
Example 5
Source File: SaslNettyServer.java    From blazingcache with Apache License 2.0 6 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authenticationID = ac.getAuthenticationID();
    String authorizationID = ac.getAuthorizationID();

    LOG.severe("Successfully authenticated client: authenticationID=" + authenticationID
        + ";  authorizationID=" + authorizationID + ".");
    ac.setAuthorized(true);

    KerberosName kerberosName = new KerberosName(authenticationID);
    try {
        StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName());
        userNameBuilder.append("/").append(kerberosName.getHostName());
        userNameBuilder.append("@").append(kerberosName.getRealm());
        LOG.severe("Setting authorizedID: " + userNameBuilder);
        ac.setAuthorizedID(userNameBuilder.toString());
    } catch (IOException e) {
        LOG.severe("Failed to set name based on Kerberos authentication rules.");
    }
}
 
Example 6
Source File: SaslCallbackHandler.java    From glowroot with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof AuthorizeCallback) {
            AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
            String authenticationId = authorizeCallback.getAuthenticationID();
            String authorizationId = authorizeCallback.getAuthorizationID();
            authorizeCallback.setAuthorized(authenticationId.equals(authorizationId));
        } else if (callback instanceof NameCallback) {
            ((NameCallback) callback).setName("glowroot");
        } else if (callback instanceof PasswordCallback) {
            ((PasswordCallback) callback).setPassword(password);
        } else if (callback instanceof RealmCallback) {
            ((RealmCallback) callback).setText("glowroot");
        }
    }
}
 
Example 7
Source File: KerberosFactory.java    From Bats with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
  for (final Callback callback : callbacks) {
    if (callback instanceof AuthorizeCallback) {
      final AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
      if (!authorizeCallback.getAuthenticationID()
          .equals(authorizeCallback.getAuthorizationID())) {
        throw new SaslException("Drill expects authorization ID and authentication ID to match. " +
            "Use inbound impersonation feature so one entity can act on behalf of another.");
      } else {
        authorizeCallback.setAuthorized(true);
      }
    } else {
      throw new UnsupportedCallbackException(callback);
    }
  }
}
 
Example 8
Source File: ClientCertCallbackHandler.java    From wildfly-core with GNU Lesser General Public License v2.1 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback current : callbacks) {
        if (current instanceof AuthorizeCallback) {
            AuthorizeCallback acb = (AuthorizeCallback) current;
            boolean authorized = acb.getAuthenticationID().equals(acb.getAuthorizationID());
            if (authorized == false) {
                SECURITY_LOGGER.tracef(
                        "Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.",
                        acb.getAuthenticationID(), acb.getAuthorizationID());
            }
            acb.setAuthorized(authorized);
        } else {
            throw new UnsupportedCallbackException(current);
        }
    }
}
 
Example 9
Source File: LocalCallbackHandlerService.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
/**
 * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback current : callbacks) {
        if (current instanceof NameCallback) {
            NameCallback ncb = (NameCallback) current;
            String userName = ncb.getDefaultName();
            if ((allowAll || allowedUsersSet.contains(userName)) == false) {
                SECURITY_LOGGER.tracef("Username '%s' is not permitted for local authentication.", userName);
                throw DomainManagementLogger.ROOT_LOGGER.invalidLocalUser(userName);
            }
        } else if (current instanceof AuthorizeCallback) {
            AuthorizeCallback acb = (AuthorizeCallback) current;
            boolean authorized = acb.getAuthenticationID().equals(acb.getAuthorizationID());
            if (authorized == false) {
                SECURITY_LOGGER.tracef(
                        "Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.",
                        acb.getAuthenticationID(), acb.getAuthorizationID());
            }
            acb.setAuthorized(authorized);

            if (authorized && skipGroupLoading) {
                sharedState.put(SKIP_GROUP_LOADING_KEY, Boolean.TRUE);
            }
        } else {
            throw new UnsupportedCallbackException(current);
        }
    }
}
 
Example 10
Source File: ClientCallbackHandler.java    From jstorm with Apache License 2.0 5 votes vote down vote up
/**
 * This method is invoked by SASL for authentication challenges
 * 
 * @param callbacks a collection of challenge callbacks
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback c : callbacks) {
        if (c instanceof NameCallback) {
            LOG.debug("name callback");
        } else if (c instanceof PasswordCallback) {
            LOG.debug("password callback");
            LOG.warn("Could not login: the client is being asked for a password, but the "
                    + " client code does not currently support obtaining a password from the user."
                    + " Make sure that the client is configured to use a ticket cache (using"
                    + " the JAAS configuration setting 'useTicketCache=true)' and restart the client. If"
                    + " you still get this message after that, the TGT in the ticket cache has expired and must"
                    + " be manually refreshed. To do so, first determine if you are using a password or a"
                    + " keytab. If the former, run kinit in a Unix shell in the environment of the user who" + " is running this client using the command"
                    + " 'kinit <princ>' (where <princ> is the name of the client's Kerberos principal)." + " If the latter, do"
                    + " 'kinit -k -t <keytab> <princ>' (where <princ> is the name of the Kerberos principal, and"
                    + " <keytab> is the location of the keytab file). After manually refreshing your cache,"
                    + " restart this client. If you continue to see this message after manually refreshing"
                    + " your cache, ensure that your KDC host's clock is in sync with this host's clock.");
        } else if (c instanceof AuthorizeCallback) {
            LOG.debug("authorization callback");
            AuthorizeCallback ac = (AuthorizeCallback) c;
            String authid = ac.getAuthenticationID();
            String authzid = ac.getAuthorizationID();
            if (authid.equals(authzid)) {
                ac.setAuthorized(true);
            } else {
                ac.setAuthorized(false);
            }
            if (ac.isAuthorized()) {
                ac.setAuthorizedID(authzid);
            }
        } else {
            throw new UnsupportedCallbackException(c);
        }
    }
}
 
Example 11
Source File: Login.java    From Krackle with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
	 UnsupportedCallbackException {
	for (Callback callback : callbacks) {
		if (callback instanceof NameCallback) {
			NameCallback nc = (NameCallback) callback;
			nc.setName(nc.getDefaultName());
		} else {
			if (callback instanceof PasswordCallback) {
				LOG.warn("Could not login: the client is being asked for a password");
			} else {
				if (callback instanceof RealmCallback) {
					RealmCallback rc = (RealmCallback) callback;
					rc.setText(rc.getDefaultText());
				} else {
					if (callback instanceof AuthorizeCallback) {
						AuthorizeCallback ac = (AuthorizeCallback) callback;
						String authid = ac.getAuthenticationID();
						String authzid = ac.getAuthorizationID();
						if (authid.equals(authzid)) {
							ac.setAuthorized(true);
						} else {
							ac.setAuthorized(false);
						}
						if (ac.isAuthorized()) {
							ac.setAuthorizedID(authzid);
						}
					} else {
						throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
					}
				}
			}
		}
	}
}
 
Example 12
Source File: SaslPlainTextAuthenticator.java    From Krackle with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
	for (Callback callback : callbacks) {
		LOG.info("callback {} received", callback.toString());
		if (callback instanceof NameCallback) {
			NameCallback nc = (NameCallback) callback;
			nc.setName(nc.getDefaultName());
		} else {
			if (callback instanceof PasswordCallback) {
				// Call `setPassword` once we support obtaining a password from the user and update message below
				throw new UnsupportedCallbackException(callback, "Could not login: the client is being asked for a password, but the Kafka"
					 + " client code does not currently support obtaining a password from the user."
					 + " Make sure -Djava.security.auth.login.config property passed to JVM and"
					 + " the client is configured to use a ticket cache (using"
					 + " the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using"
					 + " FQDN of the Kafka broker you are trying to connect to.");
			} else {
				if (callback instanceof RealmCallback) {
					RealmCallback rc = (RealmCallback) callback;
					rc.setText(rc.getDefaultText());
				} else {
					if (callback instanceof AuthorizeCallback) {
						AuthorizeCallback ac = (AuthorizeCallback) callback;
						String authId = ac.getAuthenticationID();
						String authzId = ac.getAuthorizationID();
						ac.setAuthorized(authId.equals(authzId));
						if (ac.isAuthorized()) {
							ac.setAuthorizedID(authzId);
						}
					} else {
						throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
					}
				}
			}
		}
	}
}
 
Example 13
Source File: KerberosCallbackHandler.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
public CallbackHandler getCallbackHandler(final Map<String, Object> sharedState) {
    return new CallbackHandler() {

        @Override
        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            for (Callback current : callbacks) {
                if (current instanceof AuthorizeCallback) {
                    AuthorizeCallback acb = (AuthorizeCallback) current;
                    boolean authorized = acb.getAuthenticationID().equals(acb.getAuthorizationID());
                    if (authorized) {
                        String userName = acb.getAuthenticationID();
                        int atIndex = acb.getAuthenticationID().indexOf('@');
                        if (removeRealm && atIndex > 0) {
                            sharedState.put(LOADED_USERNAME_KEY, userName.substring(0, atIndex));
                        }
                    } else {
                        SECURITY_LOGGER.tracef(
                                "Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.",
                                acb.getAuthenticationID(), acb.getAuthorizationID());
                    }
                    acb.setAuthorized(authorized);
                } else {
                    throw new UnsupportedCallbackException(current);
                }
            }
        }
    };
}
 
Example 14
Source File: SaslNettyClient.java    From blazingcache with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
    UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 15
Source File: SaslNettyServer.java    From blazingcache with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
    UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 16
Source File: PulsarSaslClient.java    From pulsar with Apache License 2.0 5 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authid = ac.getAuthenticationID();
    String authzid = ac.getAuthorizationID();
    if (authid.equals(authzid)) {
        ac.setAuthorized(true);
    } else {
        ac.setAuthorized(false);
    }
    if (ac.isAuthorized()) {
        ac.setAuthorizedID(authzid);
    }
    log.info("Successfully authenticated. authenticationID: {};  authorizationID: {}.",
        authid, authzid);
}
 
Example 17
Source File: SaslNettyClient.java    From herddb with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
        UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 18
Source File: ClientCallbackHandler.java    From jstorm with Apache License 2.0 5 votes vote down vote up
/**
 * This method is invoked by SASL for authentication challenges
 * 
 * @param callbacks a collection of challenge callbacks
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback c : callbacks) {
        if (c instanceof NameCallback) {
            LOG.debug("name callback");
            NameCallback nc = (NameCallback) c;
            nc.setName(_username);
        } else if (c instanceof PasswordCallback) {
            LOG.debug("password callback");
            PasswordCallback pc = (PasswordCallback) c;
            if (_password != null) {
                pc.setPassword(_password.toCharArray());
            }
        } else if (c instanceof AuthorizeCallback) {
            LOG.debug("authorization callback");
            AuthorizeCallback ac = (AuthorizeCallback) c;
            String authid = ac.getAuthenticationID();
            String authzid = ac.getAuthorizationID();
            if (authid.equals(authzid)) {
                ac.setAuthorized(true);
            } else {
                ac.setAuthorized(false);
            }
            if (ac.isAuthorized()) {
                ac.setAuthorizedID(authzid);
            }
        } else if (c instanceof RealmCallback) {
            RealmCallback rc = (RealmCallback) c;
            ((RealmCallback) c).setText(rc.getDefaultText());
        } else {
            throw new UnsupportedCallbackException(c);
        }
    }
}
 
Example 19
Source File: SaslNettyServer.java    From herddb with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
        UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 20
Source File: UserLdapCallbackHandler.java    From wildfly-core with GNU Lesser General Public License v2.1 4 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    if (callbacks.length == 1 && callbacks[0] instanceof AuthorizeCallback) {
        AuthorizeCallback acb = (AuthorizeCallback) callbacks[0];
        String authenticationId = acb.getAuthenticationID();
        String authorizationId = acb.getAuthorizationID();
        boolean authorized = authenticationId.equals(authorizationId);
        if (authorized == false) {
            SECURITY_LOGGER.tracef(
                    "Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.",
                    authenticationId, authorizationId);
        }
        acb.setAuthorized(authorized);

        return;
    }


    EvidenceVerifyCallback evidenceVerifyCallback = null;
    String username = null;

    for (Callback current : callbacks) {
        if (current instanceof NameCallback) {
            username = ((NameCallback) current).getDefaultName();
        } else if (current instanceof RealmCallback) {
            // TODO - Nothing at the moment
        } else if (current instanceof EvidenceVerifyCallback) {
            evidenceVerifyCallback = (EvidenceVerifyCallback) current;
        } else {
            throw new UnsupportedCallbackException(current);
        }
    }

    if (username == null || username.length() == 0) {
        SECURITY_LOGGER.trace("No username or 0 length username supplied.");
        throw DomainManagementLogger.ROOT_LOGGER.noUsername();
    }
    if (evidenceVerifyCallback == null || evidenceVerifyCallback.getEvidence() == null) {
        SECURITY_LOGGER.trace("No password to verify.");
        throw DomainManagementLogger.ROOT_LOGGER.noPassword();
    }

    final String password;

    if (evidenceVerifyCallback.getEvidence() instanceof PasswordGuessEvidence) {
         char[] guess = ((PasswordGuessEvidence) evidenceVerifyCallback.getEvidence()).getGuess();
         password = guess != null ? new String(guess) : null;
    } else {
        password = null;
    }

    if (password == null || (allowEmptyPassword == false && password.length() == 0)) {
        SECURITY_LOGGER.trace("No password or 0 length password supplied.");
        throw DomainManagementLogger.ROOT_LOGGER.noPassword();
    }


    LdapConnectionHandler lch = createLdapConnectionHandler();
    try {
        // 2 - Search to identify the DN of the user connecting
        SearchResult<LdapEntry> searchResult = userSearcherSupplier.get().search(lch, username);

        evidenceVerifyCallback.setVerified(verifyPassword(lch, searchResult, username, password, sharedState));
    } catch (Exception e) {
        SECURITY_LOGGER.trace("Unable to verify identity.", e);
        throw DomainManagementLogger.ROOT_LOGGER.cannotPerformVerification(e);
    } finally {
        if (shareConnection && lch != null && evidenceVerifyCallback != null && evidenceVerifyCallback.isVerified()) {
            sharedState.put(LdapConnectionHandler.class.getName(), lch);
        } else {
            lch.close();
        }
    }
}