Hi,
I tried to write my own AuthProvider,
So I made a class, that implements AuthProvider. I told OpenFire to use this class by settting its name in the OFPROPERTY table (ie, provider.auth.className = myClass).
My implementation is :
@Override
public void authenticate(String username, String password)
throws UnauthorizedException, ConnectionException,
InternalUnauthenticatedException { System.err.println("Authentication : "+username+" / "+password); if(username == null || password == null) {
throw new UnauthorizedException();
} username = username.trim().toLowerCase(); //If it's a full JID
if(username.contains("@")) {
int index = username.indexOf("@");
String domain = username.substring(index+1);
username = username.substring(0, index);
System.err.println("Username shortened : "+username);
}
else {
System.err.println("No full JID ");
} try {
System.err.println("Call to getPassword");
if(!password.equals(getPassword(username))) {
throw new UnauthorizedException();
}
}
catch (UserNotFoundException e) {
throw new UnauthorizedException();
} //Arrivé jusqu'ici alors le user est authorisé
System.err.println("Authorised");
}
And the method getPassword() used :
@Override
public String getPassword(String username) throws UserNotFoundException,
UnsupportedOperationException { System.err.println("Inside getPassword"); Connection con = null;
PreparedStatement pstmt = null;
ResultSet rs = null; if(username.contains("@")) {
int index = username.indexOf("@");
username = username.substring(0, index);
} try {
System.err.println("Opening connection");
con = DbConnectionManager.getConnection();
System.err.println("Get QUERY passwordSQL");
String passwordSQL = JiveGlobals.getProperty("jdbcAuthProvider.passwordSQL");
System.err.println("Prepare statement");
pstmt = con.prepareStatement(passwordSQL);
System.err.println("Set string");
pstmt.setString(1, username);
System.err.println("Execute Query");
rs = pstmt.executeQuery(); System.err.println("Query = "+pstmt); if(!rs.next()) { System.err.println("Empty Query Result");
throw new UserNotFoundException();
} String pwd = rs.getString(1);
System.err.println("pwd of: "+username+" = "+ pwd);
return pwd; } catch (SQLException e) {
System.err.println("SQL error");
throw new UserNotFoundException();
} finally {
System.err.println("Closing connection");
DbConnectionManager.closeConnection(rs, pstmt, con);
}
}
Everything seems to work fine, I can see every println() of my code, it gets the right SQL query, with the right result stored in my database.
But then when I try to log I always get the following error :
Exception in thread "main" org.jivesoftware.smack.sasl.SASLErrorException: SASLError using PLAIN: not-authorized
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:348)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.login(XMPPTCPConnection.java:244)
With the following stanza :
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
Is something wrong with my code ? Is the class SASLAuthentication buggy ?