protected void validateAuthenticationInfo()

in core/src/main/java/org/apache/shiro/realm/ldap/JndiLdapContextFactory.java [508:531]

• 16 lines of code
• 11 McCabe index (conditional complexity)

    protected void validateAuthenticationInfo(Hashtable<String, Object> environment)
            throws AuthenticationException {
        // validate when using Simple auth both principal and credentials are set
        if (SIMPLE_AUTHENTICATION_MECHANISM_NAME.equals(environment.get(Context.SECURITY_AUTHENTICATION))) {

            // only validate credentials if we have a non-empty principal
            if (environment.get(Context.SECURITY_PRINCIPAL) != null
                    && StringUtils.hasText(String.valueOf(environment.get(Context.SECURITY_PRINCIPAL)))) {

                Object credentials = environment.get(Context.SECURITY_CREDENTIALS);

                // from the FAQ, we need to check for empty credentials:
                // http://docs.oracle.com/javase/tutorial/jndi/ldap/faq.html
                if (credentials == null
                        || (credentials instanceof byte[] && ((byte[]) credentials).length <= 0)
                        || (credentials instanceof char[] && ((char[]) credentials).length <= 0)
                        || (String.class.isInstance(credentials) && !StringUtils.hasText(String.valueOf(credentials)))) {

                    throw new javax.naming.AuthenticationException("LDAP Simple authentication requires both a "
                            + "principal and credentials.");
                }
            }
        }
    }