private String findUserDN(final String userName, final LdapContextFactory ldapContextFactory) { LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); final NamingEnumeration<SearchResult> usersFound = systemLdapCtx.search(searchBase, dnSearchFilter.replace(USERDN_SUBSTITUTION_TOKEN, userName), SUBTREE_SCOPE); return usersFound.hasMore() ? usersFound.next().getNameInNamespace() : null; } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); throw new IllegalArgumentException(ex); } catch (final NamingException e) { log.info("LDAP exception='{}'", e.getLocalizedMessage()); throw new IllegalArgumentException(e); } finally { LdapUtils.closeContext(systemLdapCtx); } }
Collection<String> groupNames = LdapUtils.getAllAttributeValues(attr);
/** * Helper method used to retrieve all attribute values from a particular context attribute. * * @param attr the LDAP attribute. * @return the values of the attribute. * @throws javax.naming.NamingException if there is an LDAP error while reading the values. */ public static Collection<String> getAllAttributeValues(Attribute attr) throws NamingException { Set<String> values = new HashSet<String>(); NamingEnumeration ne = null; try { ne = attr.getAll(); while (ne.hasMore()) { String value = (String) ne.next(); values.add(value); } } finally { closeEnumeration(ne); } return values; }
private Set<String> findLDAPGroupsForUser(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return findLDAPGroupsForUser(username, systemLdapCtx); } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); return ImmutableSet.<String>of(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
Collection<String> groupNames = LdapUtils.getAllAttributeValues(attr);
/** * Helper method used to retrieve all attribute values from a particular context attribute. * * @param attr the LDAP attribute. * @return the values of the attribute. * @throws javax.naming.NamingException if there is an LDAP error while reading the values. */ public static Collection<String> getAllAttributeValues(Attribute attr) throws NamingException { Set<String> values = new HashSet<String>(); NamingEnumeration ne = null; try { ne = attr.getAll(); while (ne.hasMore()) { String value = (String) ne.next(); values.add(value); } } finally { closeEnumeration(ne); } return values; }
/** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active directory LDAP context for the * groups that a user is a member of. The groups are then translated to role names by using the * configured {@link #groupRolesMap}. * <p/> * This implementation expects the <tt>principal</tt> argument to be a String username. * <p/> * Subclasses can override this method to determine authorization data (roles, permissions, etc) in a more * complex way. Note that this default implementation does not support permissions, only roles. * * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); } finally { LdapUtils.closeContext(ldapContext); } return buildAuthorizationInfo(roleNames); }
Collection<String> groupNames = LdapUtils.getAllAttributeValues(attr);
/** * Helper method used to retrieve all attribute values from a particular context attribute. * * @param attr the LDAP attribute. * @return the values of the attribute. * @throws javax.naming.NamingException if there is an LDAP error while reading the values. */ public static Collection<String> getAllAttributeValues(Attribute attr) throws NamingException { Set<String> values = new HashSet<String>(); NamingEnumeration ne = null; try { ne = attr.getAll(); while (ne.hasMore()) { String value = (String) ne.next(); values.add(value); } } finally { closeEnumeration(ne); } return values; }
LdapUtils.closeContext(ctx);
LOG.debug("LDAP returned \"{}\" attribute for \"{}\"", attr.getID(), username); if (attr.getID().equals(ldapAttributeForComparison)) { final Collection<String> groupNamesExtractedFromLdap = LdapUtils.getAllAttributeValues(attr); final Map<String, Set<String>> groupsToRoles = this.GROUPS_TO_ROLES_MAPPING_STRATEGY.mapGroupsToRoles( groupNamesExtractedFromLdap, ROLE_NAMES_DELIMITER, groupRolesMap);
/** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for the * specified username. This method binds to the LDAP server using the provided username and password - * which if successful, indicates that the password is correct. * <p/> * This method can be overridden by subclasses to query the LDAP server in a more complex way. * * @param token the authentication token provided by the user. * @param ldapContextFactory the factory used to build connections to the LDAP server. * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP. * @throws NamingException if any LDAP errors occur during the search. */ protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // Binds using the username and password provided by the user. LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(upToken.getUsername(), String.valueOf(upToken.getPassword())); } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
if ( membershipAttributeNames.stream().anyMatch( attributeId::equalsIgnoreCase ) ) Collection<String> groupNames = LdapUtils.getAllAttributeValues( attribute ); Collection<String> rolesForGroups = getRoleNamesForGroups( groupNames ); roleNames.addAll( rolesForGroups );
LdapUtils.closeContext(ctx);
Collection<String> names = LdapUtils.getAllAttributeValues(attr); b.addGroups(names); break;
/** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active directory LDAP context for the * groups that a user is a member of. The groups are then translated to role names by using the * configured {@link #groupRolesMap}. * <p/> * This implementation expects the <tt>principal</tt> argument to be a String username. * <p/> * Subclasses can override this method to determine authorization data (roles, permissions, etc) in a more * complex way. Note that this default implementation does not support permissions, only roles. * * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); } finally { LdapUtils.closeContext(ldapContext); } return buildAuthorizationInfo(roleNames); }
/** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for the * specified username. This method binds to the LDAP server using the provided username and password - * which if successful, indicates that the password is correct. * <p/> * This method can be overridden by subclasses to query the LDAP server in a more complex way. * * @param token the authentication token provided by the user. * @param ldapContextFactory the factory used to build connections to the LDAP server. * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP. * @throws NamingException if any LDAP errors occur during the search. */ protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // Binds using the username and password provided by the user. LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(upToken.getUsername(), String.valueOf(upToken.getPassword())); } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
public LdapPrincipal getPrincipal(String username) throws NamingException { LdapContext ctx = null; try { ctx = ctxFactory.getSystemLdapContext(); return getPrincipal(ctx, username); } catch (Exception e) { log.warn("getPrincipal ['{}'] -> error while retrieving LDAP data: {}", username, e.getMessage(), e); throw e; } finally { LdapUtils.closeContext(ctx); } }
private Set<String> getRoles(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(username, systemLdapCtx); } catch (AuthenticationException ex) { // principal was not authenticated on LDAP return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private String findUserDN(final String userName, final LdapContextFactory ldapContextFactory) { LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); final NamingEnumeration<SearchResult> usersFound = systemLdapCtx.search(searchBase, dnSearchFilter.replace(USERDN_SUBSTITUTION_TOKEN, userName), SUBTREE_SCOPE); return usersFound.hasMore() ? usersFound.next().getNameInNamespace() : null; } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); throw new IllegalArgumentException(ex); } catch (final NamingException e) { log.info("LDAP exception='{}'", e.getLocalizedMessage()); throw new IllegalArgumentException(e); } finally { LdapUtils.closeContext(systemLdapCtx); } }