/** * Authenticate the user in the supplied request. * * @param request authentication request * * @return response containing the ldap entry of the user authenticated * * @throws LdapException if an LDAP error occurs */ public AuthenticationResponse authenticate(final AuthenticationRequest request) throws LdapException { return authenticate(resolveDn(request.getUser()), request); }
final Authenticator aggregateAuth = new Authenticator(); final Map<String, DnResolver> dnResolvers = new HashMap<>(); final Map<String, AuthenticationHandler> authHandlers = new HashMap<>(); for (Authenticator auth : authenticators) { final String id = String.format("%s-%s", auth.hashCode(), String.valueOf(count++)); dnResolvers.put(id, auth.getDnResolver()); authHandlers.put(id, auth.getAuthenticationHandler()); if (auth.getEntryResolver() != null) { entryResolvers.put(id, auth.getEntryResolver()); if (auth.getAuthenticationResponseHandlers() != null) { responseHandlers.put(id, auth.getAuthenticationResponseHandlers()); dnResolver.setAllowMultipleDns(allowMultipleDns); dnResolver.setDnResolvers(dnResolvers); aggregateAuth.setDnResolver(dnResolver); aggregateAuth.setAuthenticationHandler(authHandler); aggregateAuth.setEntryResolver(entryResolver); new AggregateDnResolver.AuthenticationResponseHandler(); responseHandler.setAuthenticationResponseHandlers(responseHandlers); aggregateAuth.setAuthenticationResponseHandlers(responseHandler); aggregateAuth.setReturnAttributes(returnAttributes); aggregateAuth.setResolveEntryOnFailure(resolveEntryOnFailure); return aggregateAuth;
/** * Creates a new authenticator. * * @param resolver dn resolver * @param handler authentication handler */ public Authenticator(final DnResolver resolver, final AuthenticationHandler handler) { setDnResolver(resolver); setAuthenticationHandler(handler); }
@Override public String toString() { return String.format( "[%s@%d::dnResolver=%s, authenticationHandler=%s, " + "entryResolver=%s, authenticationResponseHandlers=%s]", getClass().getName(), hashCode(), getDnResolver(), getAuthenticationHandler(), getEntryResolver(), Arrays.toString(getAuthenticationResponseHandlers())); } }
final AuthenticationResponse response = auth.authenticate(request); final LdapEntry entry = response.getLdapEntry(); if (response.getResult()) {
DnResolver dnResolver = object.getDnResolver(); if (dnResolver == null) { dnResolver = new SearchDnResolver(); properties); dnPropSource.initialize(); object.setDnResolver(dnResolver); } else { final SimplePropertySource<DnResolver> sPropSource = new SimplePropertySource<>( AuthenticationHandler authHandler = object.getAuthenticationHandler(); if (authHandler == null) { authHandler = new BindAuthenticationHandler(); properties); ahPropSource.initialize(); object.setAuthenticationHandler(authHandler); } else { final SimplePropertySource<AuthenticationHandler> sPropSource = new SimplePropertySource<>(
final AuthenticationResponse invalidInput = validateInput(dn, request); if (invalidInput != null) { return invalidInput; final AuthenticationRequest processedRequest = processRequest(dn, request); AuthenticationHandlerResponse response = null; try { response = getAuthenticationHandler().authenticate(ac); entry = resolveEntry(ac, response); } finally { if (response != null && response.getConnection() != null) { if (getAuthenticationResponseHandlers() != null && getAuthenticationResponseHandlers().length > 0) { for (AuthenticationResponseHandler ah : getAuthenticationResponseHandlers()) { ah.handle(authResponse);
/** * Initializes an authenticator using an authenticator property source. * * @param options to initialize authenticator * * @return authenticator */ protected Authenticator createAuthenticatorInternal(final Map<String, ?> options) { final Authenticator a = new Authenticator(); final AuthenticatorPropertySource source = new AuthenticatorPropertySource(a, createProperties(options)); source.initialize(); return a; }
((SearchDnResolver) authenticator.getDnResolver()).setUserFilterParameters(Collections.singleton(username).toArray()); AuthenticationResponse response = authenticator.authenticate( new AuthenticationRequest(username, new Credential(password), ReturnAttributes.ALL_USER.value())); if (response.getResult()) { // authentication succeeded
handler.setConnectionFactory(pooledConnectionFactory); authenticator = new Authenticator(); authenticator.setDnResolver(dnResolver); authenticator.setAuthenticationHandler(handler);
private AuthenticationResponse getLdapAuthenticationResponse(final UsernamePasswordCredential upc) throws PreventedException { try { LOGGER.debug("Attempting LDAP authentication for [{}]. Authenticator pre-configured attributes are [{}], " + "additional requested attributes for this authentication request are [{}]", upc, authenticator.getReturnAttributes(), authenticatedEntryAttributes); val request = new AuthenticationRequest(upc.getUsername(), new org.ldaptive.Credential(upc.getPassword()), authenticatedEntryAttributes); return authenticator.authenticate(request); } catch (final LdapException e) { LOGGER.trace(e.getMessage(), e); throw new PreventedException("Unexpected LDAP error", e); } }
private static Authenticator getActiveDirectoryAuthenticator(final LdapAuthenticationProperties l) { if (StringUtils.isBlank(l.getDnFormat())) { throw new IllegalArgumentException("Dn format cannot be empty/blank for active directory authentication"); } final FormatDnResolver resolver = new FormatDnResolver(l.getDnFormat()); final Authenticator authn = new Authenticator(resolver, getPooledBindAuthenticationHandler(l)); if (l.isEnhanceWithEntryResolver()) { authn.setEntryResolver(newSearchEntryResolver(l)); } return authn; }
/** Iterates over the CACHE and closes any managed dn resolvers and managed authentication handlers. */ public static void close() { for (Map.Entry<String, Authenticator> e : CACHE.entrySet()) { final Authenticator a = e.getValue(); if (a.getDnResolver() instanceof PooledConnectionFactoryManager) { final PooledConnectionFactoryManager cfm = (PooledConnectionFactoryManager) a.getDnResolver(); cfm.getConnectionFactory().getConnectionPool().close(); } final AuthenticationHandler ah = a.getAuthenticationHandler(); if (ah instanceof PooledConnectionFactoryManager) { final PooledConnectionFactoryManager cfm = (PooledConnectionFactoryManager) ah; cfm.getConnectionFactory().getConnectionPool().close(); } } } }
@Bean public Authenticator authenticator() { SearchDnResolver dnResolver = new SearchDnResolver(connectionFactory()); dnResolver.setBaseDn(configuration.getContextSourceBase()); dnResolver.setUserFilter(configuration.getUserSearchFilter()); dnResolver.setSubtreeSearch(true); BindAuthenticationHandler authHandler = new BindAuthenticationHandler(connectionFactory()); authHandler.setAuthenticationControls(new PasswordPolicyControl()); Authenticator auth = new Authenticator(dnResolver, authHandler); auth.setAuthenticationResponseHandlers(new PasswordPolicyAuthenticationResponseHandler()); return auth; } }
final String loginDn = auth.resolveDn(nameCb.getName()); if (loginDn == null && noResultsIsError) { loginSuccess = false;
public void tryBuildLdapAuthenticator(final Map<String, Authenticator> authenticators) { for (int i = 0; i <= MAX_NUM_AUTHENTICATORS; i++) { final String type = getProperty(LDAP_TYPE, i); if (isNotBlank(type)) { final LdapAuthenticationProperties ldapProp = buildLdapProperties(i); final org.ldaptive.auth.Authenticator ldaptiveAuthenticator = LdaptiveAuthenticatorBuilder.getAuthenticator(ldapProp); final LdapProfileService authenticator = new LdapProfileService(ldaptiveAuthenticator, getProperty(LDAP_ATTRIBUTES, i)); final PooledConnectionFactoryManager pooledConnectionFactoryManager = (PooledConnectionFactoryManager) ldaptiveAuthenticator.getAuthenticationHandler(); authenticator.setConnectionFactory(pooledConnectionFactoryManager.getConnectionFactory()); authenticator.setUsersDn(getProperty(LDAP_USERS_DN, i)); if (containsProperty(LDAP_PRINCIPAL_ATTRIBUTE_ID, i)) { authenticator.setUsernameAttribute(getProperty(LDAP_PRINCIPAL_ATTRIBUTE_ID, i)); } if (containsProperty(LDAP_PRINCIPAL_ATTRIBUTE_PASSWORD, i)) { authenticator.setPasswordAttribute(getProperty(LDAP_PRINCIPAL_ATTRIBUTE_PASSWORD, i)); } authenticators.put(concat("ldap", i), authenticator); } } }
@Override public AuthenticationResponse authenticate(final AuthenticationRequest request) throws LdapException { final long start = System.nanoTime(); final LdapAuthenticateEvent event = new LdapAuthenticateEvent(); event.setId(id.get()); event.setSuccessful(false); try { final AuthenticationResponse result = MonitoredAuthenticator.super.authenticate(request); event.setSuccessful(true); return result; } catch (Throwable t) { event.setError(t.getMessage()); throw t; } finally { event.setElapsedTimeNano(System.nanoTime() - start); SystemInstance.get().fireEvent(event); } }
@Override public String toString() { return String.format( "[%s@%d::dnResolver=%s, authenticationHandler=%s, entryResolver=%s, returnAttributes=%s, " + "authenticationResponseHandlers=%s]", getClass().getName(), hashCode(), getDnResolver(), getAuthenticationHandler(), getEntryResolver(), Arrays.toString(getReturnAttributes()), Arrays.toString(getAuthenticationResponseHandlers())); } }
DnResolver dnResolver = object.getDnResolver(); if (dnResolver == null) { dnResolver = new SearchDnResolver(); properties); dnPropSource.initialize(); object.setDnResolver(dnResolver); } else { final SimplePropertySource<DnResolver> sPropSource = new SimplePropertySource<>( AuthenticationHandler authHandler = object.getAuthenticationHandler(); if (authHandler == null) { authHandler = new BindAuthenticationHandler(); properties); ahPropSource.initialize(); object.setAuthenticationHandler(authHandler); } else { final SimplePropertySource<AuthenticationHandler> sPropSource = new SimplePropertySource<>(
final AuthenticationResponse invalidInput = validateInput(dn, request); if (invalidInput != null) { return invalidInput; final AuthenticationRequest processedRequest = processRequest(dn, request); AuthenticationHandlerResponse response = null; try { response = getAuthenticationHandler().authenticate(ac); entry = resolveEntry(ac, response); } finally { if (response != null && response.getConnection() != null) { if (getAuthenticationResponseHandlers() != null && getAuthenticationResponseHandlers().length > 0) { for (AuthenticationResponseHandler ah : getAuthenticationResponseHandlers()) { ah.handle(authResponse);