private boolean isAdminDN(LdapName dn) { if(dn == null) return false; boolean isAdmin = adminDn.contains(dn); if (log.isTraceEnabled()) { log.trace("Is principal {} an admin cert? {}", dn.toString(), isAdmin); } return isAdmin; }
@Override public void handleRecord(LdapAttributes attributes) { callbackAttributeName = attributes.getName().toString(); } }
@Override public void handleRecord(LdapAttributes attributes) { callbackAttributeName = attributes.getName().toString(); } }
private LdapSearch createLdapSearchByDn() { if ( ! name.regionMatches(true, 0, identityMapping.rdnIdentifier, 0, identityMapping.rdnIdentifier.length())) { return null; } // equal sign not checked here as whitespaces can be between yet try { LdapName ldapName = new LdapName(name); int rdnPosition = ldapName.size() - 1; Rdn rdnIdentifier = ldapName.getRdn(rdnPosition); if ( ! rdnIdentifier.getType().equalsIgnoreCase(identityMapping.rdnIdentifier)) { // uid=... log.tracef("Getting identity [%s] by DN skipped - RDN does not match [%s]", name, identityMapping.rdnIdentifier); return null; } if (identityMapping.searchDn != null) { List<Rdn> expectedStart = new LdapName(identityMapping.searchDn).getRdns(); if ( ! ldapName.startsWith(expectedStart)) { // ...,search-dn log.tracef("Getting identity [%s] by DN skipped - DN not in search-dn [%s]", name, identityMapping.searchDn); return null; } if ( ! identityMapping.searchRecursive && ldapName.size() != expectedStart.size() + 1) { log.tracef("Getting identity [%s] by DN skipped - DN not directly in search-dn and recursive search not enabled [%s]", name, identityMapping.searchDn); return null; } } return new LdapSearch(ldapName.toString(), SearchControls.OBJECT_SCOPE, 0, identityMapping.filterName, rdnIdentifier.getValue().toString()); } catch (InvalidNameException e) { log.tracef(e, "Getting identity [%s] by DN failed - will continue by name", name); } return null; }
@Override public void create() throws RealmUnavailableException { if (identityMapping.newIdentityParent == null || identityMapping.newIdentityAttributes == null) { throw log.ldapRealmNotConfiguredToSupportCreatingIdentities(); } DirContext context = obtainContext(); try { LdapName distinguishName = (LdapName) identityMapping.newIdentityParent.clone(); distinguishName.add(new Rdn(identityMapping.rdnIdentifier, name)); log.debugf("Creating identity [%s] with DN [%s] in LDAP", name, distinguishName.toString()); context.createSubcontext(distinguishName, identityMapping.newIdentityAttributes); } catch (NamingException e) { throw log.ldapRealmFailedCreateIdentityOnServer(e); } finally { closeContext(context); } }
private void storeAttributes(String alias, List<ModificationItem> items) throws KeyStoreException { DirContext context = obtainDirContext(); try { SearchResult result = searchAlias(context, alias, null, new String[]{}); LdapName distinguishName; if (result == null) { // alias not exists yet - create if (createPath == null || createAttributes == null || createRdn == null) throw log.creationNotConfigured(alias); distinguishName = (LdapName) createPath.clone(); distinguishName.add(new Rdn(createRdn, alias)); log.debugf("Creating keystore alias [%s] with DN [%s] in LDAP", alias, distinguishName.toString()); context.createSubcontext(distinguishName, createAttributes); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(aliasAttribute, alias))); } else { distinguishName = new LdapName(result.getNameInNamespace()); } context.modifyAttributes(distinguishName, items.toArray(new ModificationItem[items.size()])); } catch (NamingException e) { throw log.ldapKeyStoreFailedToStore(alias, e); } finally { returnDirContext(context); } }
@Test public void testBasicRead() throws Exception { this.ldifReader = new LdifReaderBuilder().resource(context.getResource("classpath:/test.ldif")).name("foo").build(); LdapAttributes ldapAttributes = firstRead(); assertEquals("The attribute name for the first record did not match expected result", "cn=Barbara Jensen, ou=Product Development, dc=airius, dc=com", ldapAttributes.getName().toString()); }
@Test public void testSkipRecord() throws Exception { this.ldifReader = new LdifReaderBuilder().recordsToSkip(1).resource(context.getResource("classpath:/test.ldif")) .name("foo").build(); LdapAttributes ldapAttributes = firstRead(); assertEquals("The attribute name for the second record did not match expected result", "cn=Bjorn Jensen, ou=Accounting, dc=airius, dc=com", ldapAttributes.getName().toString()); }
@Test public void testCurrentItemCount() throws Exception { this.ldifReader = new LdifReaderBuilder().currentItemCount(3) .resource(context.getResource("classpath:/test.ldif")).name("foo").build(); LdapAttributes ldapAttributes = firstRead(); assertEquals("The attribute name for the third record did not match expected result", "cn=Gern Jensen, ou=Product Testing, dc=airius, dc=com", ldapAttributes.getName().toString()); }
@Test public void testBasicRead() throws Exception { this.mappingLdifReader = new MappingLdifReaderBuilder<LdapAttributes>() .recordMapper(new TestMapper()) .resource(context.getResource("classpath:/test.ldif")) .name("foo") .build(); LdapAttributes ldapAttributes = firstRead(); assertEquals("The attribute name for the first record did not match expected result", "cn=Barbara Jensen, ou=Product Development, dc=airius, dc=com", ldapAttributes.getName().toString()); }
@Test public void testMaxItemCount() throws Exception { this.ldifReader = new LdifReaderBuilder().maxItemCount(1).resource(context.getResource("classpath:/test.ldif")) .name("foo").build(); LdapAttributes ldapAttributes = firstRead(); assertEquals("The attribute name for the first record did not match expected result", "cn=Barbara Jensen, ou=Product Development, dc=airius, dc=com", ldapAttributes.getName().toString()); ldapAttributes = this.ldifReader.read(); assertNull("The second read should have returned null", ldapAttributes); }
@Test public void testCurrentItemCount() throws Exception { this.mappingLdifReader = new MappingLdifReaderBuilder<LdapAttributes>() .currentItemCount(3) .recordMapper(new TestMapper()) .resource(context.getResource("classpath:/test.ldif")) .name("foo") .build(); LdapAttributes ldapAttributes = firstRead(); assertEquals("The attribute name for the third record did not match expected result", "cn=Gern Jensen, ou=Product Testing, dc=airius, dc=com", ldapAttributes.getName().toString()); }
@Test public void testSkipRecord() throws Exception { this.mappingLdifReader = new MappingLdifReaderBuilder<LdapAttributes>() .recordsToSkip(1) .recordMapper(new TestMapper()) .resource(context.getResource("classpath:/test.ldif")) .name("foo") .build(); LdapAttributes ldapAttributes = firstRead(); assertEquals("The attribute name for the second record did not match expected result", "cn=Bjorn Jensen, ou=Accounting, dc=airius, dc=com", ldapAttributes.getName().toString()); }
@Test public void testMaxItemCount() throws Exception { this.mappingLdifReader = new MappingLdifReaderBuilder<LdapAttributes>() .maxItemCount(1) .recordMapper(new TestMapper()) .resource(context.getResource("classpath:/test.ldif")) .name("foo") .build(); LdapAttributes ldapAttributes = firstRead(); assertEquals("The attribute name for the first record did not match expected result", "cn=Barbara Jensen, ou=Product Development, dc=airius, dc=com", ldapAttributes.getName().toString()); ldapAttributes = this.mappingLdifReader.read(); assertNull("The second read should have returned null", ldapAttributes); }
/** * Builds the Spring Authentication object using the supplied user name and groups looked up from LDAP. Groups are currently * mapped directly to Spring roles by converting to upper case and prepending the name with "ROLE_". * @param userName The username to build the Authentication object with. * @param httpRequest HttpServletRequest * @return Authentication object for the given user. */ protected Authentication getAuthentication(String userName, HttpServletRequest httpRequest) { String ldapName = LdapNameBuilder.newInstance().add(userSearchBase).add("uid", userName).build().toString(); // Search ldap for a user's groups and convert to a Spring role List<GrantedAuthority> grantedAuths = ldapTemplate.search(query() .where("objectclass") .is("groupOfNames") .and("member") .is(ldapName), (AttributesMapper<String>) attrs -> (String) attrs.get("cn").get()) .stream() .map(group -> String.format("%s%s", SECURITY_ROLE_PREFIX, group.toUpperCase())) .map(SimpleGrantedAuthority::new).collect(Collectors.toList()); final UserDetails principal = new User(userName, "", grantedAuths); final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( principal, "", grantedAuths); WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest); authentication.setDetails(webDetails); return authentication; }
@Test public void testEmptyLdapName() { LdapName ldapName = LdapUtils.emptyLdapName(); assertThat(ldapName.toString()).isEqualTo(""); }
@Override protected Object doMapFromContext(DirContextOperations ctx) { LdapName dn = (LdapName) ctx.getDn(); Rdn rdn = LdapUtils.getRdn(dn, "cn"); assertThat(dn.toString()).isEqualTo("cn=Some\\\\Person6,ou=company1,ou=Sweden"); assertThat(rdn.getValue()).isEqualTo("Some\\Person6"); return new Object(); } });
@Test public void testGetNameInNamespace_BasePath() { DirContextAdapter tested = new DirContextAdapter(null, LdapUtils.newLdapName("c=SE"), BASE_NAME); String result = tested.getNameInNamespace(); assertThat(result).isEqualTo(DUMMY_NAME.toString()); }
@Test public void testAddEmptyToEmpty() { LdapNameBuilder tested = LdapNameBuilder.newInstance().add(""); assertThat(tested.build().toString()).isEqualTo(""); }
@Test public void testAddNameToEmpty() { LdapNameBuilder tested = LdapNameBuilder.newInstance().add(LdapUtils.newLdapName("ou=people")); assertThat(tested.build().toString()).isEqualTo("ou=people"); }