private String findUserDN(final String userName, final LdapContextFactory ldapContextFactory) { LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); final NamingEnumeration<SearchResult> usersFound = systemLdapCtx.search(searchBase, dnSearchFilter.replace(USERDN_SUBSTITUTION_TOKEN, userName), SUBTREE_SCOPE); return usersFound.hasMore() ? usersFound.next().getNameInNamespace() : null; } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); throw new IllegalArgumentException(ex); } catch (final NamingException e) { log.info("LDAP exception='{}'", e.getLocalizedMessage()); throw new IllegalArgumentException(e); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> findLDAPGroupsForUser(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return findLDAPGroupsForUser(username, systemLdapCtx); } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); return ImmutableSet.<String>of(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
/** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active directory LDAP context for the * groups that a user is a member of. The groups are then translated to role names by using the * configured {@link #groupRolesMap}. * <p/> * This implementation expects the <tt>principal</tt> argument to be a String username. * <p/> * Subclasses can override this method to determine authorization data (roles, permissions, etc) in a more * complex way. Note that this default implementation does not support permissions, only roles. * * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); } finally { LdapUtils.closeContext(ldapContext); } return buildAuthorizationInfo(roleNames); }
/** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active directory LDAP context for the * groups that a user is a member of. The groups are then translated to role names by using the * configured {@link #groupRolesMap}. * <p/> * This implementation expects the <tt>principal</tt> argument to be a String username. * <p/> * Subclasses can override this method to determine authorization data (roles, permissions, etc) in a more * complex way. Note that this default implementation does not support permissions, only roles. * * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); } finally { LdapUtils.closeContext(ldapContext); } return buildAuthorizationInfo(roleNames); }
@Override public LdapContext getSystemLdapContext() throws NamingException { return delegate.getSystemLdapContext(); }
public LdapPrincipal getPrincipal(String username) throws NamingException { LdapContext ctx = null; try { ctx = ctxFactory.getSystemLdapContext(); return getPrincipal(ctx, username); } catch (Exception e) { log.warn("getPrincipal ['{}'] -> error while retrieving LDAP data: {}", username, e.getMessage(), e); throw e; } finally { LdapUtils.closeContext(ctx); } }
private String findUserDN(final String userName, final LdapContextFactory ldapContextFactory) { LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); final NamingEnumeration<SearchResult> usersFound = systemLdapCtx.search(searchBase, dnSearchFilter.replace(USERDN_SUBSTITUTION_TOKEN, userName), SUBTREE_SCOPE); return usersFound.hasMore() ? usersFound.next().getNameInNamespace() : null; } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); throw new IllegalArgumentException(ex); } catch (final NamingException e) { log.info("LDAP exception='{}'", e.getLocalizedMessage()); throw new IllegalArgumentException(e); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> getRoles(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(username, systemLdapCtx); } catch (AuthenticationException ex) { // principal was not authenticated on LDAP return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> findLDAPGroupsForUser(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return findLDAPGroupsForUser(username, systemLdapCtx); } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); return ImmutableSet.<String>of(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> findLDAPGroupsForUser(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return findLDAPGroupsForUser(username, systemLdapCtx); } catch (AuthenticationException ex) { log.info("LDAP authentication exception: " + ex.getLocalizedMessage()); return ImmutableSet.<String>of(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> getRoles(PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(principals, username, systemLdapCtx, ldapContextFactory); } catch (AuthenticationException e) { LOG.failedToGetSystemLdapConnection(e); return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> getRoles(PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(principals, username, systemLdapCtx, ldapContextFactory); } catch (AuthenticationException e) { LOG.failedToGetSystemLdapConnection(e); return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
@Override protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { AuthorizationInfo authorizationInfo = null; try { final String username = getUsername(principals); final LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); final Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); authorizationInfo = buildAuthorizationInfo(roleNames); } finally { LdapUtils.closeContext(ldapContext); } } catch (ClassCastException e) { LOG.error("Unable to extract a valid user", e); } return authorizationInfo; }
public SortedSet<String> getAllGroups() throws LdapDAOException { LdapContext context = null; try { SortedSet<String> results = new TreeSet<String>(); context = this.getLdapContextFactory().getSystemLdapContext(); LdapAuthConfiguration conf = this.getLdapAuthConfiguration(); results.addAll(this.ldapGroupManager.getAllGroups(context, conf)); return results; } catch (NamingException e) { String message = "Failed to retrieve ldap information for users."; throw new LdapDAOException(message, e); } finally { this.closeContext(context); } }
/** * Get groups from LDAP. * * @param principals the principals of the Subject whose AuthenticationInfo should * be queried from the LDAP server. * @param ldapContextFactory factory used to retrieve LDAP connections. * @return an {@link AuthorizationInfo} instance containing information * retrieved from the LDAP server. * @throws NamingException if any LDAP errors occur during the search. */ @Override protected AuthorizationInfo queryForAuthorizationInfo(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final Set<String> roleNames = getRoles(principals, ldapContextFactory); SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(roleNames); Set<String> stringPermissions = permsFor(roleNames); final String username = (String) getAvailablePrincipal(principals); final LdapContext finalLdapContext = ldapContextFactory.getSystemLdapContext(); stringPermissions.addAll(getPermissionForUser(username, finalLdapContext)); stringPermissions.addAll(getPermissionForRole(username, finalLdapContext)); simpleAuthorizationInfo.setStringPermissions(stringPermissions); return simpleAuthorizationInfo; }
public String getGroupName(String groupId) throws LdapDAOException, NoSuchLdapGroupException { LdapContext context = null; try { context = this.getLdapContextFactory().getSystemLdapContext(); LdapAuthConfiguration conf = this.getLdapAuthConfiguration(); return this.ldapGroupManager.getGroupName(groupId, context, conf); } catch (NamingException e) { String message = "Failed to retrieve ldap information for users."; throw new LdapDAOException(message, e); } finally { this.closeContext(context); } }
public Set<String> getUserRoles(String userId) throws LdapDAOException, NoLdapUserRolesFoundException { LdapContext context = null; try { context = this.getLdapContextFactory().getSystemLdapContext(); return this.getUserRoles(userId, context, this .getLdapAuthConfiguration()); } catch (NamingException e) { String message = "Failed to retrieve ldap user roles for user" + userId; throw new LdapDAOException(message, e); } finally { this.closeContext(context); } }
public String getGroupName( String groupId ) throws LdapDAOException, NoSuchLdapGroupException { LdapContext context = null; try { context = this.getLdapContextFactory().getSystemLdapContext(); LdapAuthConfiguration conf = this.getLdapAuthConfiguration(); return this.ldapGroupManager.getGroupName( groupId, context, conf ); } catch ( NamingException e ) { String message = "Failed to retrieve ldap information for users."; throw new LdapDAOException( message, e ); } finally { this.closeContext( context ); } }
public Set<String> getUserRoles( String userId ) throws LdapDAOException, NoLdapUserRolesFoundException { LdapContext context = null; try { context = this.getLdapContextFactory().getSystemLdapContext(); return this.getUserRoles( userId, context, this .getLdapAuthConfiguration() ); } catch ( NamingException e ) { String message = "Failed to retrieve ldap user roles for user" + userId; throw new LdapDAOException( message, e ); } finally { this.closeContext( context ); } }
public LdapUser getUser(String username) throws NoSuchLdapUserException, LdapDAOException { LdapContext context = null; try { context = this.getLdapContextFactory().getSystemLdapContext(); LdapAuthConfiguration conf = this.getLdapAuthConfiguration(); LdapUser ldapUser = this.ldapUserManager.getUser(username, context, conf); // only need to update membership when using static mapping if (isStaticGroupMapping(conf)) { updateGroupMembership(context, conf, ldapUser); } return ldapUser; } catch (NamingException e) { String message = "Failed to retrieve ldap information for users."; throw new LdapDAOException(message, e); } finally { this.closeContext(context); } }