private String getReferencedGroupValue(final DirContextOperations ctx) { final String referencedGroupValue; if (StringUtils.isBlank(userGroupReferencedGroupAttribute)) { referencedGroupValue = ctx.getDn().toString(); } else { final Attribute attributeName = ctx.getAttributes().get(userGroupReferencedGroupAttribute); if (attributeName == null) { throw new AuthorizationAccessException("Referenced group value attribute [" + userGroupReferencedGroupAttribute + "] does not exist."); } try { referencedGroupValue = (String) attributeName.get(); } catch (NamingException e) { throw new AuthorizationAccessException("Error while retrieving referenced group value attribute [" + userGroupReferencedGroupAttribute + "]."); } } return referencedGroupValue; }
private String getReferencedUserValue(final DirContextOperations ctx) { final String referencedUserValue; if (StringUtils.isBlank(groupMemberReferencedUserAttribute)) { referencedUserValue = ctx.getDn().toString(); } else { final Attribute attributeName = ctx.getAttributes().get(groupMemberReferencedUserAttribute); if (attributeName == null) { throw new AuthorizationAccessException("Referenced user value attribute [" + groupMemberReferencedUserAttribute + "] does not exist."); } try { referencedUserValue = (String) attributeName.get(); } catch (NamingException e) { throw new AuthorizationAccessException("Error while retrieving reference user value attribute [" + groupMemberReferencedUserAttribute + "]."); } } return referencedUserValue; }
private String getUserIdentity(final DirContextOperations ctx) { final String identity; if (useDnForUserIdentity) { identity = ctx.getDn().toString(); } else { final Attribute attributeName = ctx.getAttributes().get(userIdentityAttribute); if (attributeName == null) { throw new AuthorizationAccessException("User identity attribute [" + userIdentityAttribute + "] does not exist."); } try { identity = (String) attributeName.get(); } catch (NamingException e) { throw new AuthorizationAccessException("Error while retrieving user name attribute [" + userIdentityAttribute + "]."); } } return IdentityMappingUtil.mapIdentity(identity, identityMappings); }
private String getGroupName(final DirContextOperations ctx) { final String name; if (useDnForGroupName) { name = ctx.getDn().toString(); } else { final Attribute attributeName = ctx.getAttributes().get(groupNameAttribute); if (attributeName == null) { throw new AuthorizationAccessException("Group identity attribute [" + groupNameAttribute + "] does not exist."); } try { name = (String) attributeName.get(); } catch (NamingException e) { throw new AuthorizationAccessException("Error while retrieving group name attribute [" + groupNameAttribute + "]."); } } return IdentityMappingUtil.mapIdentity(name, groupMappings); }
DirContextOperations userFromSearch = getUserSearch().searchForUser(username); user = bindWithDn(userFromSearch.getDn().toString(), username, password, userFromSearch.getAttributes());
public DirContextOperations localCompareAuthenticate(DirContextOperations user, String password) { boolean match = false; try { Attributes attributes = user.getAttributes(); Attribute attr = attributes.get(getPasswordAttributeName()); if (attr.size()==0) { throw new AuthenticationCredentialsNotFoundException("Missing "+getPasswordAttributeName()+" attribute."); } for (int i = 0; (attr != null) && (!match) && (i < attr.size()); i++) { Object valObject = attr.get(i); if (valObject != null && valObject instanceof byte[]) { if (passwordEncoder instanceof DynamicPasswordComparator) { byte[] received = password.getBytes(); byte[] stored = (byte[]) valObject; match = ((DynamicPasswordComparator) passwordEncoder).comparePasswords(received, stored); } else { String encodedPassword = passwordEncoder.encodePassword(password, null); byte[] passwordBytes = Utf8.encode(encodedPassword); match = Arrays.equals(passwordBytes, (byte[]) valObject); } } } } catch (NamingException e) { throw new BadCredentialsException("Bad credentials", e); } if (!match) throw new BadCredentialsException("Bad credentials"); return user; }
@Override protected Object doMapFromContext(DirContextOperations ctx) { Attributes group = ctx.getAttributes(); return group; } });
@Override protected Object doMapFromContext(DirContextOperations ctx) { if (resultFilter != null && !resultFilter.needSelect(ctx.getNameInNamespace())){ return null; } Map<String, Object> result = new HashMap<>(); result.put(LdapConstant.LDAP_DN_KEY, ctx.getNameInNamespace()); List<Object> list = new ArrayList<>(); result.put("attributes", list); Attributes attributes = ctx.getAttributes(); NamingEnumeration it = attributes.getAll(); try { while (it.hasMore()){ list.add(it.next()); } } catch (javax.naming.NamingException e){ logger.error("query ldap entry attributes fail", e.getCause()); throw new OperationFailureException(operr("query ldap entry fail, %s", e.toString())); } return result; } }, processor);
private String resolveLdapName(DirContextOperations ctx, String username) throws NamingException, ObjectNotFoundException { Attribute ldapResponse = ctx.getAttributes().get(ldapNamingAttr); if (ldapResponse != null) { if (ldapResponse.size() == 1) { Object namingAttrValue = ldapResponse.get(0); if (namingAttrValue != null) { return namingAttrValue.toString().toLowerCase(); } } else { throw new ObjectNotFoundException("Bad response"); // naming attribute contains multiple values } } return username; // fallback to typed-in username in case ldap value is missing } }
private String getReferencedUserValue(final DirContextOperations ctx) { final String referencedUserValue; if (StringUtils.isBlank(groupMemberReferencedUserAttribute)) { referencedUserValue = ctx.getDn().toString(); } else { final Attribute attributeName = ctx.getAttributes().get(groupMemberReferencedUserAttribute); if (attributeName == null) { throw new AuthorizationAccessException("Referenced user value attribute [" + groupMemberReferencedUserAttribute + "] does not exist."); } try { referencedUserValue = (String) attributeName.get(); } catch (NamingException e) { throw new AuthorizationAccessException("Error while retrieving reference user value attribute [" + groupMemberReferencedUserAttribute + "]."); } } return referencedUserValue; }
protected GeoServerUser createUser(DirContextOperations dco) { GeoServerUser gsUser = new GeoServerUser(dco.getStringAttribute(userNameAttribute)); for (String attName : populatedAttributes) { try { Attribute att = dco.getAttributes().get(attName.toLowerCase()); if (att != null) { Object value = att.get(); if (value instanceof String) { gsUser.getProperties().put(attName, value); } } } catch (NamingException e) { LOGGER.log( Level.WARNING, "Could not populate value for user attribute " + attName, e); } } return gsUser; }
private String getReferencedGroupValue(final DirContextOperations ctx) { final String referencedGroupValue; if (StringUtils.isBlank(userGroupReferencedGroupAttribute)) { referencedGroupValue = ctx.getDn().toString(); } else { final Attribute attributeName = ctx.getAttributes().get(userGroupReferencedGroupAttribute); if (attributeName == null) { throw new AuthorizationAccessException("Referenced group value attribute [" + userGroupReferencedGroupAttribute + "] does not exist."); } try { referencedGroupValue = (String) attributeName.get(); } catch (NamingException e) { throw new AuthorizationAccessException("Error while retrieving referenced group value attribute [" + userGroupReferencedGroupAttribute + "]."); } } return referencedGroupValue; }
private String getGroupName(final DirContextOperations ctx) { final String name; if (useDnForGroupName) { name = ctx.getDn().toString(); } else { final Attribute attributeName = ctx.getAttributes().get(groupNameAttribute); if (attributeName == null) { throw new AuthorizationAccessException("Group identity attribute [" + groupNameAttribute + "] does not exist."); } try { name = (String) attributeName.get(); } catch (NamingException e) { throw new AuthorizationAccessException("Error while retrieving group name attribute [" + groupNameAttribute + "]."); } } return name; }
private String getUserIdentity(final DirContextOperations ctx) { final String identity; if (useDnForUserIdentity) { identity = ctx.getDn().toString(); } else { final Attribute attributeName = ctx.getAttributes().get(userIdentityAttribute); if (attributeName == null) { throw new AuthorizationAccessException("User identity attribute [" + userIdentityAttribute + "] does not exist."); } try { identity = (String) attributeName.get(); } catch (NamingException e) { throw new AuthorizationAccessException("Error while retrieving user name attribute [" + userIdentityAttribute + "]."); } } return IdentityMappingUtil.mapIdentity(identity, identityMappings); }
@Override protected User doMapFromContext(DirContextOperations ctx) { // get the user identity final String identity = getUserIdentity(ctx); // build the user final User user = new User.Builder().identifierGenerateFromSeed(identity).identity(identity).build(); // store the user for group member later userLookup.put(getReferencedUserValue(ctx), user); if (StringUtils.isNotBlank(userGroupNameAttribute)) { final Attribute attributeGroups = ctx.getAttributes().get(userGroupNameAttribute); if (attributeGroups == null) { logger.warn("User group name attribute [" + userGroupNameAttribute + "] does not exist. Ignoring group membership."); } else { try { final NamingEnumeration<String> groupValues = (NamingEnumeration<String>) attributeGroups.getAll(); while (groupValues.hasMoreElements()) { // store the group -> user identifier mapping groupToUserIdentifierMappings.computeIfAbsent(groupValues.next(), g -> new HashSet<>()).add(user.getIdentifier()); } } catch (NamingException e) { throw new AuthorizationAccessException("Error while retrieving user group name attribute [" + userIdentityAttribute + "]."); } } } return user; } }, userProcessor));
Attribute attributeUsers = ctx.getAttributes().get(groupMemberAttribute); if (attributeUsers == null) { logger.warn("Group member attribute [" + groupMemberAttribute + "] does not exist. Ignoring group membership.");
DirContextOperations userFromSearch = getUserSearch().searchForUser(username); user = bindWithDn(userFromSearch.getDn().toString(), username, password, userFromSearch.getAttributes());
@Override public String addCredential(Credential credential) throws InvalidCredentialException { if (credential==null) { throw new InvalidCredentialException("null credential!"); } if (credential.getUserId()==null) { throw new InvalidCredentialException("null userId!"); } if (!(credential instanceof LoginPasswordCredential)) { throw new InvalidCredentialException("invalid credential instance: " + credential.getClass().getName() + ", only " + LoginPasswordCredential.class.getName() + " is supported!"); } try { Name userDN = builUserDn(credential.getUserId()); DirContextOperations ctxOps = ldapTemplate.lookupContext(userDN); Attributes allAttrs = ctxOps.getAttributes(); Attribute passAttr = allAttrs.get(JoomlaLDAPConstants.PASSWD_ATTR_NAME); passAttr.clear(); passAttr.add(passwordHasher.hash(((LoginPasswordCredential) credential).getPassword())); ldapTemplate.modifyAttributes(userDN, new ModificationItem[] { new ModificationItem(DirContext.REPLACE_ATTRIBUTE, passAttr)}); return null; } catch (NameNotFoundException e) { throw new InvalidCredentialException("user " + credential.getUserId() + " not found!"); } }
@Override public void unassignUser(String userId, GroupName group) throws UserNotFoundException, GroupNotFoundException { if (userId==null) { throw new UserNotFoundException(userId); } if (group==null || group.getName()==null) { throw new GroupNotFoundException(group); } try { Name userDN = builUserDn(userId); DirContextOperations ctxOps = ldapTemplate.lookupContext(userDN); Attributes allAttrs = ctxOps.getAttributes(); Attribute groupAttr = allAttrs.get(JoomlaLDAPConstants.GROUP_ATTR_NAME); // disallowing unassigning user from predefined required group name if (groupAttr.contains(group.getName()) && !PREDEFINED_REQUIRED_GROUP_NAME.equals(group.getName())) { groupAttr.remove(group.getName()); ldapTemplate.modifyAttributes(userDN, new ModificationItem[] { new ModificationItem(DirContext.REPLACE_ATTRIBUTE, groupAttr)}); } } catch (NameNotFoundException e) { throw new UserNotFoundException(userId); } }
@Override public void assignUser(String userId, GroupName group) throws UserNotFoundException, GroupNotFoundException { if (userId==null) { throw new UserNotFoundException(userId); } if (group==null || group.getName()==null) { throw new GroupNotFoundException(group); } try { Name userDN = builUserDn(userId); DirContextOperations ctxOps = ldapTemplate.lookupContext(userDN); Attributes allAttrs = ctxOps.getAttributes(); Attribute groupAttr = allAttrs.get(JoomlaLDAPConstants.GROUP_ATTR_NAME); if (!groupAttr.contains(group.getName())) { groupAttr.add(group.getName()); ldapTemplate.modifyAttributes(userDN, new ModificationItem[] { new ModificationItem(DirContext.REPLACE_ATTRIBUTE, groupAttr)}); } } catch (NameNotFoundException e) { throw new UserNotFoundException(userId); } }