@Override public List<UserInfo> findByUserIds(List<String> userIds) { if (CollectionUtils.isEmpty(userIds)) { return null; } else { ContainerCriteria criteria = query().where(loginIdAttrName).is(userIds.get(0)); userIds.stream().skip(1).forEach(userId -> criteria.or(loginIdAttrName).is(userId)); return ldapTemplate.search(ldapQueryCriteria().and(criteria), ldapUserInfoMapper); } }
/** * {@inheritDoc} */ @Override public void search(LdapQuery query, NameClassPairCallbackHandler callbackHandler) { SearchControls searchControls = searchControlsForQuery(query, DONT_RETURN_OBJ_FLAG); search(query.base(), query.filter().encode(), searchControls, callbackHandler); }
/** * * @param dn the distinguished name of the entry - may be either relative to the base * context or a complete DN including the name of the context (either is supported). * @param username the user whose roles are required. * @return the granted authorities returned by the group search */ @SuppressWarnings("unchecked") List<GrantedAuthority> getUserAuthorities(final DistinguishedName dn, final String username) { SearchExecutor se = new SearchExecutor() { public NamingEnumeration<SearchResult> executeSearch(DirContext ctx) throws NamingException { DistinguishedName fullDn = LdapUtils.getFullDn(dn, ctx); SearchControls ctrls = new SearchControls(); ctrls.setReturningAttributes(new String[] { groupRoleAttributeName }); return ctx.search(groupSearchBase, groupSearchFilter, new String[] { fullDn.toUrl(), username }, ctrls); } }; AttributesMapperCallbackHandler roleCollector = new AttributesMapperCallbackHandler( roleMapper); template.search(se, roleCollector); return roleCollector.getList(); }
@Override public List<UserInfo> searchUsers(String keyword, int offset, int limit) { ContainerCriteria criteria = ldapQueryCriteria(); if (!Strings.isNullOrEmpty(keyword)) { criteria.and(query().where(loginIdAttrName).like(keyword + "*").or(userDisplayNameAttrName) .like(keyword + "*")); } return ldapTemplate.search(criteria, ldapUserInfoMapper); }
private boolean validateDnExist(LdapTemplateContextSource ldapTemplateContextSource, String fullDn, Filter filter){ try { String dn = fullDn.replace("," + ldapTemplateContextSource.getLdapContextSource().getBaseLdapPathAsString(), ""); List<Object> result = ldapTemplateContextSource.getLdapTemplate().search(dn, filter.toString(), new AbstractContextMapper<Object>() { @Override protected Object doMapFromContext(DirContextOperations ctx) { return ctx.getNameInNamespace(); } }); return result.contains(fullDn); }catch (Exception e){ logger.warn(String.format("validateDnExist[dn=%s, filter=%s] fail", fullDn, filter.toString()), e); return false; } }
public void findLdapDnMemberOfList(LdapTemplate ldapTemplate, String ldapDn, List<String> resultDnList, List<String> dnIgnoreList){ if(dnIgnoreList.contains(ldapDn)){ return; } AndFilter filter = new AndFilter(); filter.and(new EqualsFilter(LdapUtil.getMemberKey(), ldapDn)); List<Object> groupList = ldapTemplate.search("", filter.toString(), new AbstractContextMapper<Object>() { @Override protected Object doMapFromContext(DirContextOperations ctx) { return ctx.getNameInNamespace(); } }); if(groupList.isEmpty()){ dnIgnoreList.add(ldapDn); return; } for(Object groupObj : groupList){ if(groupObj == null || !(groupObj instanceof String)){ continue; } String groupDn = (String)groupObj; if(resultDnList.contains(groupDn)){ continue; } resultDnList.add(groupDn); findLdapDnMemberOfList(ldapTemplate, groupDn, resultDnList, dnIgnoreList); } }
/** * Builds the Spring Authentication object using the supplied user name and groups looked up from LDAP. Groups are currently * mapped directly to Spring roles by converting to upper case and prepending the name with "ROLE_". * @param userName The username to build the Authentication object with. * @param httpRequest HttpServletRequest * @return Authentication object for the given user. */ protected Authentication getAuthentication(String userName, HttpServletRequest httpRequest) { String ldapName = LdapNameBuilder.newInstance().add(userSearchBase).add("uid", userName).build().toString(); // Search ldap for a user's groups and convert to a Spring role List<GrantedAuthority> grantedAuths = ldapTemplate.search(query() .where("objectclass") .is("groupOfNames") .and("member") .is(ldapName), (AttributesMapper<String>) attrs -> (String) attrs.get("cn").get()) .stream() .map(group -> String.format("%s%s", SECURITY_ROLE_PREFIX, group.toUpperCase())) .map(SimpleGrantedAuthority::new).collect(Collectors.toList()); final UserDetails principal = new User(userName, "", grantedAuths); final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( principal, "", grantedAuths); WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest); authentication.setDetails(webDetails); return authentication; }
private void update(LdapTemplate ldapTemplate, LdapAccountRefVO ref){ String uid = ref.getLdapUid(); AndFilter filter = new AndFilter(); filter.and(new EqualsFilter("uid", ref.getLdapUid())); List<Object> result = ldapTemplate.search("", filter.toString(), new AbstractContextMapper<Object>() { @Override protected Object doMapFromContext(DirContextOperations ctx) { return ctx.getNameInNamespace(); } }); if(result.size() == 0){ logger.error(String.format("Can not find ldapUid[%s] dn", uid)); return; } if(result.size() > 1){ logger.error(String.format("ldapUid[%s] More than one dn result", uid)); return; } String dn = result.get(0).toString(); ref.setLdapUid(dn); dbf.update(ref); logger.info(String.format("update ldapUid[%s] to ldapDn[%s] success", uid, dn)); }
List<Object> subResult = ldapTemplate.search("", filter, searchCtls, new AbstractContextMapper<Object>() { @Override protected Object doMapFromContext(DirContextOperations ctx) {
private String getFullUserDn(LdapTemplate ldapTemplate, String filter) { String dn; try { List<Object> result = ldapTemplate.search("", filter, new AbstractContextMapper<Object>() { @Override protected Object doMapFromContext(DirContextOperations ctx) { return ctx.getNameInNamespace(); } }); if (result.size() == 1) { dn = result.get(0).toString(); } else if (result.size() > 1) { throw new OperationFailureException(err( LdapErrors.UNABLE_TO_GET_SPECIFIED_LDAP_UID, "More than one ldap search result")); } else { return ""; } logger.info(String.format("getDn success filter:%s, dn:%s", filter, dn)); } catch (NamingException e) { LdapServerVO ldapServerVO = getLdapServer(); throw new OperationFailureException(err( LdapErrors.UNABLE_TO_GET_SPECIFIED_LDAP_UID, "You'd better check the ldap server[url:%s, baseDN:%s, encryption:%s, username:%s, password:******]" + " configuration and test connection first.getDn error filter:%s", ldapServerVO.getUrl(), ldapServerVO.getBase(), ldapServerVO.getEncryption(), ldapServerVO.getUsername(), filter)); } return dn; }
/** * {@inheritDoc} */ @Override public <T> List<T> search(String base, String filter, AttributesMapper<T> mapper) { return search(base, filter, defaultSearchScope, mapper); }
/** * {@inheritDoc} */ @Override public <T> List<T> search(Name base, String filter, int searchScope, ContextMapper<T> mapper) { return search(base, filter, searchScope, ALL_ATTRIBUTES, mapper); }
/** * {@inheritDoc} */ @Override public <T> List<T> search(Name base, String filter, AttributesMapper<T> mapper) { return search(base, filter, defaultSearchScope, mapper); }
/** * {@inheritDoc} */ @Override public <T> List<T> search(Name base, String filter, ContextMapper<T> mapper) { return search(base, filter, defaultSearchScope, mapper); }
/** * {@inheritDoc} */ @Override public <T> List<T> search(String base, String filter, int searchScope, String[] attrs, ContextMapper<T> mapper) { return search(base, filter, getDefaultSearchControls(searchScope, RETURN_OBJ_FLAG, attrs), mapper); }
/** * {@inheritDoc} */ @Override public void search(Name base, String filter, int searchScope, boolean returningObjFlag, NameClassPairCallbackHandler handler) { search(base, filter, getDefaultSearchControls(searchScope, returningObjFlag, ALL_ATTRIBUTES), handler); }
/** * {@inheritDoc} */ @Override public <T> List<T> search(String base, String filter, SearchControls controls, ContextMapper<T> mapper) { return search(base, filter, controls, mapper, new NullDirContextProcessor()); }
/** * {@inheritDoc} */ @Override public void search(String base, String filter, NameClassPairCallbackHandler handler) { SearchControls controls = getDefaultSearchControls(defaultSearchScope, DONT_RETURN_OBJ_FLAG, ALL_ATTRIBUTES); if (handler instanceof ContextMapperCallbackHandler) { assureReturnObjFlagSet(controls); } search(base, filter, controls, handler); }
/** * {@inheritDoc} */ @Override public <T> List<T> search(String base, String filter, SearchControls controls, AttributesMapper<T> mapper, DirContextProcessor processor) { AttributesMapperCallbackHandler<T> handler = new AttributesMapperCallbackHandler<T>(mapper); search(base, filter, controls, handler, processor); return handler.getList(); }
/** * {@inheritDoc} */ @Override public <T> List<T> search(Name base, String filter, SearchControls controls, ContextMapper<T> mapper, DirContextProcessor processor) { assureReturnObjFlagSet(controls); ContextMapperCallbackHandler<T> handler = new ContextMapperCallbackHandler<T>(mapper); search(base, filter, controls, handler, processor); return handler.getList(); }