@DatabaseIdentityStoreDefinition( dataSourceLookup = "jdbc/authenticator", callerQuery = "SELECT password from user_password where name = ?", groupsQuery = "SELECT role from user_roles where name = ?" ) public class DatabaseIdentityStoreConfiguration { }
@Override public int priority() { return ldapIdentityStoreDefinition.priority(); }
@Override public int priority() { return dataBaseIdentityStoreDefinition.priority(); }
@Override public AuthenticationStatus notifyContainerAboutLogin(CredentialValidationResult result) { if (result.getStatus() == VALID) { return notifyContainerAboutLogin( result.getCallerPrincipal(), result.getCallerGroups()); } return SEND_FAILURE; }
public static boolean hasAnyELExpression(DatabaseIdentityStoreDefinition in) { return AnnotationELPProcessor.hasAnyELExpression( in.dataSourceLookup(), in.callerQuery(), in.groupsQuery(), in.priorityExpression(), in.useForExpression() ); }
/** * Returns a valid {@link CredentialValidationResult}. * <p> * If further validation is required this method should be overridden in a sub-class * or alternative {@link IdentityStore}. Calling {@link RememberMeCredential#getToken()} * on the credential passed in will get the authorisation token which can be used to get * more information about the user from the OAuth provider by sending a GET request to * an endpoint i.e. https://oauthprovider/user&token=exampletoken. * @param credential * @return */ public CredentialValidationResult validate(RememberMeCredential credential){ return new CredentialValidationResult(credential.toString()); }
@Override public Set<String> getCallerGroups(CredentialValidationResult validationResult) { SecurityManager securityManager = System.getSecurityManager(); if (securityManager != null) { securityManager.checkPermission(new IdentityStorePermission("getGroups")); } DataSource dataSource = getDataSource(); return new HashSet<>(executeQuery( dataSource, dataBaseIdentityStoreDefinition.groupsQuery(), validationResult.getCallerPrincipal().getName()) ); }
private SearchControls getGroupSearchControls() { SearchControls controls = new SearchControls(); controls.setSearchScope(convertScopeValue(ldapIdentityStoreDefinition.groupSearchScope())); controls.setCountLimit((long)ldapIdentityStoreDefinition.maxResults()); controls.setTimeLimit(ldapIdentityStoreDefinition.readTimeout()); controls.setReturningAttributes(new String[]{ldapIdentityStoreDefinition.groupNameAttribute()}); return controls; }
private String getCallerDn(LdapContext searchContext, String callerName) { String callerDn = null; if (!ldapIdentityStoreDefinition.callerBaseDn().isEmpty() && ldapIdentityStoreDefinition.callerSearchBase().isEmpty()) { callerDn = String.format("%s=%s,%s", ldapIdentityStoreDefinition.callerNameAttribute(), callerName, ldapIdentityStoreDefinition.callerBaseDn()); } else { callerDn = searchCaller(searchContext, callerName); } return callerDn; }
private LdapContext createSearchLdapContext() { try { return createLdapContext( ldapIdentityStoreDefinition.url(), ldapIdentityStoreDefinition.bindDn(), ldapIdentityStoreDefinition.bindDnPassword()); } catch (AuthenticationException e) { throw new IdentityStoreConfigurationException("Bad bindDn or bindPassword for: " + ldapIdentityStoreDefinition.bindDn(), e); } }
private SearchControls getCallerSearchControls() { SearchControls controls = new SearchControls(); controls.setSearchScope(convertScopeValue(ldapIdentityStoreDefinition.callerSearchScope())); controls.setCountLimit((long)ldapIdentityStoreDefinition.maxResults()); controls.setTimeLimit(ldapIdentityStoreDefinition.readTimeout()); return controls; }
public Void run() { for (IdentityStore authorizationIdentityStore : authorizationIdentityStores) { groups.addAll(authorizationIdentityStore.getCallerGroups(finalResult)); } return null; } });
private LdapContext createCallerLdapContext(String bindDn, String bindDnPassword) { try { return createLdapContext( ldapIdentityStoreDefinition.url(), bindDn, bindDnPassword); } catch (AuthenticationException e) { return null; } }
@Override public AuthenticationStatus notifyContainerAboutLogin(CredentialValidationResult result) { if (result.getStatus() == VALID) { return notifyContainerAboutLogin( result.getCallerPrincipal(), result.getCallerGroups()); } return SEND_FAILURE; }
public static boolean hasAnyELExpression(DatabaseIdentityStoreDefinition in) { return AnnotationELPProcessor.hasAnyELExpression( in.dataSourceLookup(), in.callerQuery(), in.groupsQuery(), in.priorityExpression(), in.useForExpression() ); }
@Override public Set<String> getCallerGroups(CredentialValidationResult validationResult) { SecurityManager securityManager = System.getSecurityManager(); if (securityManager != null) { securityManager.checkPermission(new IdentityStorePermission("getGroups")); } DataSource dataSource = getDataSource(); return new HashSet<>(executeQuery( dataSource, dataBaseIdentityStoreDefinition.groupsQuery(), validationResult.getCallerPrincipal().getName()) ); }
@Override public int priority() { return ldapIdentityStoreDefinition.priority(); }
@Override public int priority() { return dataBaseIdentityStoreDefinition.priority(); }
public Void run() { for (IdentityStore authorizationIdentityStore : authorizationIdentityStores) { groups.addAll(authorizationIdentityStore.getCallerGroups(finalResult)); } return null; } });
private LdapContext createCallerLdapContext(String bindDn, String bindDnPassword) { try { return createLdapContext( ldapIdentityStoreDefinition.url(), bindDn, bindDnPassword); } catch (AuthenticationException e) { return null; } }