@Override protected AuthorizationInfo queryForAuthorizationInfo(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final Set<String> userGroups = findLDAPGroupsForUser(principals, ldapContextFactory); final SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(userGroups); final Set<String> stringPermissions = groupsPermissions(userGroups); simpleAuthorizationInfo.setStringPermissions(stringPermissions); return simpleAuthorizationInfo; }
private Set<String> findLDAPGroupsForUser(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return findLDAPGroupsForUser(username, systemLdapCtx); } catch (AuthenticationException ex) { log.info("LDAP authentication exception: " + ex.getLocalizedMessage()); return ImmutableSet.<String>of(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
final ConfigSource customConfigSource = new SimplePropertyConfigSource(props); final SecurityConfig securityConfig = new ConfigurationObjectFactory(customConfigSource).build(SecurityConfig.class); final KillBillJndiLdapRealm ldapRealm = new KillBillJndiLdapRealm(securityConfig); final AuthenticationInfo authenticationInfo = ldapRealm.getAuthenticationInfo(token); System.out.println(authenticationInfo); final AuthorizationInfo authorizationInfo = ldapRealm.queryForAuthorizationInfo(principals, ldapRealm.getContextFactory()); System.out.println("Roles: " + authorizationInfo.getRoles()); System.out.println("Permissions: " + authorizationInfo.getStringPermissions());
setUserDnTemplate(securityConfig.getShiroLDAPUserDnTemplate()); final JndiLdapContextFactory contextFactory = (JndiLdapContextFactory) getContextFactory(); if (securityConfig.disableShiroLDAPSSLCheck()) { contextFactory.getEnvironment().put("java.naming.ldap.factory.socket", SkipSSLCheckSocketFactory.class.getName()); contextFactory.setAuthenticationMechanism(securityConfig.getShiroLDAPAuthenticationMechanism()); setContextFactory(contextFactory);
@Test(groups = "fast") public void testCheckConfiguration() throws Exception { // Test default configuration (see SecurityConfig) final Map<String, Collection<String>> permission = killBillJndiLdapRealm.getPermissionsByGroup(); Assert.assertEquals(permission.get("admin").size(), 1); Assert.assertEquals(permission.get("admin").iterator().next(), "*:*"); Assert.assertEquals(permission.get("finance").size(), 2); Assert.assertEquals(Sets.newHashSet(permission.get("finance")), Sets.newHashSet("invoice:*", "payment:*")); Assert.assertEquals(permission.get("support").size(), 2); Assert.assertEquals(Sets.newHashSet(permission.get("support")), Sets.newHashSet("entitlement:*", "invoice:item_adjust")); }