@Test public void testGetSystemLdapContext() throws NamingException { factory = new JndiLdapContextFactory() { @Override protected LdapContext createLdapContext(Hashtable env) throws NamingException { assertEquals("ldap://localhost:389", env.get(Context.PROVIDER_URL)); assertEquals("foo", env.get(Context.SECURITY_PRINCIPAL)); assertEquals("bar", env.get(Context.SECURITY_CREDENTIALS)); assertEquals("simple", env.get(Context.SECURITY_AUTHENTICATION)); assertNotNull(env.get(SUN_CONNECTION_POOLING_PROPERTY)); return createNiceMock(LdapContext.class); } }; factory.setSystemUsername("foo"); factory.setSystemPassword("bar"); factory.setUrl("ldap://localhost:389"); factory.getSystemLdapContext(); }
IllegalStateException { String url = getUrl(); if (url == null) { throw new IllegalStateException("An LDAP URL must be specified of the form ldap://<hostname>:<port>"); Object authcMech = getAuthenticationMechanism(); if (authcMech == null && (principal != null || credentials != null)) { boolean pooling = isPoolingConnections(principal); if (pooling) { env.put(SUN_CONNECTION_POOLING_PROPERTY, "true"); validateAuthenticationInfo(env); return createLdapContext(env);
@Test public void testCustomEnvironment() { Map<String, String> map = new HashMap<String, String>(); map.put("foo", "bar"); factory.setEnvironment(map); assertEquals("bar", factory.getEnvironment().get("foo")); }
/** * This implementation delegates to {@link #getLdapContext(Object, Object)} using the * {@link #getSystemUsername() systemUsername} and {@link #getSystemPassword() systemPassword} properties as * arguments. * * @return the system LdapContext * @throws NamingException if there is a problem connecting to the LDAP directory */ public LdapContext getSystemLdapContext() throws NamingException { return getLdapContext((Object)getSystemUsername(), getSystemPassword()); }
/** * Default no-argument constructor that initializes the backing {@link #getEnvironment() environment template} with * the {@link #setContextFactoryClassName(String) contextFactoryClassName} equal to * {@code com.sun.jndi.ldap.LdapCtxFactory} (the Sun/Oracle default) and the default * {@link #setReferral(String) referral} behavior to {@code follow}. */ public JndiLdapContextFactory() { this.environment = new HashMap<String, Object>(); setContextFactoryClassName(DEFAULT_CONTEXT_FACTORY_CLASS_NAME); setReferral(DEFAULT_REFERRAL); poolingEnabled = true; }
contextFactory.getEnvironment().put("java.naming.ldap.factory.socket", SkipSSLCheckSocketFactory.class.getName()); contextFactory.getEnvironment().put("java.naming.referral", securityConfig.followShiroLDAPReferrals() ? "follow" : "ignore"); if (securityConfig.getShiroLDAPUrl() != null) { contextFactory.setUrl(securityConfig.getShiroLDAPUrl()); contextFactory.setSystemUsername(securityConfig.getShiroLDAPSystemUsername()); contextFactory.setSystemPassword(securityConfig.getShiroLDAPSystemPassword()); contextFactory.setAuthenticationMechanism(securityConfig.getShiroLDAPAuthenticationMechanism());
private void configureRealm( Config config ) JndiLdapContextFactory contextFactory = new JndiLdapContextFactory(); Map<String,Object> environment = contextFactory.getEnvironment(); Long connectionTimeoutMillis = config.get( SecuritySettings.ldap_connection_timeout ).toMillis(); Long readTimeoutMillis = config.get( SecuritySettings.ldap_read_timeout ).toMillis(); environment.put( JNDI_LDAP_CONNECT_TIMEOUT, connectionTimeoutMillis.toString() ); environment.put( JNDI_LDAP_READ_TIMEOUT, readTimeoutMillis.toString() ); contextFactory.setEnvironment( environment ); contextFactory.setUrl( parseLdapServerUrl( config.get( SecuritySettings.ldap_server ) ) ); contextFactory.setAuthenticationMechanism( config.get( SecuritySettings.ldap_authentication_mechanism ) ); contextFactory.setReferral( config.get( SecuritySettings.ldap_referral ) ); contextFactory.setSystemUsername( config.get( SecuritySettings.ldap_authorization_system_username ) ); contextFactory.setSystemPassword( config.get( SecuritySettings.ldap_authorization_system_password ) ); contextFactory.setPoolingEnabled( config.get( SecuritySettings.ldap_authorization_connection_pooling ) );
@Test public void testGetLdapContextDefault() throws NamingException { factory = new JndiLdapContextFactory() { @Override protected LdapContext createLdapContext(Hashtable env) throws NamingException { assertEquals("ldap://localhost:389", env.get(Context.PROVIDER_URL)); assertEquals("foo", env.get(Context.SECURITY_PRINCIPAL)); assertEquals("bar", env.get(Context.SECURITY_CREDENTIALS)); assertEquals("simple", env.get(Context.SECURITY_AUTHENTICATION)); assertNull(env.get(SUN_CONNECTION_POOLING_PROPERTY)); return createNiceMock(LdapContext.class); } }; factory.setUrl("ldap://localhost:389"); factory.getLdapContext((Object) "foo", "bar"); }
@Inject @SuppressWarnings("unchecked") public ConcordLdapContextFactory(LdapConfiguration cfg) { JndiLdapContextFactory f = new JndiLdapContextFactory() { @Override protected LdapContext createLdapContext(Hashtable env) throws NamingException { String url = cfg.getUrl(); if (url != null && url.startsWith("ldaps:")) { env.put("java.naming.ldap.factory.socket", TrustingSslSocketFactory.class.getName()); } return super.createLdapContext(env); } }; f.setUrl(cfg.getUrl()); f.setSystemUsername(cfg.getSystemUsername()); f.setSystemPassword(cfg.getSystemPassword()); f.setPoolingEnabled(true); this.delegate = f; }
@Test(expected = AuthenticationException.class) public void testEmptyCharArrayCredentials() throws NamingException { factory.setUrl("ldap://localhost:389"); factory.getLdapContext((Object)"jcoder", new char[0]); }
@Test public void testSetEnvironmentPropertyNull() { factory.setAuthenticationMechanism("MD5-DIGEST"); factory.setAuthenticationMechanism(null); assertNull(factory.getAuthenticationMechanism()); }
/** * Default no-argument constructor that defaults the internal {@link LdapContextFactory} instance to a * {@link JndiLdapContextFactory}. */ public DefaultLdapRealm() { //Credentials Matching is not necessary - the LDAP directory will do it automatically: setCredentialsMatcher(new AllowAllCredentialsMatcher()); //Any Object principal and Object credentials may be passed to the LDAP provider, so accept any token: setAuthenticationTokenClass(AuthenticationToken.class); this.contextFactory = new JndiLdapContextFactory(); }
@Override protected LdapContext createLdapContext(Hashtable env) throws NamingException { String url = cfg.getUrl(); if (url != null && url.startsWith("ldaps:")) { env.put("java.naming.ldap.factory.socket", TrustingSslSocketFactory.class.getName()); } return super.createLdapContext(env); } };
super.setSystemPassword( systemPass ); return; super.setSystemPassword( new String(password) ); } else { super.setSystemPassword("" ); LOG.aliasValueNotFound(clusterName, aliasName);
env.put( Context.INITIAL_CONTEXT_FACTORY, jndiLdapContextFactory.getContextFactoryClassName() ); env.put( Context.PROVIDER_URL, jndiLdapContextFactory.getUrl() ); jndiLdapContextFactory.getAuthenticationMechanism() ); ctx.addToEnvironment( Context.SECURITY_PRINCIPAL, principal ); ctx.addToEnvironment( Context.SECURITY_CREDENTIALS, credentials );
@Test public void testReferral() { String referral = "throw"; factory.setReferral(referral); assertEquals(referral, factory.getReferral()); }
/** * Deprecated - use {@link #getLdapContext(Object, Object)} instead. This will be removed before Apache Shiro 2.0. * * @param username the username to use when creating the connection. * @param password the password to use when creating the connection. * @return a {@code LdapContext} bound using the given username and password. * @throws javax.naming.NamingException if there is an error creating the context. * @deprecated the {@link #getLdapContext(Object, Object)} method should be used in all cases to ensure more than * String principals and credentials can be used. Shiro no longer calls this method - it will be * removed before the 2.0 release. */ @Deprecated public LdapContext getLdapContext(String username, String password) throws NamingException { return getLdapContext((Object) username, password); }
contextFactory.getEnvironment().put("java.naming.ldap.factory.socket", SkipSSLCheckSocketFactory.class.getName()); contextFactory.getEnvironment().put("java.naming.referral", securityConfig.followShiroLDAPReferrals() ? "follow" : "ignore"); if (securityConfig.getShiroLDAPUrl() != null) { contextFactory.setUrl(securityConfig.getShiroLDAPUrl()); contextFactory.setSystemUsername(securityConfig.getShiroLDAPSystemUsername()); contextFactory.setSystemPassword(securityConfig.getShiroLDAPSystemPassword()); contextFactory.setAuthenticationMechanism(securityConfig.getShiroLDAPAuthenticationMechanism());
/** * This is the only test that does not fake the JNDI environment. It is provided for 100% test coverage. * * @throws NamingException thrown because the host is always broken. */ @Test(expected = NamingException.class) public void testGetLdapContext() throws NamingException { factory = new JndiLdapContextFactory(); //garbage URL to test that the context is being created, but fails: String brokenHost = UUID.randomUUID().toString(); factory.setUrl("ldap://" + brokenHost + ":389"); factory.getLdapContext((Object) "foo", "bar"); }
@Test(expected = AuthenticationException.class) public void testEmptyStringCredentials() throws NamingException { factory.setUrl("ldap://localhost:389"); factory.getLdapContext((Object)"jcoder", ""); }