@Override protected String getUserDn(final String principal) throws IllegalArgumentException, IllegalStateException { if (dnSearchFilter != null) { return findUserDN(principal, getContextFactory()); } else { // Use template return super.getUserDn(principal); } }
@Test public void testGetUserDnWithOutPrefixAndSuffix() { JndiLdapRealm realm = new JndiLdapRealm() { @Override protected String getUserDnPrefix() { return null; } @Override protected String getUserDnSuffix() { return null; } }; String principal = "foo"; String userDn = realm.getUserDn(principal); assertEquals(principal, userDn); } }
protected void initializeLDAP(String ldapUrl, String systemUser, String systemUserPassword, String userNameTemplate) { JndiLdapContextFactory jndiLdapContextFactory = new JndiLdapContextFactory(); jndiLdapContextFactory.setUrl(ldapUrl); jndiLdapContextFactory.setSystemUsername(systemUser); jndiLdapContextFactory.setSystemPassword(systemUserPassword); ldapRealm = new JndiLdapRealm(); ldapRealm.setContextFactory(jndiLdapContextFactory); ldapRealm.setUserDnTemplate(userNameTemplate); ldapRealm.init(); } }
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { try { final String username = getUsername(token); logIncomingConnection(username); return super.doGetAuthenticationInfo(token); } catch (ClassCastException e) { LOG.info("Couldn't service the LDAP connection", e); } return null; }
throw new IllegalArgumentException("User principal cannot be null or empty for User DN construction."); String prefix = getUserDnPrefix(); String suffix = getUserDnSuffix(); if (prefix == null && suffix == null) { log.debug("userDnTemplate property has not been configured, indicating the submitted " +
protected DefaultLdapRealm getNewRealmUnderTest() { return new JndiLdapRealm(); }
@Override public String getUserDnSuffix() { return super.getUserDnSuffix(); }
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { AuthorizationInfo info; try { info = queryForAuthorizationInfo(principals, getContextFactory()); } catch (NamingException e) { String msg = "LDAP naming error while attempting to retrieve authorization for user [" + principals + "]."; throw new AuthorizationException(msg, e); } return info; }
/** * Delegates to {@link #queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, LdapContextFactory)}, * wrapping any {@link NamingException}s in a Shiro {@link AuthenticationException} to satisfy the parent method * signature. * * @param token the authentication token containing the user's principal and credentials. * @return the {@link AuthenticationInfo} acquired after a successful authentication attempt * @throws AuthenticationException if the authentication attempt fails or if a * {@link NamingException} occurs. */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { AuthenticationInfo info; try { info = queryForAuthenticationInfo(token, getContextFactory()); } catch (javax.naming.AuthenticationException e) { throw new AuthenticationException("LDAP authentication failed.", e); } catch (NamingException e) { String msg = "LDAP naming error while attempting to authenticate user."; throw new AuthenticationException(msg, e); } return info; }
principal = getLdapPrincipal(token); ctx = ldapContextFactory.getLdapContext(principal, credentials); return createAuthenticationInfo(token, principal, credentials, ctx); } finally { LdapUtils.closeContext(ctx);
public boolean authenticate(String userName, Object credentials) throws UserStoreException { AuthenticationToken authenticationToken = new UsernamePasswordToken(userName, passwordDigester.getPasswordHashValue((String) credentials)); AuthenticationInfo authenticationInfo; try { authenticationInfo = ldapRealm.getAuthenticationInfo(authenticationToken); } catch (AuthenticationException e) { log.warn(e.getLocalizedMessage(), e); return false; } return authenticationInfo != null; }
Object ldapCredentials, LdapContext ldapContext) throws NamingException { return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName());
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { // Delegates all AuthN lookup responsibility to the super class try { final String username = getUsername(token); logIncomingConnection(username); return super.doGetAuthenticationInfo(token); } catch (ClassCastException e) { LOG.info("Couldn't service the LDAP connection", e); } return null; }
/** * Returns the User Distinguished Name (DN) template to use when creating User DNs at runtime - see the * {@link #setUserDnTemplate(String) setUserDnTemplate} JavaDoc for a full explanation. * * @return the User Distinguished Name (DN) template to use when creating User DNs at runtime. */ public String getUserDnTemplate() { return getUserDn(USERDN_SUBSTITUTION_TOKEN); }
@Override //KNOX-534 overriding this method to be able to audit authentication exceptions protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws org.apache.shiro.authc.AuthenticationException { try { return super.doGetAuthenticationInfo(token); } catch ( org.apache.shiro.authc.AuthenticationException e ) { auditor.audit( Action.AUTHENTICATION , token.getPrincipal().toString(), ResourceType.PRINCIPAL, ActionOutcome.FAILURE, e.getMessage() ); ShiroLog.failedLoginInfo(token); ShiroLog.failedLoginStackTrace(e); ShiroLog.failedLoginAttempt(e.getCause()); throw e; } }
/** * Returns the principal to use when creating the LDAP connection for an authentication attempt. * <p/> * This implementation uses a heuristic: it checks to see if the specified token's * {@link AuthenticationToken#getPrincipal() principal} is a {@code String}, and if so, * {@link #getUserDn(String) converts it} from what is * assumed to be a raw uid or username {@code String} into a User DN {@code String}. Almost all LDAP directories * expect the authentication connection to present a User DN and not an unqualified username or uid. * <p/> * If the token's {@code principal} is not a String, it is assumed to already be in the format supported by the * underlying {@link LdapContextFactory} implementation and the raw principal is returned directly. * * @param token the {@link AuthenticationToken} submitted during the authentication process * @return the User DN or raw principal to use to acquire the LdapContext. * @see LdapContextFactory#getLdapContext(Object, Object) */ protected Object getLdapPrincipal(AuthenticationToken token) { Object principal = token.getPrincipal(); if (principal instanceof String) { String sPrincipal = (String) principal; return getUserDn(sPrincipal); } return principal; }
@Override protected String getUserDn(final String principal) throws IllegalArgumentException, IllegalStateException { if (dnSearchFilter != null) { return findUserDN(principal, getContextFactory()); } else { // Use template return super.getUserDn(principal); } }