public AttributeMapping build() { if (name == null) { name = ldapName != null ? ldapName : (filter != null ? DEFAULT_FILTERED_NAME : DEFAULT_DN_NAME); } if (roleRecursionName == null) { roleRecursionName = ldapName != null ? ldapName : DEFAULT_ROLE_RECURSION_ATTRIBUTE; } return new AttributeMapping(searchDn, recursiveSearch, filter, reference, ldapName, name, rdn, roleRecursionDepth, roleRecursionName); } }
private Map<String, Collection<String>> extractFilteredAttributes(SearchResult identityEntry, DirContext context, DirContext identityContext) { return extractAttributes(AttributeMapping::isFilteredOrReference, mapping -> { Collection<String> values = mapping.getRoleRecursionDepth() == 0 ? new ArrayList<>() : new HashSet<>(); final String searchDn = mapping.getSearchDn() != null ? mapping.getSearchDn() : identityMapping.searchDn; for (int depth = 0; depth <= mapping.getRoleRecursionDepth() && ! toSearch.isEmpty(); depth++) { List<SearchResult> toSearchInNextLevel = new LinkedList<>(); for(SearchResult entry : toSearch) { final String entryDn = entry != null ? entry.getNameInNamespace() : null; if (mapping.getReference() != null && entry != null) { // reference forEachAttributeValue(entry, mapping.getReference(), value -> { LdapSearch search = new LdapSearch(value); extractFilteredAttributesFromSearch(search, entry, mapping, context, identityContext, values, toSearchInNextLevel); }); } else if (mapping.getReference() == null) { // filter if (depth == 0) { // roles of identity LdapSearch search = new LdapSearch(searchDn, mapping.getRecursiveSearch(), 0, mapping.getFilter(), name, entryDn); extractFilteredAttributesFromSearch(search, entry, mapping, context, identityContext, values, toSearchInNextLevel); } else if (entry != null) { // roles of role forEachAttributeValue(entry, mapping.getRoleRecursionName(), roleName -> { LdapSearch search = new LdapSearch(searchDn, mapping.getRecursiveSearch(), 0, mapping.getFilter(), roleName, entryDn); extractFilteredAttributesFromSearch(search, entry, mapping, context, identityContext, values, toSearchInNextLevel); });
if (mapping.getFilter() != null || mapping.getReference() != null || mapping.getRdn() != null) { // read-only mapping if (attributes.size(mapping.getName()) != 0) { log.ldapRealmDoesNotSupportSettingFilteredAttribute(mapping.getName(), name); } else if (identityMapping.rdnIdentifier.equalsIgnoreCase(mapping.getLdapName())) { // entry rename if (attributes.size(mapping.getName()) == 1) { renameTo = attributes.get(mapping.getName(), 0); } else { throw log.ldapRealmRequiresExactlyOneRdnAttribute(mapping.getName(), name); if (attributes.size(mapping.getName()) == 0) { BasicAttribute attribute = new BasicAttribute(mapping.getLdapName()); modItems.add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, attribute)); } else { BasicAttribute attribute = new BasicAttribute(mapping.getLdapName()); attributes.get(mapping.getName()).forEach(attribute::add); modItems.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)); if (identityMapping.attributes.stream().filter(mp -> mp.getName().equals(entry.getKey())).count() == 0) { throw log.ldapRealmCannotSetAttributeWithoutMapping(entry.getKey(), name);
private void extractFilteredAttributesFromSearch(LdapSearch search, SearchResult referencedEntry, AttributeMapping mapping, DirContext context, DirContext identityContext, Collection<String> identityAttributeValues, Collection<SearchResult> toSearchInNextLevel) { String referencedDn = referencedEntry != null ? referencedEntry.getNameInNamespace() : null; Set<String> attributes = new HashSet<>(); attributes.add(mapping.getLdapName()); attributes.add(mapping.getReference()); attributes.add(mapping.getRoleRecursionName()); search.setReturningAttributes(attributes); try (Stream<SearchResult> entries = search.search(mapping.searchInIdentityContext() ? identityContext : context)) { entries.forEach(entry -> { try { if (valuesFromAttribute(entry, mapping, identityAttributeValues)) { toSearchInNextLevel.add(entry); } } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }); } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }
if (mapping.getLdapName() == null) { String value = entry.getNameInNamespace(); if (mapping.getRdn() != null) { value = extractRdn(mapping, value); } else { Attributes entryAttributes = entry.getAttributes(); javax.naming.directory.Attribute ldapAttribute = entryAttributes.get(mapping.getLdapName()); if (ldapAttribute == null) return false; NamingEnumeration<?> attributesEnum = null; attributesEnum = ldapAttribute.getAll(); Stream<String> values = Collections.list(attributesEnum).stream().map(Object::toString); if (mapping.getRdn() != null) { values = values.map(val -> extractRdn(mapping, val)).filter(Objects::nonNull);
private String extractRdn(AttributeMapping mapping, final String dn) { String valueRdn = mapping.getRdn(); try { for (Rdn rdn : new LdapName(dn).getRdns()) { if (rdn.getType().equalsIgnoreCase(valueRdn)) { return rdn.getValue().toString(); } } } catch (Exception cause) { throw log.ldapRealmInvalidRdnForAttribute(mapping.getName(), dn, valueRdn, cause); } return null; }
private void extractFilteredAttributesFromSearch(LdapSearch search, SearchResult referencedEntry, AttributeMapping mapping, DirContext context, DirContext identityContext, Collection<String> identityAttributeValues, Collection<SearchResult> toSearchInNextLevel) { String referencedDn = referencedEntry != null ? referencedEntry.getNameInNamespace() : null; Set<String> attributes = new HashSet<>(); attributes.add(mapping.getLdapName()); attributes.add(mapping.getReference()); attributes.add(mapping.getRoleRecursionName()); search.setReturningAttributes(attributes); try (Stream<SearchResult> entries = search.search(mapping.searchInIdentityContext() ? identityContext : context)) { entries.forEach(entry -> { try { if (valuesFromAttribute(entry, mapping, identityAttributeValues)) { toSearchInNextLevel.add(entry); } } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }); } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }
private String extractRdn(AttributeMapping mapping, final String dn) { String valueRdn = mapping.getRdn(); try { for (Rdn rdn : new LdapName(dn).getRdns()) { if (rdn.getType().equalsIgnoreCase(valueRdn)) { return rdn.getValue().toString(); } } } catch (Exception cause) { throw log.ldapRealmInvalidRdnForAttribute(mapping.getName(), dn, valueRdn, cause); } return null; }
if (mapping.getLdapName() == null) { String value = entry.getNameInNamespace(); if (mapping.getRdn() != null) { value = extractRdn(mapping, value); } else { Attributes entryAttributes = entry.getAttributes(); javax.naming.directory.Attribute ldapAttribute = entryAttributes.get(mapping.getLdapName()); if (ldapAttribute == null) return false; NamingEnumeration<?> attributesEnum = null; attributesEnum = ldapAttribute.getAll(); Stream<String> values = Collections.list(attributesEnum).stream().map(Object::toString); if (mapping.getRdn() != null) { values = values.map(val -> extractRdn(mapping, val)).filter(Objects::nonNull);
private Map<String, Collection<String>> extractFilteredAttributes(SearchResult identityEntry, DirContext context, DirContext identityContext) { return extractAttributes(AttributeMapping::isFilteredOrReference, mapping -> { Collection<String> values = mapping.getRoleRecursionDepth() == 0 ? new ArrayList<>() : new HashSet<>(); final String searchDn = mapping.getSearchDn() != null ? mapping.getSearchDn() : identityMapping.searchDn; for (int depth = 0; depth <= mapping.getRoleRecursionDepth() && ! toSearch.isEmpty(); depth++) { List<SearchResult> toSearchInNextLevel = new LinkedList<>(); for(SearchResult entry : toSearch) { final String entryDn = entry != null ? entry.getNameInNamespace() : null; if (mapping.getReference() != null && entry != null) { // reference forEachAttributeValue(entry, mapping.getReference(), value -> { LdapSearch search = new LdapSearch(value); extractFilteredAttributesFromSearch(search, entry, mapping, context, identityContext, values, toSearchInNextLevel); }); } else if (mapping.getReference() == null) { // filter if (depth == 0) { // roles of identity LdapSearch search = new LdapSearch(searchDn, mapping.getRecursiveSearch(), 0, mapping.getFilter(), name, entryDn); extractFilteredAttributesFromSearch(search, entry, mapping, context, identityContext, values, toSearchInNextLevel); } else if (entry != null) { // roles of role forEachAttributeValue(entry, mapping.getRoleRecursionName(), roleName -> { LdapSearch search = new LdapSearch(searchDn, mapping.getRecursiveSearch(), 0, mapping.getFilter(), roleName, entryDn); extractFilteredAttributesFromSearch(search, entry, mapping, context, identityContext, values, toSearchInNextLevel); });
if (mapping.getFilter() != null || mapping.getReference() != null || mapping.getRdn() != null) { // read-only mapping if (attributes.size(mapping.getName()) != 0) { log.ldapRealmDoesNotSupportSettingFilteredAttribute(mapping.getName(), name); } else if (identityMapping.rdnIdentifier.equalsIgnoreCase(mapping.getLdapName())) { // entry rename if (attributes.size(mapping.getName()) == 1) { renameTo = attributes.get(mapping.getName(), 0); } else { throw log.ldapRealmRequiresExactlyOneRdnAttribute(mapping.getName(), name); if (attributes.size(mapping.getName()) == 0) { BasicAttribute attribute = new BasicAttribute(mapping.getLdapName()); modItems.add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, attribute)); } else { BasicAttribute attribute = new BasicAttribute(mapping.getLdapName()); attributes.get(mapping.getName()).forEach(attribute::add); modItems.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)); if (identityMapping.attributes.stream().filter(mp -> mp.getName().equals(entry.getKey())).count() == 0) { throw log.ldapRealmCannotSetAttributeWithoutMapping(entry.getKey(), name);
private void extractFilteredAttributesFromSearch(LdapSearch search, SearchResult referencedEntry, AttributeMapping mapping, DirContext context, DirContext identityContext, Collection<String> identityAttributeValues, Collection<SearchResult> toSearchInNextLevel) { String referencedDn = referencedEntry != null ? referencedEntry.getNameInNamespace() : null; Set<String> attributes = new HashSet<>(); attributes.add(mapping.getLdapName()); attributes.add(mapping.getReference()); attributes.add(mapping.getRoleRecursionName()); search.setReturningAttributes(attributes); try (Stream<SearchResult> entries = search.search(mapping.searchInIdentityContext() ? identityContext : context)) { entries.forEach(entry -> { try { if (valuesFromAttribute(entry, mapping, identityAttributeValues)) { toSearchInNextLevel.add(entry); } } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }); } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }
private String extractRdn(AttributeMapping mapping, final String dn) { String valueRdn = mapping.getRdn(); try { for (Rdn rdn : new LdapName(dn).getRdns()) { if (rdn.getType().equalsIgnoreCase(valueRdn)) { return rdn.getValue().toString(); } } } catch (Exception cause) { throw log.ldapRealmInvalidRdnForAttribute(mapping.getName(), dn, valueRdn, cause); } return null; }
if (mapping.getLdapName() == null) { String value = entry.getNameInNamespace(); if (mapping.getRdn() != null) { value = extractRdn(mapping, value); } else { Attributes entryAttributes = entry.getAttributes(); javax.naming.directory.Attribute ldapAttribute = entryAttributes.get(mapping.getLdapName()); if (ldapAttribute == null) return false; NamingEnumeration<?> attributesEnum = null; attributesEnum = ldapAttribute.getAll(); Stream<String> values = Collections.list(attributesEnum).stream().map(Object::toString); if (mapping.getRdn() != null) { values = values.map(val -> extractRdn(mapping, val)).filter(Objects::nonNull);
public AttributeMapping build() { if (name == null) { name = ldapName != null ? ldapName : (filter != null ? DEFAULT_FILTERED_NAME : DEFAULT_DN_NAME); } if (roleRecursionName == null) { roleRecursionName = ldapName != null ? ldapName : DEFAULT_ROLE_RECURSION_ATTRIBUTE; } return new AttributeMapping(searchDn, recursiveSearch, filter, reference, ldapName, name, rdn, roleRecursionDepth, roleRecursionName); } }
private Map<String, Collection<String>> extractFilteredAttributes(SearchResult identityEntry, DirContext context, DirContext identityContext) { return extractAttributes(AttributeMapping::isFilteredOrReference, mapping -> { Collection<String> values = mapping.getRoleRecursionDepth() == 0 ? new ArrayList<>() : new HashSet<>(); final String searchDn = mapping.getSearchDn() != null ? mapping.getSearchDn() : identityMapping.searchDn; for (int depth = 0; depth <= mapping.getRoleRecursionDepth() && ! toSearch.isEmpty(); depth++) { List<SearchResult> toSearchInNextLevel = new LinkedList<>(); for(SearchResult entry : toSearch) { final String entryDn = entry != null ? entry.getNameInNamespace() : null; if (mapping.getReference() != null && entry != null) { // reference forEachAttributeValue(entry, mapping.getReference(), value -> { LdapSearch search = new LdapSearch(value); extractFilteredAttributesFromSearch(search, entry, mapping, context, identityContext, values, toSearchInNextLevel); }); } else if (mapping.getReference() == null) { // filter if (depth == 0) { // roles of identity LdapSearch search = new LdapSearch(searchDn, mapping.getRecursiveSearch(), 0, mapping.getFilter(), name, entryDn); extractFilteredAttributesFromSearch(search, entry, mapping, context, identityContext, values, toSearchInNextLevel); } else if (entry != null) { // roles of role forEachAttributeValue(entry, mapping.getRoleRecursionName(), roleName -> { LdapSearch search = new LdapSearch(searchDn, mapping.getRecursiveSearch(), 0, mapping.getFilter(), roleName, entryDn); extractFilteredAttributesFromSearch(search, entry, mapping, context, identityContext, values, toSearchInNextLevel); });
if (mapping.getFilter() != null || mapping.getReference() != null || mapping.getRdn() != null) { // read-only mapping if (attributes.size(mapping.getName()) != 0) { log.ldapRealmDoesNotSupportSettingFilteredAttribute(mapping.getName(), name); } else if (identityMapping.rdnIdentifier.equalsIgnoreCase(mapping.getLdapName())) { // entry rename if (attributes.size(mapping.getName()) == 1) { renameTo = attributes.get(mapping.getName(), 0); } else { throw log.ldapRealmRequiresExactlyOneRdnAttribute(mapping.getName(), name); if (attributes.size(mapping.getName()) == 0) { BasicAttribute attribute = new BasicAttribute(mapping.getLdapName()); modItems.add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, attribute)); } else { BasicAttribute attribute = new BasicAttribute(mapping.getLdapName()); attributes.get(mapping.getName()).forEach(attribute::add); modItems.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)); if (identityMapping.attributes.stream().filter(mp -> mp.getName().equals(entry.getKey())).count() == 0) { throw log.ldapRealmCannotSetAttributeWithoutMapping(entry.getKey(), name);
private void extractFilteredAttributesFromSearch(LdapSearch search, SearchResult referencedEntry, AttributeMapping mapping, DirContext context, DirContext identityContext, Collection<String> identityAttributeValues, Collection<SearchResult> toSearchInNextLevel) { String referencedDn = referencedEntry != null ? referencedEntry.getNameInNamespace() : null; Set<String> attributes = new HashSet<>(); attributes.add(mapping.getLdapName()); attributes.add(mapping.getReference()); attributes.add(mapping.getRoleRecursionName()); search.setReturningAttributes(attributes); try (Stream<SearchResult> entries = search.search(mapping.searchInIdentityContext() ? identityContext : context)) { entries.forEach(entry -> { try { if (valuesFromAttribute(entry, mapping, identityAttributeValues)) { toSearchInNextLevel.add(entry); } } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }); } catch (Exception cause) { throw ElytronMessages.log.ldapRealmFailedObtainAttributes(referencedDn, cause); } }
private String extractRdn(AttributeMapping mapping, final String dn) { String valueRdn = mapping.getRdn(); try { for (Rdn rdn : new LdapName(dn).getRdns()) { if (rdn.getType().equalsIgnoreCase(valueRdn)) { return rdn.getValue().toString(); } } } catch (Exception cause) { throw log.ldapRealmInvalidRdnForAttribute(mapping.getName(), dn, valueRdn, cause); } return null; }
if (mapping.getLdapName() == null) { String value = entry.getNameInNamespace(); if (mapping.getRdn() != null) { value = extractRdn(mapping, value); } else { Attributes entryAttributes = entry.getAttributes(); javax.naming.directory.Attribute ldapAttribute = entryAttributes.get(mapping.getLdapName()); if (ldapAttribute == null) return false; NamingEnumeration<?> attributesEnum = null; attributesEnum = ldapAttribute.getAll(); Stream<String> values = Collections.list(attributesEnum).stream().map(Object::toString); if (mapping.getRdn() != null) { values = values.map(val -> extractRdn(mapping, val)).filter(Objects::nonNull);