private String findUserDN(final String userName, final LdapContextFactory ldapContextFactory) { LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); final NamingEnumeration<SearchResult> usersFound = systemLdapCtx.search(searchBase, dnSearchFilter.replace(USERDN_SUBSTITUTION_TOKEN, userName), SUBTREE_SCOPE); return usersFound.hasMore() ? usersFound.next().getNameInNamespace() : null; } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); throw new IllegalArgumentException(ex); } catch (final NamingException e) { log.info("LDAP exception='{}'", e.getLocalizedMessage()); throw new IllegalArgumentException(e); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> findLDAPGroupsForUser(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return findLDAPGroupsForUser(username, systemLdapCtx); } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); return ImmutableSet.<String>of(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
/** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active directory LDAP context for the * groups that a user is a member of. The groups are then translated to role names by using the * configured {@link #groupRolesMap}. * <p/> * This implementation expects the <tt>principal</tt> argument to be a String username. * <p/> * Subclasses can override this method to determine authorization data (roles, permissions, etc) in a more * complex way. Note that this default implementation does not support permissions, only roles. * * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); } finally { LdapUtils.closeContext(ldapContext); } return buildAuthorizationInfo(roleNames); }
LdapUtils.closeContext(ctx);
/** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for the * specified username. This method binds to the LDAP server using the provided username and password - * which if successful, indicates that the password is correct. * <p/> * This method can be overridden by subclasses to query the LDAP server in a more complex way. * * @param token the authentication token provided by the user. * @param ldapContextFactory the factory used to build connections to the LDAP server. * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP. * @throws NamingException if any LDAP errors occur during the search. */ protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // Binds using the username and password provided by the user. LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(upToken.getUsername(), String.valueOf(upToken.getPassword())); } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
LdapUtils.closeContext(ctx);
/** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active directory LDAP context for the * groups that a user is a member of. The groups are then translated to role names by using the * configured {@link #groupRolesMap}. * <p/> * This implementation expects the <tt>principal</tt> argument to be a String username. * <p/> * Subclasses can override this method to determine authorization data (roles, permissions, etc) in a more * complex way. Note that this default implementation does not support permissions, only roles. * * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); } finally { LdapUtils.closeContext(ldapContext); } return buildAuthorizationInfo(roleNames); }
/** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for the * specified username. This method binds to the LDAP server using the provided username and password - * which if successful, indicates that the password is correct. * <p/> * This method can be overridden by subclasses to query the LDAP server in a more complex way. * * @param token the authentication token provided by the user. * @param ldapContextFactory the factory used to build connections to the LDAP server. * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP. * @throws NamingException if any LDAP errors occur during the search. */ protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // Binds using the username and password provided by the user. LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(upToken.getUsername(), String.valueOf(upToken.getPassword())); } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }
public LdapPrincipal getPrincipal(String username) throws NamingException { LdapContext ctx = null; try { ctx = ctxFactory.getSystemLdapContext(); return getPrincipal(ctx, username); } catch (Exception e) { log.warn("getPrincipal ['{}'] -> error while retrieving LDAP data: {}", username, e.getMessage(), e); throw e; } finally { LdapUtils.closeContext(ctx); } }
private Set<String> getRoles(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(username, systemLdapCtx); } catch (AuthenticationException ex) { // principal was not authenticated on LDAP return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private String findUserDN(final String userName, final LdapContextFactory ldapContextFactory) { LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); final NamingEnumeration<SearchResult> usersFound = systemLdapCtx.search(searchBase, dnSearchFilter.replace(USERDN_SUBSTITUTION_TOKEN, userName), SUBTREE_SCOPE); return usersFound.hasMore() ? usersFound.next().getNameInNamespace() : null; } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); throw new IllegalArgumentException(ex); } catch (final NamingException e) { log.info("LDAP exception='{}'", e.getLocalizedMessage()); throw new IllegalArgumentException(e); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> findLDAPGroupsForUser(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return findLDAPGroupsForUser(username, systemLdapCtx); } catch (final AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); return ImmutableSet.<String>of(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> findLDAPGroupsForUser(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return findLDAPGroupsForUser(username, systemLdapCtx); } catch (AuthenticationException ex) { log.info("LDAP authentication exception: " + ex.getLocalizedMessage()); return ImmutableSet.<String>of(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> getRoles(PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(principals, username, systemLdapCtx, ldapContextFactory); } catch (AuthenticationException e) { LOG.failedToGetSystemLdapConnection(e); return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private Set<String> getRoles(PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(principals, username, systemLdapCtx, ldapContextFactory); } catch (AuthenticationException e) { LOG.failedToGetSystemLdapConnection(e); return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
private void checkPasswordUsingBind(LdapContextFactory ldapContextFactory, String user, String pass) throws AuthenticationException { LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext(user, pass); } catch (javax.naming.AuthenticationException e) { throw new AuthenticationException("User '" + user + "' cannot be authenticated.", e); } catch (NamingException e) { throw new AuthenticationException("User '" + user + "' cannot be authenticated.", e); } finally { LdapUtils.closeContext(ctx); } }
@Override protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { AuthorizationInfo authorizationInfo = null; try { final String username = getUsername(principals); final LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); final Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); authorizationInfo = buildAuthorizationInfo(roleNames); } finally { LdapUtils.closeContext(ldapContext); } } catch (ClassCastException e) { LOG.error("Unable to extract a valid user", e); } return authorizationInfo; }
private void checkPasswordUsingBind( LdapContextFactory ldapContextFactory, String user, String pass ) throws AuthenticationException { LdapContext ctx = null; try { ctx = ldapContextFactory.getLdapContext( user, pass ); } catch ( javax.naming.AuthenticationException e ) { throw new AuthenticationException( "User '" + user + "' cannot be authenticated.", e ); } catch ( NamingException e ) { throw new AuthenticationException( "User '" + user + "' cannot be authenticated.", e ); } finally { LdapUtils.closeContext( ctx ); } }
protected AuthenticationInfo queryForAuthenticationInfoUsingStartTls( AuthenticationToken token, LdapContextFactory ldapContextFactory ) throws NamingException { Object principal = getLdapPrincipal(token); Object credentials = token.getCredentials(); LdapContext ctx = null; try { ctx = getLdapContextUsingStartTls( ldapContextFactory, principal, credentials ); return createAuthenticationInfo( token, principal, credentials, ctx ); } finally { LdapUtils.closeContext( ctx ); } }
@Nullable private AuthenticationInfo queryForAuthenticationInfo0( AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { final UsernamePasswordToken upToken = ensureUsernamePasswordToken(token); final String userDn = findUserDn(ldapContextFactory, upToken.getUsername()); if (userDn == null) { return null; } LdapContext ctx = null; try { // Binds using the username and password provided by the user. ctx = ldapContextFactory.getLdapContext(userDn, upToken.getPassword()); } catch (AuthenticationException e) { // According to this page, LDAP error code 49 (invalid credentials) is the only case where // AuthenticationException is raised: // - https://docs.oracle.com/javase/tutorial/jndi/ldap/exceptions.html // - com.sun.jndi.ldap.LdapCtx.mapErrorCode() return null; } finally { LdapUtils.closeContext(ctx); } return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword()); }