public Essence(LdapUserDetails copyMe) { setDn(copyMe.getDn()); setAttributes(copyMe.getAttributes()); setUsername(copyMe.getUsername()); setPassword(copyMe.getPassword()); setEnabled(copyMe.isEnabled()); setAccountNonExpired(copyMe.isAccountNonExpired()); setCredentialsNonExpired(copyMe.isCredentialsNonExpired()); setAccountNonLocked(copyMe.isAccountNonLocked()); setControls(copyMe.getControls()); setAuthorities(copyMe.getAuthorities()); }
LdapUserDetailsImpl createTarget() { return new LdapUserDetailsImpl(); }
public LdapUserDetails createUserDetails() { //TODO: Validation of properties Assert.notNull(instance, "Essence can only be used to create a single instance"); instance.authorities = getGrantedAuthorities(); LdapUserDetails newInstance = instance; instance = null; return newInstance; }
public LdapUserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { try { LdapUserDetails ldapUser = ldapSearch.searchForUser(username); // LdapUserSearch does not populate granted authorities (group search). // Add those, as done in LdapAuthenticationProvider.createUserDetails(). if (ldapUser != null) { LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser); // intern attributes Attributes v = ldapUser.getAttributes(); if (v instanceof BasicAttributes) {// BasicAttributes.equals is what makes the interning possible Attributes vv = (Attributes)attributesCache.get(v); if (vv==null) attributesCache.put(v,vv=v); user.setAttributes(vv); } GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser); for (GrantedAuthority extraAuthority : extraAuthorities) { user.addAuthority(extraAuthority); } ldapUser = user.createUserDetails(); } return ldapUser; } catch (LdapDataAccessException e) { LOGGER.log(Level.WARNING, "Failed to search LDAP for username="+username,e); throw new UserMayOrMayNotExistException(e.getMessage(),e); } } }
public Object mapAttributes(String dn, Attributes attributes) throws NamingException { LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence(); essence.setDn(dn); essence.setAttributes(attributes); Attribute passwordAttribute = attributes.get(passwordAttributeName); if (passwordAttribute != null) { essence.setPassword(mapPassword(passwordAttribute)); } // Map the roles for (int i = 0; (roleAttributes != null) && (i < roleAttributes.length); i++) { Attribute roleAttribute = attributes.get(roleAttributes[i]); if (roleAttribute == null) { logger.debug("Couldn't read role attribute '" + roleAttributes[i] + "' for user " + dn); continue; } NamingEnumeration attributeRoles = roleAttribute.getAll(); while (attributeRoles.hasMore()) { GrantedAuthority authority = createAuthority(attributeRoles.next()); if (authority != null) { essence.addAuthority(authority); } else { logger.debug("Failed to create an authority value from attribute with Id: " + roleAttribute.getID()); } } } return essence; }
/** * Creates the final <tt>UserDetails</tt> object that will be returned by the provider once the user has * been authenticated.<p>The <tt>LdapAuthoritiesPopulator</tt> will be used to create the granted * authorites for the user.</p> * <p>Can be overridden to customize the creation of the final UserDetails instance. The default will * merge any additional authorities retrieved from the populator with the propertis of original <tt>ldapUser</tt> * object and set the values of the username and password.</p> * * @param ldapUser The intermediate LdapUserDetails instance returned by the authenticator. * @param username the username submitted to the provider * @param password the password submitted to the provider * * @return The UserDetails for the successfully authenticated user. */ protected UserDetails createUserDetails(LdapUserDetails ldapUser, String username, String password) { LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser); user.setUsername(username); user.setPassword(password); GrantedAuthority[] extraAuthorities = getAuthoritiesPopulator().getGrantedAuthorities(ldapUser); for (int i = 0; i < extraAuthorities.length; i++) { user.addAuthority(extraAuthorities[i]); } return user.createUserDetails(); }
LdapUserDetailsImpl.Essence userEssence = (LdapUserDetailsImpl.Essence) ldapTemplate.retrieveEntry(userDn, getUserDetailsMapper(), getUserAttributes()); userEssence.setUsername(username); user = userEssence.createUserDetails(); String retrievedPassword = user.getPassword(); byte[] passwordBytes = LdapUtils.getUtf8Bytes(encodedPassword); if (!ldapTemplate.compare(user.getDn(), passwordAttributeName, passwordBytes)) { throw new BadCredentialsException(messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
/** * Obtains the authorities for the user who's directory entry is represented by * the supplied LdapUserDetails object. * * @param userDetails the user who's authorities are required * @return the set of roles granted to the user. */ public final GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) { String userDn = userDetails.getDn(); if (logger.isDebugEnabled()) { logger.debug("Getting authorities for user " + userDn); } Set roles = getGroupMembershipRoles(userDn, userDetails.getUsername()); // Temporary use of deprecated method Set oldGroupRoles = getGroupMembershipRoles(userDn, userDetails.getAttributes()); if (oldGroupRoles != null) { roles.addAll(oldGroupRoles); } Set extraRoles = getAdditionalRoles(userDetails); if (extraRoles != null) { roles.addAll(extraRoles); } if (defaultRole != null) { roles.add(defaultRole); } return (GrantedAuthority[]) roles.toArray(new GrantedAuthority[roles.size()]); }
/** * Get the principals of the logged in user, in this case the distinguished * name. * * @return the distinguished name of the logged in user. */ public String getPrincipal() { Authentication authentication = SecurityContextHolder.getContext() .getAuthentication(); if (authentication != null) { Object principal = authentication.getPrincipal(); if (!(principal instanceof LdapUserDetails)) { throw new IllegalArgumentException( "The principal property of the authentication object -" + "needs to be a LdapUserDetails."); } else { LdapUserDetails details = (LdapUserDetails) principal; return details.getDn(); } } else { log.warn("No Authentication object set in SecurityContext - " + "returning empty String as Principal"); return ""; } }
private LdapUserDetails bindWithDn(String userDn, String username, String password) { LdapTemplate template = new LdapTemplate(getInitialDirContextFactory(), userDn, password); try { LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) template.retrieveEntry(userDn, getUserDetailsMapper(), getUserAttributes()); user.setUsername(username); user.setPassword(password); return user.createUserDetails(); } catch (BadCredentialsException e) { // This will be thrown if an invalid user name is used and the method may // be called multiple times to try different names, so we trap the exception // unless a subclass wishes to implement more specialized behaviour. handleBindException(userDn, username, e.getCause()); } return null; }
/** * Return the LdapUserDetails containing the user's information * * @param username the username to search for. * * @return An LdapUserDetails object containing the details of the located user's directory entry * * @throws UsernameNotFoundException if no matching entry is found. */ public LdapUserDetails searchForUser(String username) { if (logger.isDebugEnabled()) { logger.debug("Searching for user '" + username + "', with user search " + this.toString()); } LdapTemplate template = new LdapTemplate(initialDirContextFactory); template.setSearchControls(searchControls); try { LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) template.searchForSingleEntry(searchBase, searchFilter, new String[] {username}, userDetailsMapper); user.setUsername(username); return user.createUserDetails(); } catch (IncorrectResultSizeDataAccessException notFound) { if (notFound.getActualSize() == 0) { throw new UsernameNotFoundException("User " + username + " not found in directory."); } // Search should never return multiple results if properly configured, so just rethrow throw notFound; } }
public String findMailAddressFor(User u) { // LDAP not active SecurityRealm realm = Hudson.getInstance().getSecurityRealm(); if(!(realm instanceof LDAPSecurityRealm)) return null; try { LdapUserDetails details = (LdapUserDetails)realm.getSecurityComponents().userDetails.loadUserByUsername(u.getId()); Attribute mail = details.getAttributes().get("mail"); if(mail==null) return null; // not found return (String)mail.get(); } catch (UsernameNotFoundException e) { LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e); return null; } catch (DataAccessException e) { LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e); return null; } catch (NamingException e) { LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e); return null; } catch (AcegiSecurityException e) { LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e); return null; } } }
public LdapUserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { try { LdapUserDetails ldapUser = ldapSearch.searchForUser(username); // LdapUserSearch does not populate granted authorities (group search). // Add those, as done in LdapAuthenticationProvider.createUserDetails(). if (ldapUser != null) { LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser); // intern attributes Attributes v = ldapUser.getAttributes(); if (v instanceof BasicAttributes) {// BasicAttributes.equals is what makes the interning possible Attributes vv = (Attributes)attributesCache.get(v); if (vv==null) attributesCache.put(v,vv=v); user.setAttributes(vv); } GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser); for (GrantedAuthority extraAuthority : extraAuthorities) { user.addAuthority(extraAuthority); } ldapUser = user.createUserDetails(); } return ldapUser; } catch (LdapDataAccessException e) { LOGGER.log(Level.WARNING, "Failed to search LDAP for username="+username,e); throw new UserMayOrMayNotExistException(e.getMessage(),e); } } }
/** * Get the principals of the logged in user, in this case the distinguished * name. * * @return the distinguished name of the logged in user. */ public String getPrincipal() { Authentication authentication = SecurityContextHolder.getContext() .getAuthentication(); if (authentication != null) { Object principal = authentication.getPrincipal(); if (!(principal instanceof LdapUserDetails)) { throw new IllegalArgumentException( "The principal property of the authentication object -" + "needs to be a LdapUserDetails."); } else { LdapUserDetails details = (LdapUserDetails) principal; return details.getDn(); } } else { log.warn("No Authentication object set in SecurityContext - " + "returning empty String as Principal"); return ""; } }
public String findMailAddressFor(User u) { // LDAP not active SecurityRealm realm = Hudson.getInstance().getSecurityRealm(); if(!(realm instanceof LDAPSecurityRealm)) return null; try { LdapUserDetails details = (LdapUserDetails)realm.getSecurityComponents().userDetails.loadUserByUsername(u.getId()); Attribute mail = details.getAttributes().get("mail"); if(mail==null) return null; // not found return (String)mail.get(); } catch (UsernameNotFoundException e) { LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e); return null; } catch (DataAccessException e) { LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e); return null; } catch (NamingException e) { LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e); return null; } catch (AcegiSecurityException e) { LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e); return null; } } }
public LdapUserDetails authenticate(String username, String password) { LdapUserDetails user = null; // If DN patterns are configured, try authenticating with them directly Iterator dns = getUserDns(username).iterator(); while (dns.hasNext() && (user == null)) { user = bindWithDn((String) dns.next(), username, password); } // Otherwise use the configured locator to find the user // and authenticate with the returned DN. if ((user == null) && (getUserSearch() != null)) { LdapUserDetails userFromSearch = getUserSearch().searchForUser(username); user = bindWithDn(userFromSearch.getDn(), username, password); } if (user == null) { throw new BadCredentialsException( messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials")); } return user; }