Example 1 with Attribute
use of javax.naming.directory.Attribute in project jetty.project by eclipse.
the class LdapLoginModule method getUserRoles.
/**
* attempts to get the users roles from the root context
* <p>
* NOTE: this is not an user authenticated operation
*
* @param dirContext
* @param username
* @return
* @throws LoginException
*/
private List<String> getUserRoles(DirContext dirContext, String username, Attributes attributes) throws LoginException, NamingException {
String rdnValue = username;
Attribute attribute = attributes.get(_userRdnAttribute);
if (attribute != null) {
try {
// switch to the value stored in the _userRdnAttribute if we can
rdnValue = (String) attribute.get();
} catch (NamingException e) {
}
}
String userDn = _userRdnAttribute + "=" + rdnValue + "," + _userBaseDn;
return getUserRolesByDn(dirContext, userDn);
}
Also used :
Attribute(javax.naming.directory.Attribute)
NamingException(javax.naming.NamingException)
Example 2 with Attribute
use of javax.naming.directory.Attribute in project jetty.project by eclipse.
the class LdapLoginModule method getUserRolesByDn.
private List<String> getUserRolesByDn(DirContext dirContext, String userDn) throws LoginException, NamingException {
List<String> roleList = new ArrayList<String>();
if (dirContext == null || _roleBaseDn == null || _roleMemberAttribute == null || _roleObjectClass == null) {
return roleList;
}
SearchControls ctls = new SearchControls();
ctls.setDerefLinkFlag(true);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctls.setReturningAttributes(new String[] { _roleNameAttribute });
String filter = "(&(objectClass={0})({1}={2}))";
Object[] filterArguments = { _roleObjectClass, _roleMemberAttribute, userDn };
NamingEnumeration<SearchResult> results = dirContext.search(_roleBaseDn, filter, filterArguments, ctls);
LOG.debug("Found user roles?: " + results.hasMoreElements());
while (results.hasMoreElements()) {
SearchResult result = (SearchResult) results.nextElement();
Attributes attributes = result.getAttributes();
if (attributes == null) {
continue;
}
Attribute roleAttribute = attributes.get(_roleNameAttribute);
if (roleAttribute == null) {
continue;
}
NamingEnumeration<?> roles = roleAttribute.getAll();
while (roles.hasMore()) {
roleList.add(roles.next().toString());
}
}
return roleList;
}
Also used :
Attribute(javax.naming.directory.Attribute)
ArrayList(java.util.ArrayList)
Attributes(javax.naming.directory.Attributes)
SearchControls(javax.naming.directory.SearchControls)
SearchResult(javax.naming.directory.SearchResult)
Example 3 with Attribute
use of javax.naming.directory.Attribute in project jetty.project by eclipse.
the class LdapLoginModule method getUserCredentials.
private String getUserCredentials(Attributes attributes) throws LoginException {
String ldapCredential = null;
Attribute attribute = attributes.get(_userPasswordAttribute);
if (attribute != null) {
try {
byte[] value = (byte[]) attribute.get();
ldapCredential = new String(value);
} catch (NamingException e) {
LOG.debug("no password available under attribute: " + _userPasswordAttribute);
}
}
LOG.debug("user cred is: " + ldapCredential);
return ldapCredential;
}
Also used :
Attribute(javax.naming.directory.Attribute)
NamingException(javax.naming.NamingException)
Example 4 with Attribute
use of javax.naming.directory.Attribute in project zeppelin by apache.
the class LdapRealm method rolesFor.
private Set<String> rolesFor(PrincipalCollection principals, String userNameIn, final LdapContext ldapCtx, final LdapContextFactory ldapContextFactory) throws NamingException {
final Set<String> roleNames = new HashSet<>();
final Set<String> groupNames = new HashSet<>();
final String userName;
if (getUserLowerCase()) {
log.debug("userLowerCase true");
userName = userNameIn.toLowerCase();
} else {
userName = userNameIn;
}
String userDn;
if (userSearchAttributeName == null || userSearchAttributeName.isEmpty()) {
// memberAttributeValuePrefix and memberAttributeValueSuffix
// were computed from memberAttributeValueTemplate
userDn = memberAttributeValuePrefix + userName + memberAttributeValueSuffix;
} else {
userDn = getUserDn(userName);
}
// Activate paged results
int pageSize = getPagingSize();
if (log.isDebugEnabled()) {
log.debug("Ldap PagingSize: " + pageSize);
}
int numResults = 0;
byte[] cookie = null;
try {
ldapCtx.addToEnvironment(Context.REFERRAL, "ignore");
ldapCtx.setRequestControls(new Control[] { new PagedResultsControl(pageSize, Control.NONCRITICAL) });
do {
// ldapsearch -h localhost -p 33389 -D
// uid=guest,ou=people,dc=hadoop,dc=apache,dc=org -w guest-password
// -b dc=hadoop,dc=apache,dc=org -s sub '(objectclass=*)'
NamingEnumeration<SearchResult> searchResultEnum = null;
SearchControls searchControls = getGroupSearchControls();
try {
if (groupSearchEnableMatchingRuleInChain) {
searchResultEnum = ldapCtx.search(getGroupSearchBase(), String.format(MATCHING_RULE_IN_CHAIN_FORMAT, groupObjectClass, memberAttribute, userDn), searchControls);
while (searchResultEnum != null && searchResultEnum.hasMore()) {
// searchResults contains all the groups in search scope
numResults++;
final SearchResult group = searchResultEnum.next();
Attribute attribute = group.getAttributes().get(getGroupIdAttribute());
String groupName = attribute.get().toString();
String roleName = roleNameFor(groupName);
if (roleName != null) {
roleNames.add(roleName);
} else {
roleNames.add(groupName);
}
}
} else {
searchResultEnum = ldapCtx.search(getGroupSearchBase(), "objectClass=" + groupObjectClass, searchControls);
while (searchResultEnum != null && searchResultEnum.hasMore()) {
// searchResults contains all the groups in search scope
numResults++;
final SearchResult group = searchResultEnum.next();
addRoleIfMember(userDn, group, roleNames, groupNames, ldapContextFactory);
}
}
} catch (PartialResultException e) {
log.debug("Ignoring PartitalResultException");
} finally {
if (searchResultEnum != null) {
searchResultEnum.close();
}
}
// Re-activate paged results
ldapCtx.setRequestControls(new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) });
} while (cookie != null);
} catch (SizeLimitExceededException e) {
log.info("Only retrieved first " + numResults + " groups due to SizeLimitExceededException.");
} catch (IOException e) {
log.error("Unabled to setup paged results");
}
// save role names and group names in session so that they can be
// easily looked up outside of this object
SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roleNames);
SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, groupNames);
if (!groupNames.isEmpty() && (principals instanceof MutablePrincipalCollection)) {
((MutablePrincipalCollection) principals).addAll(groupNames, getName());
}
if (log.isDebugEnabled()) {
log.debug("User RoleNames: " + userName + "::" + roleNames);
}
return roleNames;
}
Also used :
Attribute(javax.naming.directory.Attribute)
SearchResult(javax.naming.directory.SearchResult)
PartialResultException(javax.naming.PartialResultException)
IOException(java.io.IOException)
MutablePrincipalCollection(org.apache.shiro.subject.MutablePrincipalCollection)
SizeLimitExceededException(javax.naming.SizeLimitExceededException)
SearchControls(javax.naming.directory.SearchControls)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Example 5 with Attribute
use of javax.naming.directory.Attribute in project hadoop by apache.
the class LdapGroupsMapping method getGroupNames.
/* Helper function to get group name from search results.
*/
void getGroupNames(SearchResult groupResult, Collection<String> groups, Collection<String> groupDNs, boolean doGetDNs) throws NamingException {
Attribute groupName = groupResult.getAttributes().get(groupNameAttr);
if (groupName == null) {
throw new NamingException("The group object does not have " + "attribute '" + groupNameAttr + "'.");
}
groups.add(groupName.get().toString());
if (doGetDNs) {
groupDNs.add(groupResult.getNameInNamespace());
}
}
Also used :
Attribute(javax.naming.directory.Attribute)
NamingException(javax.naming.NamingException)
Aggregations
Attribute (javax.naming.directory.Attribute)288
Attributes (javax.naming.directory.Attributes)162
NamingException (javax.naming.NamingException)133
BasicAttribute (javax.naming.directory.BasicAttribute)97
SearchResult (javax.naming.directory.SearchResult)92
ArrayList (java.util.ArrayList)74
BasicAttributes (javax.naming.directory.BasicAttributes)64
NamingEnumeration (javax.naming.NamingEnumeration)56
SearchControls (javax.naming.directory.SearchControls)55
DirContext (javax.naming.directory.DirContext)46
InitialDirContext (javax.naming.directory.InitialDirContext)40
HashSet (java.util.HashSet)38
HashMap (java.util.HashMap)29
IOException (java.io.IOException)24
LdapName (javax.naming.ldap.LdapName)20
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)18
Hashtable (java.util.Hashtable)17
Map (java.util.Map)17
ModificationItem (javax.naming.directory.ModificationItem)17
List (java.util.List)15
