Example 1 with FilterBasedLdapUserSearch
use of org.springframework.security.ldap.search.FilterBasedLdapUserSearch in project gocd by gocd.
the class LdapUserSearch method searchForUser.
public DirContextOperations searchForUser(String username) {
SecurityConfig securityConfig = goConfigService.security();
if (!securityConfig.isSecurityEnabled()) {
return null;
}
LdapConfig ldapConfig = securityConfig.ldapConfig();
RuntimeException lastFoundException = null;
BaseConfig failedBaseConfig = null;
for (BaseConfig baseConfig : ldapConfig.getBasesConfig()) {
if (lastFoundException != null && !(lastFoundException instanceof BadCredentialsException)) {
logger.warn(String.format("The ldap configuration for search base '%s' is invalid", failedBaseConfig.getValue()), lastFoundException);
}
FilterBasedLdapUserSearch search = getFilterBasedLdapUserSearch(baseConfig.getValue(), ldapConfig.searchFilter());
search.setSearchSubtree(true);
// timeout after five seconds
search.setSearchTimeLimit(5000);
try {
return search.searchForUser(username);
} catch (UsernameNotFoundException e) {
failedBaseConfig = baseConfig;
lastFoundException = new BadCredentialsException("Bad credentials");
} catch (RuntimeException e) {
failedBaseConfig = baseConfig;
lastFoundException = e;
}
}
if (lastFoundException != null) {
throw lastFoundException;
}
throw new RuntimeException("No LDAP Search Bases are configured.");
}
Also used :
LdapConfig(com.thoughtworks.go.config.LdapConfig)
UsernameNotFoundException(org.springframework.security.userdetails.UsernameNotFoundException)
SecurityConfig(com.thoughtworks.go.config.SecurityConfig)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
BadCredentialsException(org.springframework.security.BadCredentialsException)
BaseConfig(com.thoughtworks.go.config.server.security.ldap.BaseConfig)
Example 2 with FilterBasedLdapUserSearch
use of org.springframework.security.ldap.search.FilterBasedLdapUserSearch in project gocd by gocd.
the class LdapUserSearchTest method shouldNotLogErrorsIfThereIsOnlyOneSearchBaseWhichIsInvalidWhenAuthenticating.
@Test
public void shouldNotLogErrorsIfThereIsOnlyOneSearchBaseWhichIsInvalidWhenAuthenticating() {
final FilterBasedLdapUserSearch filter1 = mock(FilterBasedLdapUserSearch.class);
LdapConfig ldapConfig = setLdapConfig(new BasesConfig(new BaseConfig("base1")));
doReturn(filter1).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().get(0).getValue(), ldapConfig.searchFilter());
RuntimeException runtimeException = new RuntimeException("Invalid search base");
when(filter1.searchForUser("username")).thenThrow(runtimeException);
thrown.expect(RuntimeException.class);
spy.searchForUser("username");
verify(logger, never()).warn(Matchers.<Object>any(), Matchers.<Throwable>any());
}
Also used :
LdapConfig(com.thoughtworks.go.config.LdapConfig)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
BasesConfig(com.thoughtworks.go.config.server.security.ldap.BasesConfig)
BaseConfig(com.thoughtworks.go.config.server.security.ldap.BaseConfig)
Test(org.junit.Test)
Example 3 with FilterBasedLdapUserSearch
use of org.springframework.security.ldap.search.FilterBasedLdapUserSearch in project gocd by gocd.
the class LdapUserSearchTest method shouldThrowBadCredentialsExceptionWhenNoUserFound_WithMultipleSearchBase.
@Test
public void shouldThrowBadCredentialsExceptionWhenNoUserFound_WithMultipleSearchBase() {
final FilterBasedLdapUserSearch filter1 = mock(FilterBasedLdapUserSearch.class);
final FilterBasedLdapUserSearch filter2 = mock(FilterBasedLdapUserSearch.class);
LdapConfig ldapConfig = setLdapConfig(new BasesConfig(new BaseConfig("base1"), new BaseConfig("base2")));
doReturn(filter1).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().get(0).getValue(), ldapConfig.searchFilter());
doReturn(filter2).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().get(1).getValue(), ldapConfig.searchFilter());
when(filter1.searchForUser("username")).thenThrow(new UsernameNotFoundException("User username not found in directory."));
when(filter2.searchForUser("username")).thenThrow(new UsernameNotFoundException("User username not found in directory."));
thrown.expect(BadCredentialsException.class);
thrown.expectMessage(is("Bad credentials"));
spy.searchForUser("username");
verify(filter1).searchForUser("username");
verify(filter2).searchForUser("username");
}
Also used :
LdapConfig(com.thoughtworks.go.config.LdapConfig)
UsernameNotFoundException(org.springframework.security.userdetails.UsernameNotFoundException)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
BasesConfig(com.thoughtworks.go.config.server.security.ldap.BasesConfig)
BaseConfig(com.thoughtworks.go.config.server.security.ldap.BaseConfig)
Test(org.junit.Test)
Example 4 with FilterBasedLdapUserSearch
use of org.springframework.security.ldap.search.FilterBasedLdapUserSearch in project gocd by gocd.
the class LdapUserSearchTest method shouldLogErrorsDueToInvalidSearchBaseWhenAuthenticating.
@Test
public void shouldLogErrorsDueToInvalidSearchBaseWhenAuthenticating() {
final FilterBasedLdapUserSearch filter1 = mock(FilterBasedLdapUserSearch.class);
final FilterBasedLdapUserSearch filter2 = mock(FilterBasedLdapUserSearch.class);
LdapConfig ldapConfig = setLdapConfig(new BasesConfig(new BaseConfig("base1"), new BaseConfig("base2")));
doReturn(filter1).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().get(0).getValue(), ldapConfig.searchFilter());
doReturn(filter2).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().get(1).getValue(), ldapConfig.searchFilter());
DirContextOperations foundUser = mock(DirContextOperations.class);
RuntimeException runtimeException = new RuntimeException("Invalid search base");
when(filter1.searchForUser("username")).thenThrow(runtimeException);
when(filter2.searchForUser("username")).thenReturn(foundUser);
assertThat(spy.searchForUser("username"), is(foundUser));
verify(filter1).searchForUser("username");
verify(filter2).searchForUser("username");
verify(logger).warn("The ldap configuration for search base 'base1' is invalid", runtimeException);
}
Also used :
LdapConfig(com.thoughtworks.go.config.LdapConfig)
DirContextOperations(org.springframework.ldap.core.DirContextOperations)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
BasesConfig(com.thoughtworks.go.config.server.security.ldap.BasesConfig)
BaseConfig(com.thoughtworks.go.config.server.security.ldap.BaseConfig)
Test(org.junit.Test)
Example 5 with FilterBasedLdapUserSearch
use of org.springframework.security.ldap.search.FilterBasedLdapUserSearch in project gocd by gocd.
the class LdapUserSearchTest method shouldReturnUserFoundInSecondSearchBase.
@Test
public void shouldReturnUserFoundInSecondSearchBase() {
final FilterBasedLdapUserSearch filter1 = mock(FilterBasedLdapUserSearch.class);
final FilterBasedLdapUserSearch filter2 = mock(FilterBasedLdapUserSearch.class);
LdapConfig ldapConfig = setLdapConfig(new BasesConfig(new BaseConfig("base1"), new BaseConfig("base2")));
doReturn(filter1).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().get(0).getValue(), ldapConfig.searchFilter());
doReturn(filter2).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().get(1).getValue(), ldapConfig.searchFilter());
when(filter1.searchForUser("username")).thenThrow(new UsernameNotFoundException("User username not found in directory."));
DirContextOperations foundUser = mock(DirContextOperations.class);
when(filter2.searchForUser("username")).thenReturn(foundUser);
assertThat(spy.searchForUser("username"), is(foundUser));
verify(filter1).searchForUser("username");
verify(filter2).searchForUser("username");
}
Also used :
LdapConfig(com.thoughtworks.go.config.LdapConfig)
UsernameNotFoundException(org.springframework.security.userdetails.UsernameNotFoundException)
DirContextOperations(org.springframework.ldap.core.DirContextOperations)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
BasesConfig(com.thoughtworks.go.config.server.security.ldap.BasesConfig)
BaseConfig(com.thoughtworks.go.config.server.security.ldap.BaseConfig)
Test(org.junit.Test)
Aggregations
FilterBasedLdapUserSearch (org.springframework.security.ldap.search.FilterBasedLdapUserSearch)14
LdapConfig (com.thoughtworks.go.config.LdapConfig)11
BaseConfig (com.thoughtworks.go.config.server.security.ldap.BaseConfig)11
Test (org.junit.Test)11
BasesConfig (com.thoughtworks.go.config.server.security.ldap.BasesConfig)10
DirContextOperations (org.springframework.ldap.core.DirContextOperations)7
UsernameNotFoundException (org.springframework.security.userdetails.UsernameNotFoundException)7
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
User (org.apache.atlas.web.model.User)2
LdapContextSource (org.springframework.ldap.core.support.LdapContextSource)2
Authentication (org.springframework.security.core.Authentication)2
GrantedAuthority (org.springframework.security.core.GrantedAuthority)2
UserDetails (org.springframework.security.core.userdetails.UserDetails)2
BindAuthenticator (org.springframework.security.ldap.authentication.BindAuthenticator)2
LdapAuthenticationProvider (org.springframework.security.ldap.authentication.LdapAuthenticationProvider)2
SecurityConfig (com.thoughtworks.go.config.SecurityConfig)1
BadCredentialsException (org.springframework.security.BadCredentialsException)1
AuthenticationException (org.springframework.security.core.AuthenticationException)1
DefaultSpringSecurityContextSource (org.springframework.security.ldap.DefaultSpringSecurityContextSource)1
ActiveDirectoryLdapAuthenticationProvider (org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider)1
