use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl in project ldapsdk by pingidentity.
the class LDAPModify method getBindControls.
/**
* {@inheritDoc}
*/
@Override()
@NotNull()
protected List<Control> getBindControls() {
final ArrayList<Control> bindControls = new ArrayList<>(10);
if (bindControl.isPresent()) {
bindControls.addAll(bindControl.getValues());
}
if (authorizationIdentity.isPresent()) {
bindControls.add(new AuthorizationIdentityRequestControl(false));
}
if (getAuthorizationEntryAttribute.isPresent()) {
bindControls.add(new GetAuthorizationEntryRequestControl(true, true, getAuthorizationEntryAttribute.getValues()));
}
if (getRecentLoginHistory.isPresent()) {
bindControls.add(new GetRecentLoginHistoryRequestControl());
}
if (getUserResourceLimits.isPresent()) {
bindControls.add(new GetUserResourceLimitsRequestControl());
}
if (usePasswordPolicyControl.isPresent()) {
bindControls.add(new PasswordPolicyRequestControl());
}
if (suppressOperationalAttributeUpdates.isPresent()) {
final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
for (final String s : suppressOperationalAttributeUpdates.getValues()) {
if (s.equalsIgnoreCase("last-access-time")) {
suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
} else if (s.equalsIgnoreCase("last-login-time")) {
suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
} else if (s.equalsIgnoreCase("last-login-ip")) {
suppressTypes.add(SuppressType.LAST_LOGIN_IP);
}
}
bindControls.add(new SuppressOperationalAttributeUpdateRequestControl(suppressTypes));
}
return bindControls;
}
use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl in project ldapsdk by pingidentity.
the class LDAPSearch method getBindControls.
/**
* {@inheritDoc}
*/
@Override()
@NotNull()
protected List<Control> getBindControls() {
final ArrayList<Control> bindControls = new ArrayList<>(10);
if (bindControl.isPresent()) {
bindControls.addAll(bindControl.getValues());
}
if (authorizationIdentity.isPresent()) {
bindControls.add(new AuthorizationIdentityRequestControl(false));
}
if (getAuthorizationEntryAttribute.isPresent()) {
bindControls.add(new GetAuthorizationEntryRequestControl(true, true, getAuthorizationEntryAttribute.getValues()));
}
if (getRecentLoginHistory.isPresent()) {
bindControls.add(new GetRecentLoginHistoryRequestControl());
}
if (getUserResourceLimits.isPresent()) {
bindControls.add(new GetUserResourceLimitsRequestControl());
}
if (usePasswordPolicyControl.isPresent()) {
bindControls.add(new PasswordPolicyRequestControl());
}
if (suppressOperationalAttributeUpdates.isPresent()) {
final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
for (final String s : suppressOperationalAttributeUpdates.getValues()) {
if (s.equalsIgnoreCase("last-access-time")) {
suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
} else if (s.equalsIgnoreCase("last-login-time")) {
suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
} else if (s.equalsIgnoreCase("last-login-ip")) {
suppressTypes.add(SuppressType.LAST_LOGIN_IP);
}
}
bindControls.add(new SuppressOperationalAttributeUpdateRequestControl(suppressTypes));
}
return bindControls;
}
use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl in project ssam by pingidentity.
the class LDAPAuthenticationProvider method authenticate.
/**
* {@inheritDoc}
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String searchBindFilter = settings.getSearchBindFilter();
User userDetails = null;
BindRequest request = null;
// Get the username and password, making sure they're not empty
String username = authentication.getName();
String password = (String) authentication.getCredentials();
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
throw new BadCredentialsException("Username and password must be provided");
}
// If a filter is available, perform 'Search and Bind'
if (StringUtils.isNotEmpty(searchBindFilter)) {
Entry entry;
String filter = searchBindFilter.replace("$0", username);
try {
entry = pool.searchForEntry(settings.getBaseDN(), SearchScope.SUB, Filter.create(filter));
if (entry == null) {
throw new BadCredentialsException("Invalid credentials for user: " + username);
}
} catch (LDAPSearchException e) {
throw new BadCredentialsException("An exception occurred while searching" + " for user: " + username, e);
} catch (LDAPException e) {
throw new BadCredentialsException("The filter string cannot be decoded " + "as a valid search filter for user: " + username, e);
}
// Obtain the bind DN and try to bind, retaining the identity of the
// pooled connection
request = new SimpleBindRequest(entry.getDN(), password, new RetainIdentityRequestControl());
userDetails = new LDAPUser(entry.getDN(), username, password, EMPTY_AUTHORITIES);
} else {
// Construct a SASL PLAIN Bind Request since no filter is available for
// 'Search and Bind'
request = new PLAINBindRequest("u:" + username, password, new GetAuthorizationEntryRequestControl(false, true, "1.1"), new RetainIdentityRequestControl());
}
try {
BindResult result = pool.bind(request);
// Use a Response Control to obtain a DN for the authentication token
if (request instanceof PLAINBindRequest) {
GetAuthorizationEntryResponseControl responseControl = GetAuthorizationEntryResponseControl.get(result);
if (responseControl == null) {
// No entry returned, User will be used for the authentication token
userDetails = new User(username, password, EMPTY_AUTHORITIES);
} else {
// Entry returned, LDAPUser will be used for the authentication token
userDetails = new LDAPUser(responseControl.getAuthZEntry().getDN(), username, password, EMPTY_AUTHORITIES);
}
}
} catch (LDAPException e) {
throw new BadCredentialsException("Invalid credentials for user: " + username, e);
}
// Construct the authentication token and return it
return new UsernamePasswordAuthenticationToken(userDetails, password, EMPTY_AUTHORITIES);
}
Aggregations