Search in sources :

Example 1 with GetAuthorizationEntryRequestControl

use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl in project ldapsdk by pingidentity.

the class LDAPModify method getBindControls.

/**
 * {@inheritDoc}
 */
@Override()
@NotNull()
protected List<Control> getBindControls() {
    final ArrayList<Control> bindControls = new ArrayList<>(10);
    if (bindControl.isPresent()) {
        bindControls.addAll(bindControl.getValues());
    }
    if (authorizationIdentity.isPresent()) {
        bindControls.add(new AuthorizationIdentityRequestControl(false));
    }
    if (getAuthorizationEntryAttribute.isPresent()) {
        bindControls.add(new GetAuthorizationEntryRequestControl(true, true, getAuthorizationEntryAttribute.getValues()));
    }
    if (getRecentLoginHistory.isPresent()) {
        bindControls.add(new GetRecentLoginHistoryRequestControl());
    }
    if (getUserResourceLimits.isPresent()) {
        bindControls.add(new GetUserResourceLimitsRequestControl());
    }
    if (usePasswordPolicyControl.isPresent()) {
        bindControls.add(new PasswordPolicyRequestControl());
    }
    if (suppressOperationalAttributeUpdates.isPresent()) {
        final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
        for (final String s : suppressOperationalAttributeUpdates.getValues()) {
            if (s.equalsIgnoreCase("last-access-time")) {
                suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
            } else if (s.equalsIgnoreCase("last-login-time")) {
                suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
            } else if (s.equalsIgnoreCase("last-login-ip")) {
                suppressTypes.add(SuppressType.LAST_LOGIN_IP);
            }
        }
        bindControls.add(new SuppressOperationalAttributeUpdateRequestControl(suppressTypes));
    }
    return bindControls;
}
Also used : RouteToServerRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToServerRequestControl) SubtreeDeleteRequestControl(com.unboundid.ldap.sdk.controls.SubtreeDeleteRequestControl) SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl) TransactionSpecificationRequestControl(com.unboundid.ldap.sdk.controls.TransactionSpecificationRequestControl) AssuredReplicationRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.AssuredReplicationRequestControl) PostReadRequestControl(com.unboundid.ldap.sdk.controls.PostReadRequestControl) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) NameWithEntryUUIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.NameWithEntryUUIDRequestControl) ReplicationRepairRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ReplicationRepairRequestControl) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) OperationPurposeRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl) PasswordUpdateBehaviorRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordUpdateBehaviorRequestControl) UndeleteRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.UndeleteRequestControl) GetRecentLoginHistoryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryRequestControl) PermissiveModifyRequestControl(com.unboundid.ldap.sdk.controls.PermissiveModifyRequestControl) AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl) Control(com.unboundid.ldap.sdk.Control) GetUserResourceLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsRequestControl) HardDeleteRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.HardDeleteRequestControl) IgnoreNoUserModificationRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.IgnoreNoUserModificationRequestControl) GetBackendSetIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl) PurgePasswordRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PurgePasswordRequestControl) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) SoftDeleteRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeleteRequestControl) RetirePasswordRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RetirePasswordRequestControl) GetServerIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDRequestControl) NoOpRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.NoOpRequestControl) PasswordPolicyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl) SuppressReferentialIntegrityUpdatesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressReferentialIntegrityUpdatesRequestControl) AssertionRequestControl(com.unboundid.ldap.sdk.controls.AssertionRequestControl) RouteToBackendSetRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToBackendSetRequestControl) ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl) PasswordValidationDetailsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordValidationDetailsRequestControl) UniquenessRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.UniquenessRequestControl) GeneratePasswordRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GeneratePasswordRequestControl) PreReadRequestControl(com.unboundid.ldap.sdk.controls.PreReadRequestControl) PasswordPolicyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl) ArrayList(java.util.ArrayList) AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl) SuppressType(com.unboundid.ldap.sdk.unboundidds.controls.SuppressType) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) GetRecentLoginHistoryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryRequestControl) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl) GetUserResourceLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsRequestControl) NotNull(com.unboundid.util.NotNull)

Example 2 with GetAuthorizationEntryRequestControl

use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl in project ldapsdk by pingidentity.

the class LDAPSearch method getBindControls.

/**
 * {@inheritDoc}
 */
@Override()
@NotNull()
protected List<Control> getBindControls() {
    final ArrayList<Control> bindControls = new ArrayList<>(10);
    if (bindControl.isPresent()) {
        bindControls.addAll(bindControl.getValues());
    }
    if (authorizationIdentity.isPresent()) {
        bindControls.add(new AuthorizationIdentityRequestControl(false));
    }
    if (getAuthorizationEntryAttribute.isPresent()) {
        bindControls.add(new GetAuthorizationEntryRequestControl(true, true, getAuthorizationEntryAttribute.getValues()));
    }
    if (getRecentLoginHistory.isPresent()) {
        bindControls.add(new GetRecentLoginHistoryRequestControl());
    }
    if (getUserResourceLimits.isPresent()) {
        bindControls.add(new GetUserResourceLimitsRequestControl());
    }
    if (usePasswordPolicyControl.isPresent()) {
        bindControls.add(new PasswordPolicyRequestControl());
    }
    if (suppressOperationalAttributeUpdates.isPresent()) {
        final EnumSet<SuppressType> suppressTypes = EnumSet.noneOf(SuppressType.class);
        for (final String s : suppressOperationalAttributeUpdates.getValues()) {
            if (s.equalsIgnoreCase("last-access-time")) {
                suppressTypes.add(SuppressType.LAST_ACCESS_TIME);
            } else if (s.equalsIgnoreCase("last-login-time")) {
                suppressTypes.add(SuppressType.LAST_LOGIN_TIME);
            } else if (s.equalsIgnoreCase("last-login-ip")) {
                suppressTypes.add(SuppressType.LAST_LOGIN_IP);
            }
        }
        bindControls.add(new SuppressOperationalAttributeUpdateRequestControl(suppressTypes));
    }
    return bindControls;
}
Also used : VirtualListViewRequestControl(com.unboundid.ldap.sdk.controls.VirtualListViewRequestControl) RouteToServerRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToServerRequestControl) RFC3672SubentriesRequestControl(com.unboundid.ldap.sdk.controls.RFC3672SubentriesRequestControl) SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl) MatchingEntryCountRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.MatchingEntryCountRequestControl) MatchedValuesRequestControl(com.unboundid.ldap.sdk.controls.MatchedValuesRequestControl) VirtualAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.VirtualAttributesOnlyRequestControl) AccountUsableRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.AccountUsableRequestControl) OverrideSearchLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OverrideSearchLimitsRequestControl) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl) OperationPurposeRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl) SoftDeletedEntryAccessRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeletedEntryAccessRequestControl) JoinRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.JoinRequestControl) ReturnConflictEntriesRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ReturnConflictEntriesRequestControl) GetRecentLoginHistoryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryRequestControl) PermitUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PermitUnindexedSearchRequestControl) RejectUnindexedSearchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RejectUnindexedSearchRequestControl) AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl) Control(com.unboundid.ldap.sdk.Control) GetUserResourceLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsRequestControl) GetBackendSetIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl) RealAttributesOnlyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RealAttributesOnlyRequestControl) ExcludeBranchRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.ExcludeBranchRequestControl) ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl) ServerSideSortRequestControl(com.unboundid.ldap.sdk.controls.ServerSideSortRequestControl) GetServerIDRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDRequestControl) PasswordPolicyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl) AssertionRequestControl(com.unboundid.ldap.sdk.controls.AssertionRequestControl) RouteToBackendSetRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RouteToBackendSetRequestControl) ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl) PersistentSearchRequestControl(com.unboundid.ldap.sdk.controls.PersistentSearchRequestControl) GetEffectiveRightsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl) DraftLDUPSubentriesRequestControl(com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl) PasswordPolicyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl) ArrayList(java.util.ArrayList) AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl) SuppressType(com.unboundid.ldap.sdk.unboundidds.controls.SuppressType) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) GetRecentLoginHistoryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryRequestControl) SuppressOperationalAttributeUpdateRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.SuppressOperationalAttributeUpdateRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl) GetUserResourceLimitsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsRequestControl) NotNull(com.unboundid.util.NotNull)

Example 3 with GetAuthorizationEntryRequestControl

use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl in project ssam by pingidentity.

the class LDAPAuthenticationProvider method authenticate.

/**
 * {@inheritDoc}
 */
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String searchBindFilter = settings.getSearchBindFilter();
    User userDetails = null;
    BindRequest request = null;
    // Get the username and password, making sure they're not empty
    String username = authentication.getName();
    String password = (String) authentication.getCredentials();
    if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
        throw new BadCredentialsException("Username and password must be provided");
    }
    // If a filter is available, perform 'Search and Bind'
    if (StringUtils.isNotEmpty(searchBindFilter)) {
        Entry entry;
        String filter = searchBindFilter.replace("$0", username);
        try {
            entry = pool.searchForEntry(settings.getBaseDN(), SearchScope.SUB, Filter.create(filter));
            if (entry == null) {
                throw new BadCredentialsException("Invalid credentials for user: " + username);
            }
        } catch (LDAPSearchException e) {
            throw new BadCredentialsException("An exception occurred while searching" + " for user: " + username, e);
        } catch (LDAPException e) {
            throw new BadCredentialsException("The filter string cannot be decoded " + "as a valid search filter for user: " + username, e);
        }
        // Obtain the bind DN and try to bind, retaining the identity of the
        // pooled connection
        request = new SimpleBindRequest(entry.getDN(), password, new RetainIdentityRequestControl());
        userDetails = new LDAPUser(entry.getDN(), username, password, EMPTY_AUTHORITIES);
    } else {
        // Construct a SASL PLAIN Bind Request since no filter is available for
        // 'Search and Bind'
        request = new PLAINBindRequest("u:" + username, password, new GetAuthorizationEntryRequestControl(false, true, "1.1"), new RetainIdentityRequestControl());
    }
    try {
        BindResult result = pool.bind(request);
        // Use a Response Control to obtain a DN for the authentication token
        if (request instanceof PLAINBindRequest) {
            GetAuthorizationEntryResponseControl responseControl = GetAuthorizationEntryResponseControl.get(result);
            if (responseControl == null) {
                // No entry returned, User will be used for the authentication token
                userDetails = new User(username, password, EMPTY_AUTHORITIES);
            } else {
                // Entry returned, LDAPUser will be used for the authentication token
                userDetails = new LDAPUser(responseControl.getAuthZEntry().getDN(), username, password, EMPTY_AUTHORITIES);
            }
        }
    } catch (LDAPException e) {
        throw new BadCredentialsException("Invalid credentials for user:  " + username, e);
    }
    // Construct the authentication token and return it
    return new UsernamePasswordAuthenticationToken(userDetails, password, EMPTY_AUTHORITIES);
}
Also used : User(org.springframework.security.core.userdetails.User) BindRequest(com.unboundid.ldap.sdk.BindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) Entry(com.unboundid.ldap.sdk.Entry) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) GetAuthorizationEntryResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl) LDAPException(com.unboundid.ldap.sdk.LDAPException) LDAPSearchException(com.unboundid.ldap.sdk.LDAPSearchException) BindResult(com.unboundid.ldap.sdk.BindResult) RetainIdentityRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RetainIdentityRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl)

Aggregations

GetAuthorizationEntryRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl)3 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)2 Control (com.unboundid.ldap.sdk.Control)2 AssertionRequestControl (com.unboundid.ldap.sdk.controls.AssertionRequestControl)2 AuthorizationIdentityRequestControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)2 ManageDsaITRequestControl (com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl)2 ProxiedAuthorizationV1RequestControl (com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl)2 ProxiedAuthorizationV2RequestControl (com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl)2 SimplePagedResultsControl (com.unboundid.ldap.sdk.controls.SimplePagedResultsControl)2 GetBackendSetIDRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDRequestControl)2 GetRecentLoginHistoryRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryRequestControl)2 GetServerIDRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDRequestControl)2 GetUserResourceLimitsRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsRequestControl)2 OperationPurposeRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.OperationPurposeRequestControl)2 PasswordPolicyRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl)2 BindRequest (com.unboundid.ldap.sdk.BindRequest)1 BindResult (com.unboundid.ldap.sdk.BindResult)1 Entry (com.unboundid.ldap.sdk.Entry)1 LDAPException (com.unboundid.ldap.sdk.LDAPException)1 LDAPSearchException (com.unboundid.ldap.sdk.LDAPSearchException)1