Search in sources :

Example 1 with LdapPrincipal

use of com.walmartlabs.concord.server.security.ldap.LdapPrincipal in project concord by walmartlabs.

the class ConsoleService method whoami.

@GET
@Path("/whoami")
@Produces(MediaType.APPLICATION_JSON)
public UserResponse whoami() {
    UserPrincipal p = UserPrincipal.getCurrent();
    if (p == null) {
        throw new ConcordApplicationException("Can't determine current user: pricipal not found", Status.INTERNAL_SERVER_ERROR);
    }
    UserEntry u = p.getUser();
    if (u == null) {
        throw new ConcordApplicationException("Can't determine current user: user entry not found", Status.INTERNAL_SERVER_ERROR);
    }
    String displayName = u.getDisplayName();
    if (displayName == null) {
        LdapPrincipal l = LdapPrincipal.getCurrent();
        if (l != null) {
            displayName = l.getDisplayName();
        }
    }
    if (displayName == null) {
        displayName = p.getUsername();
    }
    UserEntry user = userManager.get(p.getId()).orElseThrow(() -> new ConcordApplicationException("Unknown user: " + p.getId()));
    return new UserResponse(p.getRealm(), user.getName(), user.getDomain(), displayName, user.getOrgs());
}
Also used : LdapPrincipal(com.walmartlabs.concord.server.security.ldap.LdapPrincipal) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException) UserEntry(com.walmartlabs.concord.server.user.UserEntry) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal)

Example 2 with LdapPrincipal

use of com.walmartlabs.concord.server.security.ldap.LdapPrincipal in project concord by walmartlabs.

the class SsoRealm method doGetAuthenticationInfo.

@Override
@WithTimer
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    SsoToken t = (SsoToken) token;
    if (t.getUsername() == null) {
        return null;
    }
    UserEntry u = userManager.get(t.getUsername(), t.getDomain(), UserType.LDAP).orElse(null);
    if (u == null) {
        u = userManager.create(t.getUsername(), t.getDomain(), t.getDisplayName(), t.getMail(), UserType.SSO, null);
    }
    // we consider the account active if the authentication was successful
    userManager.enable(u.getId());
    auditLog.add(AuditObject.SYSTEM, AuditAction.ACCESS).userId(u.getId()).field("username", u.getName()).field("userDomain", u.getDomain()).field("realm", REALM_NAME).log();
    UserPrincipal userPrincipal = new UserPrincipal(REALM_NAME, u);
    LdapPrincipal ldapPrincipal = new LdapPrincipal(t.getUsername(), t.getDomain(), t.getNameInNamespace(), t.getUserPrincipalName(), t.getDisplayName(), t.getMail(), t.getGroups(), Collections.singletonMap("mail", t.getMail()));
    return new SimpleAccount(Arrays.asList(userPrincipal, t, ldapPrincipal), t.getCredentials(), getName());
}
Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) LdapPrincipal(com.walmartlabs.concord.server.security.ldap.LdapPrincipal) UserEntry(com.walmartlabs.concord.server.user.UserEntry) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer)

Aggregations

UserPrincipal (com.walmartlabs.concord.server.security.UserPrincipal)2 LdapPrincipal (com.walmartlabs.concord.server.security.ldap.LdapPrincipal)2 UserEntry (com.walmartlabs.concord.server.user.UserEntry)2 ConcordApplicationException (com.walmartlabs.concord.server.sdk.ConcordApplicationException)1 WithTimer (com.walmartlabs.concord.server.sdk.metrics.WithTimer)1 SimpleAccount (org.apache.shiro.authc.SimpleAccount)1