Examples with ILdapAttribute - io.apiman.gateway.engine.components.ldap.ILdapAttribute

Example 1 with ILdapAttribute

use of io.apiman.gateway.engine.components.ldap.ILdapAttribute in project apiman by apiman.

the class LDAPIdentityValidator method extractRoles.

private void extractRoles(final ILdapClientConnection connection, final String userDn, final LDAPIdentitySource config, final IPolicyContext context, final IAsyncResultHandler<ILdapResult> resultHandler) {
    final Set<String> roles = new HashSet<>();
    // $NON-NLS-1$
    connection.search(userDn, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {

        // At the moment it's just generic, but in future we can make better use of it.
        @Override
        public void handle(LdapException exception) {
            resultHandler.handle(AsyncResultImpl.<ILdapResult>create(exception));
        }
    }).search(successHandler(resultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() {

        @Override
        public void handle(List<ILdapSearchEntry> result) {
            // Look through all results (usually should only be 1)
            for (ILdapSearchEntry searchResult : result) {
                // Get membership attribute (if any)
                List<ILdapAttribute> attrs = searchResult.getAttributes();
                try {
                    // Look through all attrs - grab relevant RDNS, for each attribute (e.g. cn)
                    for (ILdapAttribute attr : attrs) {
                        if (attr.getBaseName().equals(config.getMembershipAttribute())) {
                            addRoles(attr);
                        }
                    }
                    context.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, roles);
                    resultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
                } catch (Exception e) {
                    // Potentially invalid RDN format
                    resultHandler.handle(AsyncResultImpl.<ILdapResult>create(e));
                }
            }
        }

        private void addRoles(ILdapAttribute attr) {
            // Treat value as an RDN
            for (ILdapDn dn : attr.getValuesAsDn()) {
                for (ILdapRdn rdns : dn.getRdns()) {
                    if (rdns.hasAttribute(config.getRolenameAttribute())) {
                        for (String value : rdns.getAttributeValues()) {
                            roles.add(value);
                        }
                    }
                }
            }
        }
    }));
}

Also used : ILdapAttribute(io.apiman.gateway.engine.components.ldap.ILdapAttribute) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) NamingException(javax.naming.NamingException) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) ILdapRdn(io.apiman.gateway.engine.components.ldap.ILdapRdn) List(java.util.List) ILdapDn(io.apiman.gateway.engine.components.ldap.ILdapDn) IAsyncHandler(io.apiman.gateway.engine.async.IAsyncHandler) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) HashSet(java.util.HashSet)

Aggregations

IAsyncHandler (io.apiman.gateway.engine.async.IAsyncHandler)1 ILdapAttribute (io.apiman.gateway.engine.components.ldap.ILdapAttribute)1 ILdapDn (io.apiman.gateway.engine.components.ldap.ILdapDn)1 ILdapRdn (io.apiman.gateway.engine.components.ldap.ILdapRdn)1 ILdapResult (io.apiman.gateway.engine.components.ldap.ILdapResult)1 ILdapSearchEntry (io.apiman.gateway.engine.components.ldap.ILdapSearchEntry)1 LdapException (io.apiman.gateway.engine.components.ldap.result.LdapException)1 HashSet (java.util.HashSet)1 List (java.util.List)1 NamingException (javax.naming.NamingException)1