use of io.apiman.gateway.engine.components.ldap.ILdapAttribute in project apiman by apiman.
the class LDAPIdentityValidator method extractRoles.
private void extractRoles(final ILdapClientConnection connection, final String userDn, final LDAPIdentitySource config, final IPolicyContext context, final IAsyncResultHandler<ILdapResult> resultHandler) {
final Set<String> roles = new HashSet<>();
// $NON-NLS-1$
connection.search(userDn, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {
// At the moment it's just generic, but in future we can make better use of it.
@Override
public void handle(LdapException exception) {
resultHandler.handle(AsyncResultImpl.<ILdapResult>create(exception));
}
}).search(successHandler(resultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() {
@Override
public void handle(List<ILdapSearchEntry> result) {
// Look through all results (usually should only be 1)
for (ILdapSearchEntry searchResult : result) {
// Get membership attribute (if any)
List<ILdapAttribute> attrs = searchResult.getAttributes();
try {
// Look through all attrs - grab relevant RDNS, for each attribute (e.g. cn)
for (ILdapAttribute attr : attrs) {
if (attr.getBaseName().equals(config.getMembershipAttribute())) {
addRoles(attr);
}
}
context.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, roles);
resultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
} catch (Exception e) {
// Potentially invalid RDN format
resultHandler.handle(AsyncResultImpl.<ILdapResult>create(e));
}
}
}
private void addRoles(ILdapAttribute attr) {
// Treat value as an RDN
for (ILdapDn dn : attr.getValuesAsDn()) {
for (ILdapRdn rdns : dn.getRdns()) {
if (rdns.hasAttribute(config.getRolenameAttribute())) {
for (String value : rdns.getAttributeValues()) {
roles.add(value);
}
}
}
}
}
}));
}
Aggregations