Examples with ILdapDn - io.apiman.gateway.engine.components.ldap.ILdapDn

Example 1 with ILdapDn

use of io.apiman.gateway.engine.components.ldap.ILdapDn in project apiman by apiman.

the class LDAPIdentityValidator method extractRoles.

private void extractRoles(final ILdapClientConnection connection, final String userDn, final LDAPIdentitySource config, final IPolicyContext context, final IAsyncResultHandler<ILdapResult> resultHandler) {
    final Set<String> roles = new HashSet<>();
    // $NON-NLS-1$
    connection.search(userDn, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {

        // At the moment it's just generic, but in future we can make better use of it.
        @Override
        public void handle(LdapException exception) {
            resultHandler.handle(AsyncResultImpl.<ILdapResult>create(exception));
        }
    }).search(successHandler(resultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() {

        @Override
        public void handle(List<ILdapSearchEntry> result) {
            // Look through all results (usually should only be 1)
            for (ILdapSearchEntry searchResult : result) {
                // Get membership attribute (if any)
                List<ILdapAttribute> attrs = searchResult.getAttributes();
                try {
                    // Look through all attrs - grab relevant RDNS, for each attribute (e.g. cn)
                    for (ILdapAttribute attr : attrs) {
                        if (attr.getBaseName().equals(config.getMembershipAttribute())) {
                            addRoles(attr);
                        }
                    }
                    context.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, roles);
                    resultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
                } catch (Exception e) {
                    // Potentially invalid RDN format
                    resultHandler.handle(AsyncResultImpl.<ILdapResult>create(e));
                }
            }
        }

        private void addRoles(ILdapAttribute attr) {
            // Treat value as an RDN
            for (ILdapDn dn : attr.getValuesAsDn()) {
                for (ILdapRdn rdns : dn.getRdns()) {
                    if (rdns.hasAttribute(config.getRolenameAttribute())) {
                        for (String value : rdns.getAttributeValues()) {
                            roles.add(value);
                        }
                    }
                }
            }
        }
    }));
}

Also used : ILdapAttribute(io.apiman.gateway.engine.components.ldap.ILdapAttribute) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) NamingException(javax.naming.NamingException) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) ILdapRdn(io.apiman.gateway.engine.components.ldap.ILdapRdn) List(java.util.List) ILdapDn(io.apiman.gateway.engine.components.ldap.ILdapDn) IAsyncHandler(io.apiman.gateway.engine.async.IAsyncHandler) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) HashSet(java.util.HashSet)

Aggregations

IAsyncHandler (io.apiman.gateway.engine.async.IAsyncHandler)1 ILdapAttribute (io.apiman.gateway.engine.components.ldap.ILdapAttribute)1 ILdapDn (io.apiman.gateway.engine.components.ldap.ILdapDn)1 ILdapRdn (io.apiman.gateway.engine.components.ldap.ILdapRdn)1 ILdapResult (io.apiman.gateway.engine.components.ldap.ILdapResult)1 ILdapSearchEntry (io.apiman.gateway.engine.components.ldap.ILdapSearchEntry)1 LdapException (io.apiman.gateway.engine.components.ldap.result.LdapException)1 HashSet (java.util.HashSet)1 List (java.util.List)1 NamingException (javax.naming.NamingException)1