Search in sources :

Example 1 with ILdapResult

use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.

the class DefaultLdapComponent method connect.

@Override
public void connect(LdapConfigBean config, final IAsyncResultHandler<ILdapClientConnection> handler) {
    final DefaultLdapClientConnection connection = new DefaultLdapClientConnection(config, socketFactory);
    connection.connect((IAsyncResult<ILdapResult> result) -> {
        if (result.isSuccess()) {
            // Could still be a non-success return
            ILdapResult ldapResult = result.getResult();
            if (ldapResult.getResultCode().isSuccess()) {
                handler.handle(AsyncResultImpl.<ILdapClientConnection>create(connection));
            } else {
                // We don't have any fine-grained handling of exceptions, so bundle all into one.
                handler.handle(AsyncResultImpl.<ILdapClientConnection>create(DefaultExceptionFactory.create(ldapResult)));
            }
        } else {
            handler.handle(AsyncResultImpl.<ILdapClientConnection>create(result.getError()));
        }
    });
}
Also used : ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) IAsyncResult(io.apiman.gateway.engine.async.IAsyncResult)

Example 2 with ILdapResult

use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.

the class LDAPIdentityValidator method doValidate.

private void doValidate(final String username, final String password, final ApiRequest request, final IPolicyContext context, final LDAPIdentitySource config, final IAsyncResultHandler<Boolean> handler) {
    final ILdapComponent ldapComponent = context.getComponent(ILdapComponent.class);
    String bindDn = formatDn(config.getDnPattern(), username, request);
    String bindDnPwd = password;
    int port = config.getUri().getPort();
    String scheme = config.getUri().getScheme();
    if (port == -1) {
        if ("ldap".equalsIgnoreCase(scheme)) {
            // $NON-NLS-1$
            port = 389;
        }
        if ("ldaps".equalsIgnoreCase(scheme)) {
            // $NON-NLS-1$
            port = 636;
        }
    }
    final LdapConfigBean ldapConfigBean = new LdapConfigBean();
    ldapConfigBean.setBindDn(bindDn);
    ldapConfigBean.setBindPassword(bindDnPwd);
    ldapConfigBean.setHost(config.getUri().getHost());
    ldapConfigBean.setPort(port);
    ldapConfigBean.setScheme(scheme);
    // Bind as one account, search for other.
    if (config.getBindAs() == LDAPBindAsType.ServiceAccount) {
        ldapConfigBean.setBindDn(formatDn(config.getDnPattern(), config.getCredentials().getUsername(), request));
        ldapConfigBean.setBindPassword(config.getCredentials().getPassword());
        ldapComponent.connect(ldapConfigBean, successHandler(handler, new IAsyncHandler<ILdapClientConnection>() {

            @Override
            public void handle(final ILdapClientConnection connection) {
                String searchBaseDN = formatDn(config.getUserSearch().getBaseDn(), username, request);
                String searchExpr = formatDn(config.getUserSearch().getExpression(), username, request);
                connection.search(searchBaseDN, searchExpr, LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {

                    // At the moment it's just generic, but in future we can make better use of it.
                    @Override
                    public void handle(LdapException exception) {
                        handler.handle(AsyncResultImpl.<Boolean>create(exception));
                    }
                }).search(successHandler(handler, new IAsyncHandler<List<ILdapSearchEntry>>() {

                    @Override
                    public void handle(List<ILdapSearchEntry> searchEntries) {
                        handleLdapSearch(connection, searchEntries, config, ldapConfigBean, ldapComponent, context, username, password, handler);
                    }
                }));
            }
        }));
    } else {
        bind(config, ldapConfigBean, ldapComponent, context, new IAsyncResultHandler<ILdapResult>() {

            @Override
            public void handle(IAsyncResult<ILdapResult> result) {
                if (result.isSuccess()) {
                    if (LdapResultCode.isSuccess(result.getResult().getResultCode())) {
                        handler.handle(AsyncResultImpl.create(Boolean.TRUE));
                    } else {
                        // An auth failure
                        handler.handle(AsyncResultImpl.create(Boolean.FALSE));
                    }
                } else {
                    // Unexpected exception
                    handler.handle(AsyncResultImpl.<Boolean>create(result.getError()));
                }
            }
        });
    }
}
Also used : LdapConfigBean(io.apiman.gateway.engine.components.ldap.LdapConfigBean) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) ILdapClientConnection(io.apiman.gateway.engine.components.ldap.ILdapClientConnection) List(java.util.List) IAsyncHandler(io.apiman.gateway.engine.async.IAsyncHandler) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) ILdapComponent(io.apiman.gateway.engine.components.ILdapComponent)

Example 3 with ILdapResult

use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.

the class LDAPIdentityValidator method extractRoles.

private void extractRoles(final ILdapClientConnection connection, final String userDn, final LDAPIdentitySource config, final IPolicyContext context, final IAsyncResultHandler<ILdapResult> resultHandler) {
    final Set<String> roles = new HashSet<>();
    // $NON-NLS-1$
    connection.search(userDn, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {

        // At the moment it's just generic, but in future we can make better use of it.
        @Override
        public void handle(LdapException exception) {
            resultHandler.handle(AsyncResultImpl.<ILdapResult>create(exception));
        }
    }).search(successHandler(resultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() {

        @Override
        public void handle(List<ILdapSearchEntry> result) {
            // Look through all results (usually should only be 1)
            for (ILdapSearchEntry searchResult : result) {
                // Get membership attribute (if any)
                List<ILdapAttribute> attrs = searchResult.getAttributes();
                try {
                    // Look through all attrs - grab relevant RDNS, for each attribute (e.g. cn)
                    for (ILdapAttribute attr : attrs) {
                        if (attr.getBaseName().equals(config.getMembershipAttribute())) {
                            addRoles(attr);
                        }
                    }
                    context.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, roles);
                    resultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
                } catch (Exception e) {
                    // Potentially invalid RDN format
                    resultHandler.handle(AsyncResultImpl.<ILdapResult>create(e));
                }
            }
        }

        private void addRoles(ILdapAttribute attr) {
            // Treat value as an RDN
            for (ILdapDn dn : attr.getValuesAsDn()) {
                for (ILdapRdn rdns : dn.getRdns()) {
                    if (rdns.hasAttribute(config.getRolenameAttribute())) {
                        for (String value : rdns.getAttributeValues()) {
                            roles.add(value);
                        }
                    }
                }
            }
        }
    }));
}
Also used : ILdapAttribute(io.apiman.gateway.engine.components.ldap.ILdapAttribute) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) NamingException(javax.naming.NamingException) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) ILdapRdn(io.apiman.gateway.engine.components.ldap.ILdapRdn) List(java.util.List) ILdapDn(io.apiman.gateway.engine.components.ldap.ILdapDn) IAsyncHandler(io.apiman.gateway.engine.async.IAsyncHandler) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) HashSet(java.util.HashSet)

Example 4 with ILdapResult

use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.

the class DefaultLdapClientConnection method connect.

public void connect(final IAsyncResultHandler<ILdapResult> handler) {
    try {
        connection = LDAPConnectionFactory.build(socketFactory, config);
        BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword());
        evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler);
    } catch (LDAPException e) {
        evalBindReturn(e.getResultCode(), e.getMessage(), e, handler);
    } catch (Exception e) {
        LDAPConnectionFactory.releaseDefunct(connection);
        handler.handle(AsyncResultImpl.<ILdapResult>create(e));
    }
}
Also used : ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) LDAPException(com.unboundid.ldap.sdk.LDAPException) BindResult(com.unboundid.ldap.sdk.BindResult) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) LDAPException(com.unboundid.ldap.sdk.LDAPException)

Example 5 with ILdapResult

use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.

the class DefaultLdapClientConnection method bind.

public static void bind(SSLSocketFactory socketFactory, LdapConfigBean config, IAsyncResultHandler<ILdapResult> handler) {
    LDAPConnection connection = null;
    try {
        connection = LDAPConnectionFactory.build(socketFactory, config);
        BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword());
        evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler);
        LDAPConnectionFactory.releaseConnection(connection);
    } catch (LDAPException e) {
        // generally errors as an exception, also potentially normal return(!).
        evalBindReturn(e.getResultCode(), e.getMessage(), e, handler);
        LDAPConnectionFactory.releaseConnectionAfterException(connection, e);
    } catch (Exception e) {
        LDAPConnectionFactory.releaseDefunct(connection);
        handler.handle(AsyncResultImpl.<ILdapResult>create(e));
    }
}
Also used : ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) LDAPException(com.unboundid.ldap.sdk.LDAPException) BindResult(com.unboundid.ldap.sdk.BindResult) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) LDAPException(com.unboundid.ldap.sdk.LDAPException)

Aggregations

ILdapResult (io.apiman.gateway.engine.components.ldap.ILdapResult)5 LdapException (io.apiman.gateway.engine.components.ldap.result.LdapException)4 BindResult (com.unboundid.ldap.sdk.BindResult)2 LDAPException (com.unboundid.ldap.sdk.LDAPException)2 IAsyncHandler (io.apiman.gateway.engine.async.IAsyncHandler)2 ILdapSearchEntry (io.apiman.gateway.engine.components.ldap.ILdapSearchEntry)2 List (java.util.List)2 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)1 IAsyncResult (io.apiman.gateway.engine.async.IAsyncResult)1 ILdapComponent (io.apiman.gateway.engine.components.ILdapComponent)1 ILdapAttribute (io.apiman.gateway.engine.components.ldap.ILdapAttribute)1 ILdapClientConnection (io.apiman.gateway.engine.components.ldap.ILdapClientConnection)1 ILdapDn (io.apiman.gateway.engine.components.ldap.ILdapDn)1 ILdapRdn (io.apiman.gateway.engine.components.ldap.ILdapRdn)1 LdapConfigBean (io.apiman.gateway.engine.components.ldap.LdapConfigBean)1 HashSet (java.util.HashSet)1 NamingException (javax.naming.NamingException)1