use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.
the class DefaultLdapComponent method connect.
@Override
public void connect(LdapConfigBean config, final IAsyncResultHandler<ILdapClientConnection> handler) {
final DefaultLdapClientConnection connection = new DefaultLdapClientConnection(config, socketFactory);
connection.connect((IAsyncResult<ILdapResult> result) -> {
if (result.isSuccess()) {
// Could still be a non-success return
ILdapResult ldapResult = result.getResult();
if (ldapResult.getResultCode().isSuccess()) {
handler.handle(AsyncResultImpl.<ILdapClientConnection>create(connection));
} else {
// We don't have any fine-grained handling of exceptions, so bundle all into one.
handler.handle(AsyncResultImpl.<ILdapClientConnection>create(DefaultExceptionFactory.create(ldapResult)));
}
} else {
handler.handle(AsyncResultImpl.<ILdapClientConnection>create(result.getError()));
}
});
}
use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.
the class LDAPIdentityValidator method doValidate.
private void doValidate(final String username, final String password, final ApiRequest request, final IPolicyContext context, final LDAPIdentitySource config, final IAsyncResultHandler<Boolean> handler) {
final ILdapComponent ldapComponent = context.getComponent(ILdapComponent.class);
String bindDn = formatDn(config.getDnPattern(), username, request);
String bindDnPwd = password;
int port = config.getUri().getPort();
String scheme = config.getUri().getScheme();
if (port == -1) {
if ("ldap".equalsIgnoreCase(scheme)) {
// $NON-NLS-1$
port = 389;
}
if ("ldaps".equalsIgnoreCase(scheme)) {
// $NON-NLS-1$
port = 636;
}
}
final LdapConfigBean ldapConfigBean = new LdapConfigBean();
ldapConfigBean.setBindDn(bindDn);
ldapConfigBean.setBindPassword(bindDnPwd);
ldapConfigBean.setHost(config.getUri().getHost());
ldapConfigBean.setPort(port);
ldapConfigBean.setScheme(scheme);
// Bind as one account, search for other.
if (config.getBindAs() == LDAPBindAsType.ServiceAccount) {
ldapConfigBean.setBindDn(formatDn(config.getDnPattern(), config.getCredentials().getUsername(), request));
ldapConfigBean.setBindPassword(config.getCredentials().getPassword());
ldapComponent.connect(ldapConfigBean, successHandler(handler, new IAsyncHandler<ILdapClientConnection>() {
@Override
public void handle(final ILdapClientConnection connection) {
String searchBaseDN = formatDn(config.getUserSearch().getBaseDn(), username, request);
String searchExpr = formatDn(config.getUserSearch().getExpression(), username, request);
connection.search(searchBaseDN, searchExpr, LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {
// At the moment it's just generic, but in future we can make better use of it.
@Override
public void handle(LdapException exception) {
handler.handle(AsyncResultImpl.<Boolean>create(exception));
}
}).search(successHandler(handler, new IAsyncHandler<List<ILdapSearchEntry>>() {
@Override
public void handle(List<ILdapSearchEntry> searchEntries) {
handleLdapSearch(connection, searchEntries, config, ldapConfigBean, ldapComponent, context, username, password, handler);
}
}));
}
}));
} else {
bind(config, ldapConfigBean, ldapComponent, context, new IAsyncResultHandler<ILdapResult>() {
@Override
public void handle(IAsyncResult<ILdapResult> result) {
if (result.isSuccess()) {
if (LdapResultCode.isSuccess(result.getResult().getResultCode())) {
handler.handle(AsyncResultImpl.create(Boolean.TRUE));
} else {
// An auth failure
handler.handle(AsyncResultImpl.create(Boolean.FALSE));
}
} else {
// Unexpected exception
handler.handle(AsyncResultImpl.<Boolean>create(result.getError()));
}
}
});
}
}
use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.
the class LDAPIdentityValidator method extractRoles.
private void extractRoles(final ILdapClientConnection connection, final String userDn, final LDAPIdentitySource config, final IPolicyContext context, final IAsyncResultHandler<ILdapResult> resultHandler) {
final Set<String> roles = new HashSet<>();
// $NON-NLS-1$
connection.search(userDn, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {
// At the moment it's just generic, but in future we can make better use of it.
@Override
public void handle(LdapException exception) {
resultHandler.handle(AsyncResultImpl.<ILdapResult>create(exception));
}
}).search(successHandler(resultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() {
@Override
public void handle(List<ILdapSearchEntry> result) {
// Look through all results (usually should only be 1)
for (ILdapSearchEntry searchResult : result) {
// Get membership attribute (if any)
List<ILdapAttribute> attrs = searchResult.getAttributes();
try {
// Look through all attrs - grab relevant RDNS, for each attribute (e.g. cn)
for (ILdapAttribute attr : attrs) {
if (attr.getBaseName().equals(config.getMembershipAttribute())) {
addRoles(attr);
}
}
context.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, roles);
resultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
} catch (Exception e) {
// Potentially invalid RDN format
resultHandler.handle(AsyncResultImpl.<ILdapResult>create(e));
}
}
}
private void addRoles(ILdapAttribute attr) {
// Treat value as an RDN
for (ILdapDn dn : attr.getValuesAsDn()) {
for (ILdapRdn rdns : dn.getRdns()) {
if (rdns.hasAttribute(config.getRolenameAttribute())) {
for (String value : rdns.getAttributeValues()) {
roles.add(value);
}
}
}
}
}
}));
}
use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.
the class DefaultLdapClientConnection method connect.
public void connect(final IAsyncResultHandler<ILdapResult> handler) {
try {
connection = LDAPConnectionFactory.build(socketFactory, config);
BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword());
evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler);
} catch (LDAPException e) {
evalBindReturn(e.getResultCode(), e.getMessage(), e, handler);
} catch (Exception e) {
LDAPConnectionFactory.releaseDefunct(connection);
handler.handle(AsyncResultImpl.<ILdapResult>create(e));
}
}
use of io.apiman.gateway.engine.components.ldap.ILdapResult in project apiman by apiman.
the class DefaultLdapClientConnection method bind.
public static void bind(SSLSocketFactory socketFactory, LdapConfigBean config, IAsyncResultHandler<ILdapResult> handler) {
LDAPConnection connection = null;
try {
connection = LDAPConnectionFactory.build(socketFactory, config);
BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword());
evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler);
LDAPConnectionFactory.releaseConnection(connection);
} catch (LDAPException e) {
// generally errors as an exception, also potentially normal return(!).
evalBindReturn(e.getResultCode(), e.getMessage(), e, handler);
LDAPConnectionFactory.releaseConnectionAfterException(connection, e);
} catch (Exception e) {
LDAPConnectionFactory.releaseDefunct(connection);
handler.handle(AsyncResultImpl.<ILdapResult>create(e));
}
}
Aggregations