use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.
the class LDAPIdentityValidator method doValidate.
private void doValidate(final String username, final String password, final ApiRequest request, final IPolicyContext context, final LDAPIdentitySource config, final IAsyncResultHandler<Boolean> handler) {
final ILdapComponent ldapComponent = context.getComponent(ILdapComponent.class);
String bindDn = formatDn(config.getDnPattern(), username, request);
String bindDnPwd = password;
int port = config.getUri().getPort();
String scheme = config.getUri().getScheme();
if (port == -1) {
if ("ldap".equalsIgnoreCase(scheme)) {
// $NON-NLS-1$
port = 389;
}
if ("ldaps".equalsIgnoreCase(scheme)) {
// $NON-NLS-1$
port = 636;
}
}
final LdapConfigBean ldapConfigBean = new LdapConfigBean();
ldapConfigBean.setBindDn(bindDn);
ldapConfigBean.setBindPassword(bindDnPwd);
ldapConfigBean.setHost(config.getUri().getHost());
ldapConfigBean.setPort(port);
ldapConfigBean.setScheme(scheme);
// Bind as one account, search for other.
if (config.getBindAs() == LDAPBindAsType.ServiceAccount) {
ldapConfigBean.setBindDn(formatDn(config.getDnPattern(), config.getCredentials().getUsername(), request));
ldapConfigBean.setBindPassword(config.getCredentials().getPassword());
ldapComponent.connect(ldapConfigBean, successHandler(handler, new IAsyncHandler<ILdapClientConnection>() {
@Override
public void handle(final ILdapClientConnection connection) {
String searchBaseDN = formatDn(config.getUserSearch().getBaseDn(), username, request);
String searchExpr = formatDn(config.getUserSearch().getExpression(), username, request);
connection.search(searchBaseDN, searchExpr, LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {
// At the moment it's just generic, but in future we can make better use of it.
@Override
public void handle(LdapException exception) {
handler.handle(AsyncResultImpl.<Boolean>create(exception));
}
}).search(successHandler(handler, new IAsyncHandler<List<ILdapSearchEntry>>() {
@Override
public void handle(List<ILdapSearchEntry> searchEntries) {
handleLdapSearch(connection, searchEntries, config, ldapConfigBean, ldapComponent, context, username, password, handler);
}
}));
}
}));
} else {
bind(config, ldapConfigBean, ldapComponent, context, new IAsyncResultHandler<ILdapResult>() {
@Override
public void handle(IAsyncResult<ILdapResult> result) {
if (result.isSuccess()) {
if (LdapResultCode.isSuccess(result.getResult().getResultCode())) {
handler.handle(AsyncResultImpl.create(Boolean.TRUE));
} else {
// An auth failure
handler.handle(AsyncResultImpl.create(Boolean.FALSE));
}
} else {
// Unexpected exception
handler.handle(AsyncResultImpl.<Boolean>create(result.getError()));
}
}
});
}
}
use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.
the class LDAPIdentityValidator method extractRoles.
private void extractRoles(final ILdapClientConnection connection, final String userDn, final LDAPIdentitySource config, final IPolicyContext context, final IAsyncResultHandler<ILdapResult> resultHandler) {
final Set<String> roles = new HashSet<>();
// $NON-NLS-1$
connection.search(userDn, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {
// At the moment it's just generic, but in future we can make better use of it.
@Override
public void handle(LdapException exception) {
resultHandler.handle(AsyncResultImpl.<ILdapResult>create(exception));
}
}).search(successHandler(resultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() {
@Override
public void handle(List<ILdapSearchEntry> result) {
// Look through all results (usually should only be 1)
for (ILdapSearchEntry searchResult : result) {
// Get membership attribute (if any)
List<ILdapAttribute> attrs = searchResult.getAttributes();
try {
// Look through all attrs - grab relevant RDNS, for each attribute (e.g. cn)
for (ILdapAttribute attr : attrs) {
if (attr.getBaseName().equals(config.getMembershipAttribute())) {
addRoles(attr);
}
}
context.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, roles);
resultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
} catch (Exception e) {
// Potentially invalid RDN format
resultHandler.handle(AsyncResultImpl.<ILdapResult>create(e));
}
}
}
private void addRoles(ILdapAttribute attr) {
// Treat value as an RDN
for (ILdapDn dn : attr.getValuesAsDn()) {
for (ILdapRdn rdns : dn.getRdns()) {
if (rdns.hasAttribute(config.getRolenameAttribute())) {
for (String value : rdns.getAttributeValues()) {
roles.add(value);
}
}
}
}
}
}));
}
use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.
the class LdapQueryTests method shouldReturnEmptyForUnmatchedFilter.
@Test
public void shouldReturnEmptyForUnmatchedFilter() {
config.setBindDn("uid=admin,ou=system");
config.setBindPassword("secret");
connect((connection, context) -> {
Async async = context.async();
connection.search("ou=people,o=apiman", "(uid=sushi)", LdapSearchScope.SUBTREE).setLdapErrorHandler(result -> context.fail(result.getCause())).search(searchResult -> {
context.assertTrue(searchResult.isSuccess());
List<ILdapSearchEntry> result = searchResult.getResult();
context.assertEquals(0, result.size());
async.complete();
});
});
}
use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.
the class LdapQueryTests method shouldCompleteMultipleSimpleQueries.
@Test
public void shouldCompleteMultipleSimpleQueries() {
config.setBindDn("uid=admin,ou=system");
config.setBindPassword("secret");
connect((connection, context) -> {
Async async = context.async();
Async async2 = context.async();
connection.search("ou=people,o=apiman", "(uid=msavy)", LdapSearchScope.SUBTREE).setLdapErrorHandler(result -> context.fail(result.getCause())).search(searchResult -> {
context.assertTrue(searchResult.isSuccess());
List<ILdapSearchEntry> result = searchResult.getResult();
context.assertEquals(1, result.size());
async.complete();
});
connection.search("ou=people,o=apiman", "(uid=ewittman)", LdapSearchScope.SUBTREE).setLdapErrorHandler(result -> context.fail(result.getCause())).search(searchResult -> {
context.assertTrue(searchResult.isSuccess());
List<ILdapSearchEntry> result = searchResult.getResult();
context.assertEquals(1, result.size());
async2.complete();
});
});
}
use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.
the class LdapQueryTests method shouldCompleteSimpleQuery.
@Test
public void shouldCompleteSimpleQuery() {
config.setBindDn("uid=admin,ou=system");
config.setBindPassword("secret");
connect((connection, context) -> {
Async async = context.async();
connection.search("ou=people,o=apiman", "(uid=msavy)", LdapSearchScope.SUBTREE).setLdapErrorHandler(result -> context.fail(result.getCause())).search(searchResult -> {
context.assertTrue(searchResult.isSuccess());
List<ILdapSearchEntry> result = searchResult.getResult();
context.assertEquals(1, result.size());
async.complete();
});
});
}
Aggregations