Search in sources :

Example 1 with ILdapSearchEntry

use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.

the class LDAPIdentityValidator method doValidate.

private void doValidate(final String username, final String password, final ApiRequest request, final IPolicyContext context, final LDAPIdentitySource config, final IAsyncResultHandler<Boolean> handler) {
    final ILdapComponent ldapComponent = context.getComponent(ILdapComponent.class);
    String bindDn = formatDn(config.getDnPattern(), username, request);
    String bindDnPwd = password;
    int port = config.getUri().getPort();
    String scheme = config.getUri().getScheme();
    if (port == -1) {
        if ("ldap".equalsIgnoreCase(scheme)) {
            // $NON-NLS-1$
            port = 389;
        }
        if ("ldaps".equalsIgnoreCase(scheme)) {
            // $NON-NLS-1$
            port = 636;
        }
    }
    final LdapConfigBean ldapConfigBean = new LdapConfigBean();
    ldapConfigBean.setBindDn(bindDn);
    ldapConfigBean.setBindPassword(bindDnPwd);
    ldapConfigBean.setHost(config.getUri().getHost());
    ldapConfigBean.setPort(port);
    ldapConfigBean.setScheme(scheme);
    // Bind as one account, search for other.
    if (config.getBindAs() == LDAPBindAsType.ServiceAccount) {
        ldapConfigBean.setBindDn(formatDn(config.getDnPattern(), config.getCredentials().getUsername(), request));
        ldapConfigBean.setBindPassword(config.getCredentials().getPassword());
        ldapComponent.connect(ldapConfigBean, successHandler(handler, new IAsyncHandler<ILdapClientConnection>() {

            @Override
            public void handle(final ILdapClientConnection connection) {
                String searchBaseDN = formatDn(config.getUserSearch().getBaseDn(), username, request);
                String searchExpr = formatDn(config.getUserSearch().getExpression(), username, request);
                connection.search(searchBaseDN, searchExpr, LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {

                    // At the moment it's just generic, but in future we can make better use of it.
                    @Override
                    public void handle(LdapException exception) {
                        handler.handle(AsyncResultImpl.<Boolean>create(exception));
                    }
                }).search(successHandler(handler, new IAsyncHandler<List<ILdapSearchEntry>>() {

                    @Override
                    public void handle(List<ILdapSearchEntry> searchEntries) {
                        handleLdapSearch(connection, searchEntries, config, ldapConfigBean, ldapComponent, context, username, password, handler);
                    }
                }));
            }
        }));
    } else {
        bind(config, ldapConfigBean, ldapComponent, context, new IAsyncResultHandler<ILdapResult>() {

            @Override
            public void handle(IAsyncResult<ILdapResult> result) {
                if (result.isSuccess()) {
                    if (LdapResultCode.isSuccess(result.getResult().getResultCode())) {
                        handler.handle(AsyncResultImpl.create(Boolean.TRUE));
                    } else {
                        // An auth failure
                        handler.handle(AsyncResultImpl.create(Boolean.FALSE));
                    }
                } else {
                    // Unexpected exception
                    handler.handle(AsyncResultImpl.<Boolean>create(result.getError()));
                }
            }
        });
    }
}
Also used : LdapConfigBean(io.apiman.gateway.engine.components.ldap.LdapConfigBean) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) ILdapClientConnection(io.apiman.gateway.engine.components.ldap.ILdapClientConnection) List(java.util.List) IAsyncHandler(io.apiman.gateway.engine.async.IAsyncHandler) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) ILdapComponent(io.apiman.gateway.engine.components.ILdapComponent)

Example 2 with ILdapSearchEntry

use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.

the class LDAPIdentityValidator method extractRoles.

private void extractRoles(final ILdapClientConnection connection, final String userDn, final LDAPIdentitySource config, final IPolicyContext context, final IAsyncResultHandler<ILdapResult> resultHandler) {
    final Set<String> roles = new HashSet<>();
    // $NON-NLS-1$
    connection.search(userDn, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {

        // At the moment it's just generic, but in future we can make better use of it.
        @Override
        public void handle(LdapException exception) {
            resultHandler.handle(AsyncResultImpl.<ILdapResult>create(exception));
        }
    }).search(successHandler(resultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() {

        @Override
        public void handle(List<ILdapSearchEntry> result) {
            // Look through all results (usually should only be 1)
            for (ILdapSearchEntry searchResult : result) {
                // Get membership attribute (if any)
                List<ILdapAttribute> attrs = searchResult.getAttributes();
                try {
                    // Look through all attrs - grab relevant RDNS, for each attribute (e.g. cn)
                    for (ILdapAttribute attr : attrs) {
                        if (attr.getBaseName().equals(config.getMembershipAttribute())) {
                            addRoles(attr);
                        }
                    }
                    context.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, roles);
                    resultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
                } catch (Exception e) {
                    // Potentially invalid RDN format
                    resultHandler.handle(AsyncResultImpl.<ILdapResult>create(e));
                }
            }
        }

        private void addRoles(ILdapAttribute attr) {
            // Treat value as an RDN
            for (ILdapDn dn : attr.getValuesAsDn()) {
                for (ILdapRdn rdns : dn.getRdns()) {
                    if (rdns.hasAttribute(config.getRolenameAttribute())) {
                        for (String value : rdns.getAttributeValues()) {
                            roles.add(value);
                        }
                    }
                }
            }
        }
    }));
}
Also used : ILdapAttribute(io.apiman.gateway.engine.components.ldap.ILdapAttribute) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) NamingException(javax.naming.NamingException) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) ILdapRdn(io.apiman.gateway.engine.components.ldap.ILdapRdn) List(java.util.List) ILdapDn(io.apiman.gateway.engine.components.ldap.ILdapDn) IAsyncHandler(io.apiman.gateway.engine.async.IAsyncHandler) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) HashSet(java.util.HashSet)

Example 3 with ILdapSearchEntry

use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.

the class LdapQueryTests method shouldReturnEmptyForUnmatchedFilter.

@Test
public void shouldReturnEmptyForUnmatchedFilter() {
    config.setBindDn("uid=admin,ou=system");
    config.setBindPassword("secret");
    connect((connection, context) -> {
        Async async = context.async();
        connection.search("ou=people,o=apiman", "(uid=sushi)", LdapSearchScope.SUBTREE).setLdapErrorHandler(result -> context.fail(result.getCause())).search(searchResult -> {
            context.assertTrue(searchResult.isSuccess());
            List<ILdapSearchEntry> result = searchResult.getResult();
            context.assertEquals(0, result.size());
            async.complete();
        });
    });
}
Also used : TestContext(io.vertx.ext.unit.TestContext) TestSuite(io.vertx.ext.unit.TestSuite) LdapSearchScope(io.apiman.gateway.engine.components.ldap.LdapSearchScope) LdapResultCode(io.apiman.gateway.engine.components.ldap.result.LdapResultCode) Async(io.vertx.ext.unit.Async) List(java.util.List) After(org.junit.After) ILdapClientConnection(io.apiman.gateway.engine.components.ldap.ILdapClientConnection) Test(org.junit.Test) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) TestCompletion(io.vertx.ext.unit.TestCompletion) Async(io.vertx.ext.unit.Async) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) Test(org.junit.Test)

Example 4 with ILdapSearchEntry

use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.

the class LdapQueryTests method shouldCompleteMultipleSimpleQueries.

@Test
public void shouldCompleteMultipleSimpleQueries() {
    config.setBindDn("uid=admin,ou=system");
    config.setBindPassword("secret");
    connect((connection, context) -> {
        Async async = context.async();
        Async async2 = context.async();
        connection.search("ou=people,o=apiman", "(uid=msavy)", LdapSearchScope.SUBTREE).setLdapErrorHandler(result -> context.fail(result.getCause())).search(searchResult -> {
            context.assertTrue(searchResult.isSuccess());
            List<ILdapSearchEntry> result = searchResult.getResult();
            context.assertEquals(1, result.size());
            async.complete();
        });
        connection.search("ou=people,o=apiman", "(uid=ewittman)", LdapSearchScope.SUBTREE).setLdapErrorHandler(result -> context.fail(result.getCause())).search(searchResult -> {
            context.assertTrue(searchResult.isSuccess());
            List<ILdapSearchEntry> result = searchResult.getResult();
            context.assertEquals(1, result.size());
            async2.complete();
        });
    });
}
Also used : TestContext(io.vertx.ext.unit.TestContext) TestSuite(io.vertx.ext.unit.TestSuite) LdapSearchScope(io.apiman.gateway.engine.components.ldap.LdapSearchScope) LdapResultCode(io.apiman.gateway.engine.components.ldap.result.LdapResultCode) Async(io.vertx.ext.unit.Async) List(java.util.List) After(org.junit.After) ILdapClientConnection(io.apiman.gateway.engine.components.ldap.ILdapClientConnection) Test(org.junit.Test) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) TestCompletion(io.vertx.ext.unit.TestCompletion) Async(io.vertx.ext.unit.Async) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) Test(org.junit.Test)

Example 5 with ILdapSearchEntry

use of io.apiman.gateway.engine.components.ldap.ILdapSearchEntry in project apiman by apiman.

the class LdapQueryTests method shouldCompleteSimpleQuery.

@Test
public void shouldCompleteSimpleQuery() {
    config.setBindDn("uid=admin,ou=system");
    config.setBindPassword("secret");
    connect((connection, context) -> {
        Async async = context.async();
        connection.search("ou=people,o=apiman", "(uid=msavy)", LdapSearchScope.SUBTREE).setLdapErrorHandler(result -> context.fail(result.getCause())).search(searchResult -> {
            context.assertTrue(searchResult.isSuccess());
            List<ILdapSearchEntry> result = searchResult.getResult();
            context.assertEquals(1, result.size());
            async.complete();
        });
    });
}
Also used : TestContext(io.vertx.ext.unit.TestContext) TestSuite(io.vertx.ext.unit.TestSuite) LdapSearchScope(io.apiman.gateway.engine.components.ldap.LdapSearchScope) LdapResultCode(io.apiman.gateway.engine.components.ldap.result.LdapResultCode) Async(io.vertx.ext.unit.Async) List(java.util.List) After(org.junit.After) ILdapClientConnection(io.apiman.gateway.engine.components.ldap.ILdapClientConnection) Test(org.junit.Test) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) TestCompletion(io.vertx.ext.unit.TestCompletion) Async(io.vertx.ext.unit.Async) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) Test(org.junit.Test)

Aggregations

ILdapSearchEntry (io.apiman.gateway.engine.components.ldap.ILdapSearchEntry)5 List (java.util.List)5 ILdapClientConnection (io.apiman.gateway.engine.components.ldap.ILdapClientConnection)4 LdapSearchScope (io.apiman.gateway.engine.components.ldap.LdapSearchScope)3 LdapResultCode (io.apiman.gateway.engine.components.ldap.result.LdapResultCode)3 Async (io.vertx.ext.unit.Async)3 TestCompletion (io.vertx.ext.unit.TestCompletion)3 TestContext (io.vertx.ext.unit.TestContext)3 TestSuite (io.vertx.ext.unit.TestSuite)3 After (org.junit.After)3 Test (org.junit.Test)3 IAsyncHandler (io.apiman.gateway.engine.async.IAsyncHandler)2 ILdapResult (io.apiman.gateway.engine.components.ldap.ILdapResult)2 LdapException (io.apiman.gateway.engine.components.ldap.result.LdapException)2 ILdapComponent (io.apiman.gateway.engine.components.ILdapComponent)1 ILdapAttribute (io.apiman.gateway.engine.components.ldap.ILdapAttribute)1 ILdapDn (io.apiman.gateway.engine.components.ldap.ILdapDn)1 ILdapRdn (io.apiman.gateway.engine.components.ldap.ILdapRdn)1 LdapConfigBean (io.apiman.gateway.engine.components.ldap.LdapConfigBean)1 HashSet (java.util.HashSet)1