use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.
the class LDAPIdentityValidator method handleLdapSearch.
private void handleLdapSearch(final ILdapClientConnection connection, List<ILdapSearchEntry> searchEntries, LDAPIdentitySource config, LdapConfigBean ldapConfigBean, ILdapComponent ldapComponent, IPolicyContext context, String username, String password, final IAsyncResultHandler<Boolean> handler) {
if (searchEntries.size() > 1) {
// $NON-NLS-1$
NamingException ex = new NamingException("Found multiple entries for the same username: " + username);
handler.handle(AsyncResultImpl.<Boolean>create(ex));
} else if (searchEntries.isEmpty()) {
handler.handle(AsyncResultImpl.create(Boolean.FALSE));
} else {
// Just one result
// First entry
String userDn = searchEntries.get(0).getDn();
if (userDn != null) {
ldapConfigBean.setBindDn(userDn);
ldapConfigBean.setBindPassword(password);
bind(config, ldapConfigBean, ldapComponent, context, new IAsyncResultHandler<ILdapResult>() {
@Override
public void handle(IAsyncResult<ILdapResult> result) {
if (result.isError()) {
if (result.getError() instanceof LdapException) {
LdapException ex = (LdapException) result.getError();
if (ex.getResultCode().isAuthFailure()) {
handler.handle(AsyncResultImpl.create(Boolean.FALSE));
} else {
handler.handle(AsyncResultImpl.<Boolean>create(ex));
}
connection.close(ex);
} else {
handler.handle(AsyncResultImpl.<Boolean>create(result.getError()));
connection.close();
}
} else {
LdapResultCode resultCode = result.getResult().getResultCode();
if (LdapResultCode.isSuccess(resultCode)) {
handler.handle(AsyncResultImpl.create(Boolean.TRUE));
} else {
// TODO handle errors better?
handler.handle(AsyncResultImpl.create(Boolean.FALSE));
}
connection.close();
}
}
});
} else {
handler.handle(AsyncResultImpl.create(Boolean.FALSE));
}
}
}
use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.
the class LDAPIdentityValidator method doValidate.
private void doValidate(final String username, final String password, final ApiRequest request, final IPolicyContext context, final LDAPIdentitySource config, final IAsyncResultHandler<Boolean> handler) {
final ILdapComponent ldapComponent = context.getComponent(ILdapComponent.class);
String bindDn = formatDn(config.getDnPattern(), username, request);
String bindDnPwd = password;
int port = config.getUri().getPort();
String scheme = config.getUri().getScheme();
if (port == -1) {
if ("ldap".equalsIgnoreCase(scheme)) {
// $NON-NLS-1$
port = 389;
}
if ("ldaps".equalsIgnoreCase(scheme)) {
// $NON-NLS-1$
port = 636;
}
}
final LdapConfigBean ldapConfigBean = new LdapConfigBean();
ldapConfigBean.setBindDn(bindDn);
ldapConfigBean.setBindPassword(bindDnPwd);
ldapConfigBean.setHost(config.getUri().getHost());
ldapConfigBean.setPort(port);
ldapConfigBean.setScheme(scheme);
// Bind as one account, search for other.
if (config.getBindAs() == LDAPBindAsType.ServiceAccount) {
ldapConfigBean.setBindDn(formatDn(config.getDnPattern(), config.getCredentials().getUsername(), request));
ldapConfigBean.setBindPassword(config.getCredentials().getPassword());
ldapComponent.connect(ldapConfigBean, successHandler(handler, new IAsyncHandler<ILdapClientConnection>() {
@Override
public void handle(final ILdapClientConnection connection) {
String searchBaseDN = formatDn(config.getUserSearch().getBaseDn(), username, request);
String searchExpr = formatDn(config.getUserSearch().getExpression(), username, request);
connection.search(searchBaseDN, searchExpr, LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {
// At the moment it's just generic, but in future we can make better use of it.
@Override
public void handle(LdapException exception) {
handler.handle(AsyncResultImpl.<Boolean>create(exception));
}
}).search(successHandler(handler, new IAsyncHandler<List<ILdapSearchEntry>>() {
@Override
public void handle(List<ILdapSearchEntry> searchEntries) {
handleLdapSearch(connection, searchEntries, config, ldapConfigBean, ldapComponent, context, username, password, handler);
}
}));
}
}));
} else {
bind(config, ldapConfigBean, ldapComponent, context, new IAsyncResultHandler<ILdapResult>() {
@Override
public void handle(IAsyncResult<ILdapResult> result) {
if (result.isSuccess()) {
if (LdapResultCode.isSuccess(result.getResult().getResultCode())) {
handler.handle(AsyncResultImpl.create(Boolean.TRUE));
} else {
// An auth failure
handler.handle(AsyncResultImpl.create(Boolean.FALSE));
}
} else {
// Unexpected exception
handler.handle(AsyncResultImpl.<Boolean>create(result.getError()));
}
}
});
}
}
use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.
the class LDAPIdentityValidator method extractRoles.
private void extractRoles(final ILdapClientConnection connection, final String userDn, final LDAPIdentitySource config, final IPolicyContext context, final IAsyncResultHandler<ILdapResult> resultHandler) {
final Set<String> roles = new HashSet<>();
// $NON-NLS-1$
connection.search(userDn, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {
// At the moment it's just generic, but in future we can make better use of it.
@Override
public void handle(LdapException exception) {
resultHandler.handle(AsyncResultImpl.<ILdapResult>create(exception));
}
}).search(successHandler(resultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() {
@Override
public void handle(List<ILdapSearchEntry> result) {
// Look through all results (usually should only be 1)
for (ILdapSearchEntry searchResult : result) {
// Get membership attribute (if any)
List<ILdapAttribute> attrs = searchResult.getAttributes();
try {
// Look through all attrs - grab relevant RDNS, for each attribute (e.g. cn)
for (ILdapAttribute attr : attrs) {
if (attr.getBaseName().equals(config.getMembershipAttribute())) {
addRoles(attr);
}
}
context.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, roles);
resultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
} catch (Exception e) {
// Potentially invalid RDN format
resultHandler.handle(AsyncResultImpl.<ILdapResult>create(e));
}
}
}
private void addRoles(ILdapAttribute attr) {
// Treat value as an RDN
for (ILdapDn dn : attr.getValuesAsDn()) {
for (ILdapRdn rdns : dn.getRdns()) {
if (rdns.hasAttribute(config.getRolenameAttribute())) {
for (String value : rdns.getAttributeValues()) {
roles.add(value);
}
}
}
}
}
}));
}
use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.
the class DefaultLdapSearchImpl method getResults.
private void getResults(String searchDn, String filter, LdapSearchScope scope, final IAsyncResultHandler<List<SearchResultEntry>> result) {
try {
SearchScope searchScope = (scope == LdapSearchScope.ONE) ? SearchScope.ONE : SearchScope.SUB;
List<SearchResultEntry> searchResults = connection.search(searchDn, searchScope, filter).getSearchEntries();
result.handle(AsyncResultImpl.create(searchResults));
} catch (LDAPException e) {
if (ldapErrorHandler == null) {
LOGGER.error("LDAP Error Handler not set. Error may be swallowed; " + "this is probably not what you intended.", e);
}
ldapErrorHandler.handle(DefaultExceptionFactory.create(e));
} catch (Exception e) {
result.handle(AsyncResultImpl.<List<SearchResultEntry>>create(e));
}
}
use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.
the class DefaultLdapClientConnection method connect.
public void connect(final IAsyncResultHandler<ILdapResult> handler) {
try {
connection = LDAPConnectionFactory.build(socketFactory, config);
BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword());
evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler);
} catch (LDAPException e) {
evalBindReturn(e.getResultCode(), e.getMessage(), e, handler);
} catch (Exception e) {
LDAPConnectionFactory.releaseDefunct(connection);
handler.handle(AsyncResultImpl.<ILdapResult>create(e));
}
}
Aggregations