Search in sources :

Example 1 with LdapException

use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.

the class LDAPIdentityValidator method handleLdapSearch.

private void handleLdapSearch(final ILdapClientConnection connection, List<ILdapSearchEntry> searchEntries, LDAPIdentitySource config, LdapConfigBean ldapConfigBean, ILdapComponent ldapComponent, IPolicyContext context, String username, String password, final IAsyncResultHandler<Boolean> handler) {
    if (searchEntries.size() > 1) {
        // $NON-NLS-1$
        NamingException ex = new NamingException("Found multiple entries for the same username: " + username);
        handler.handle(AsyncResultImpl.<Boolean>create(ex));
    } else if (searchEntries.isEmpty()) {
        handler.handle(AsyncResultImpl.create(Boolean.FALSE));
    } else {
        // Just one result
        // First entry
        String userDn = searchEntries.get(0).getDn();
        if (userDn != null) {
            ldapConfigBean.setBindDn(userDn);
            ldapConfigBean.setBindPassword(password);
            bind(config, ldapConfigBean, ldapComponent, context, new IAsyncResultHandler<ILdapResult>() {

                @Override
                public void handle(IAsyncResult<ILdapResult> result) {
                    if (result.isError()) {
                        if (result.getError() instanceof LdapException) {
                            LdapException ex = (LdapException) result.getError();
                            if (ex.getResultCode().isAuthFailure()) {
                                handler.handle(AsyncResultImpl.create(Boolean.FALSE));
                            } else {
                                handler.handle(AsyncResultImpl.<Boolean>create(ex));
                            }
                            connection.close(ex);
                        } else {
                            handler.handle(AsyncResultImpl.<Boolean>create(result.getError()));
                            connection.close();
                        }
                    } else {
                        LdapResultCode resultCode = result.getResult().getResultCode();
                        if (LdapResultCode.isSuccess(resultCode)) {
                            handler.handle(AsyncResultImpl.create(Boolean.TRUE));
                        } else {
                            // TODO handle errors better?
                            handler.handle(AsyncResultImpl.create(Boolean.FALSE));
                        }
                        connection.close();
                    }
                }
            });
        } else {
            handler.handle(AsyncResultImpl.create(Boolean.FALSE));
        }
    }
}
Also used : IAsyncResultHandler(io.apiman.gateway.engine.async.IAsyncResultHandler) LdapResultCode(io.apiman.gateway.engine.components.ldap.result.LdapResultCode) NamingException(javax.naming.NamingException) IAsyncResult(io.apiman.gateway.engine.async.IAsyncResult) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException)

Example 2 with LdapException

use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.

the class LDAPIdentityValidator method doValidate.

private void doValidate(final String username, final String password, final ApiRequest request, final IPolicyContext context, final LDAPIdentitySource config, final IAsyncResultHandler<Boolean> handler) {
    final ILdapComponent ldapComponent = context.getComponent(ILdapComponent.class);
    String bindDn = formatDn(config.getDnPattern(), username, request);
    String bindDnPwd = password;
    int port = config.getUri().getPort();
    String scheme = config.getUri().getScheme();
    if (port == -1) {
        if ("ldap".equalsIgnoreCase(scheme)) {
            // $NON-NLS-1$
            port = 389;
        }
        if ("ldaps".equalsIgnoreCase(scheme)) {
            // $NON-NLS-1$
            port = 636;
        }
    }
    final LdapConfigBean ldapConfigBean = new LdapConfigBean();
    ldapConfigBean.setBindDn(bindDn);
    ldapConfigBean.setBindPassword(bindDnPwd);
    ldapConfigBean.setHost(config.getUri().getHost());
    ldapConfigBean.setPort(port);
    ldapConfigBean.setScheme(scheme);
    // Bind as one account, search for other.
    if (config.getBindAs() == LDAPBindAsType.ServiceAccount) {
        ldapConfigBean.setBindDn(formatDn(config.getDnPattern(), config.getCredentials().getUsername(), request));
        ldapConfigBean.setBindPassword(config.getCredentials().getPassword());
        ldapComponent.connect(ldapConfigBean, successHandler(handler, new IAsyncHandler<ILdapClientConnection>() {

            @Override
            public void handle(final ILdapClientConnection connection) {
                String searchBaseDN = formatDn(config.getUserSearch().getBaseDn(), username, request);
                String searchExpr = formatDn(config.getUserSearch().getExpression(), username, request);
                connection.search(searchBaseDN, searchExpr, LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {

                    // At the moment it's just generic, but in future we can make better use of it.
                    @Override
                    public void handle(LdapException exception) {
                        handler.handle(AsyncResultImpl.<Boolean>create(exception));
                    }
                }).search(successHandler(handler, new IAsyncHandler<List<ILdapSearchEntry>>() {

                    @Override
                    public void handle(List<ILdapSearchEntry> searchEntries) {
                        handleLdapSearch(connection, searchEntries, config, ldapConfigBean, ldapComponent, context, username, password, handler);
                    }
                }));
            }
        }));
    } else {
        bind(config, ldapConfigBean, ldapComponent, context, new IAsyncResultHandler<ILdapResult>() {

            @Override
            public void handle(IAsyncResult<ILdapResult> result) {
                if (result.isSuccess()) {
                    if (LdapResultCode.isSuccess(result.getResult().getResultCode())) {
                        handler.handle(AsyncResultImpl.create(Boolean.TRUE));
                    } else {
                        // An auth failure
                        handler.handle(AsyncResultImpl.create(Boolean.FALSE));
                    }
                } else {
                    // Unexpected exception
                    handler.handle(AsyncResultImpl.<Boolean>create(result.getError()));
                }
            }
        });
    }
}
Also used : LdapConfigBean(io.apiman.gateway.engine.components.ldap.LdapConfigBean) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) ILdapClientConnection(io.apiman.gateway.engine.components.ldap.ILdapClientConnection) List(java.util.List) IAsyncHandler(io.apiman.gateway.engine.async.IAsyncHandler) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) ILdapComponent(io.apiman.gateway.engine.components.ILdapComponent)

Example 3 with LdapException

use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.

the class LDAPIdentityValidator method extractRoles.

private void extractRoles(final ILdapClientConnection connection, final String userDn, final LDAPIdentitySource config, final IPolicyContext context, final IAsyncResultHandler<ILdapResult> resultHandler) {
    final Set<String> roles = new HashSet<>();
    // $NON-NLS-1$
    connection.search(userDn, "(objectClass=*)", LdapSearchScope.SUBTREE).setLdapErrorHandler(new IAsyncHandler<LdapException>() {

        // At the moment it's just generic, but in future we can make better use of it.
        @Override
        public void handle(LdapException exception) {
            resultHandler.handle(AsyncResultImpl.<ILdapResult>create(exception));
        }
    }).search(successHandler(resultHandler, new IAsyncHandler<List<ILdapSearchEntry>>() {

        @Override
        public void handle(List<ILdapSearchEntry> result) {
            // Look through all results (usually should only be 1)
            for (ILdapSearchEntry searchResult : result) {
                // Get membership attribute (if any)
                List<ILdapAttribute> attrs = searchResult.getAttributes();
                try {
                    // Look through all attrs - grab relevant RDNS, for each attribute (e.g. cn)
                    for (ILdapAttribute attr : attrs) {
                        if (attr.getBaseName().equals(config.getMembershipAttribute())) {
                            addRoles(attr);
                        }
                    }
                    context.setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, roles);
                    resultHandler.handle(AsyncResultImpl.create(LdapResult.SUCCESS));
                } catch (Exception e) {
                    // Potentially invalid RDN format
                    resultHandler.handle(AsyncResultImpl.<ILdapResult>create(e));
                }
            }
        }

        private void addRoles(ILdapAttribute attr) {
            // Treat value as an RDN
            for (ILdapDn dn : attr.getValuesAsDn()) {
                for (ILdapRdn rdns : dn.getRdns()) {
                    if (rdns.hasAttribute(config.getRolenameAttribute())) {
                        for (String value : rdns.getAttributeValues()) {
                            roles.add(value);
                        }
                    }
                }
            }
        }
    }));
}
Also used : ILdapAttribute(io.apiman.gateway.engine.components.ldap.ILdapAttribute) ILdapSearchEntry(io.apiman.gateway.engine.components.ldap.ILdapSearchEntry) NamingException(javax.naming.NamingException) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) ILdapRdn(io.apiman.gateway.engine.components.ldap.ILdapRdn) List(java.util.List) ILdapDn(io.apiman.gateway.engine.components.ldap.ILdapDn) IAsyncHandler(io.apiman.gateway.engine.async.IAsyncHandler) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) HashSet(java.util.HashSet)

Example 4 with LdapException

use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.

the class DefaultLdapSearchImpl method getResults.

private void getResults(String searchDn, String filter, LdapSearchScope scope, final IAsyncResultHandler<List<SearchResultEntry>> result) {
    try {
        SearchScope searchScope = (scope == LdapSearchScope.ONE) ? SearchScope.ONE : SearchScope.SUB;
        List<SearchResultEntry> searchResults = connection.search(searchDn, searchScope, filter).getSearchEntries();
        result.handle(AsyncResultImpl.create(searchResults));
    } catch (LDAPException e) {
        if (ldapErrorHandler == null) {
            LOGGER.error("LDAP Error Handler not set. Error may be swallowed; " + "this is probably not what you intended.", e);
        }
        ldapErrorHandler.handle(DefaultExceptionFactory.create(e));
    } catch (Exception e) {
        result.handle(AsyncResultImpl.<List<SearchResultEntry>>create(e));
    }
}
Also used : LDAPException(com.unboundid.ldap.sdk.LDAPException) LdapSearchScope(io.apiman.gateway.engine.components.ldap.LdapSearchScope) SearchScope(com.unboundid.ldap.sdk.SearchScope) ArrayList(java.util.ArrayList) List(java.util.List) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) LDAPException(com.unboundid.ldap.sdk.LDAPException) SearchResultEntry(com.unboundid.ldap.sdk.SearchResultEntry)

Example 5 with LdapException

use of io.apiman.gateway.engine.components.ldap.result.LdapException in project apiman by apiman.

the class DefaultLdapClientConnection method connect.

public void connect(final IAsyncResultHandler<ILdapResult> handler) {
    try {
        connection = LDAPConnectionFactory.build(socketFactory, config);
        BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword());
        evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler);
    } catch (LDAPException e) {
        evalBindReturn(e.getResultCode(), e.getMessage(), e, handler);
    } catch (Exception e) {
        LDAPConnectionFactory.releaseDefunct(connection);
        handler.handle(AsyncResultImpl.<ILdapResult>create(e));
    }
}
Also used : ILdapResult(io.apiman.gateway.engine.components.ldap.ILdapResult) LDAPException(com.unboundid.ldap.sdk.LDAPException) BindResult(com.unboundid.ldap.sdk.BindResult) LdapException(io.apiman.gateway.engine.components.ldap.result.LdapException) LDAPException(com.unboundid.ldap.sdk.LDAPException)

Aggregations

LdapException (io.apiman.gateway.engine.components.ldap.result.LdapException)6 ILdapResult (io.apiman.gateway.engine.components.ldap.ILdapResult)4 LDAPException (com.unboundid.ldap.sdk.LDAPException)3 List (java.util.List)3 BindResult (com.unboundid.ldap.sdk.BindResult)2 IAsyncHandler (io.apiman.gateway.engine.async.IAsyncHandler)2 ILdapSearchEntry (io.apiman.gateway.engine.components.ldap.ILdapSearchEntry)2 NamingException (javax.naming.NamingException)2 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)1 SearchResultEntry (com.unboundid.ldap.sdk.SearchResultEntry)1 SearchScope (com.unboundid.ldap.sdk.SearchScope)1 IAsyncResult (io.apiman.gateway.engine.async.IAsyncResult)1 IAsyncResultHandler (io.apiman.gateway.engine.async.IAsyncResultHandler)1 ILdapComponent (io.apiman.gateway.engine.components.ILdapComponent)1 ILdapAttribute (io.apiman.gateway.engine.components.ldap.ILdapAttribute)1 ILdapClientConnection (io.apiman.gateway.engine.components.ldap.ILdapClientConnection)1 ILdapDn (io.apiman.gateway.engine.components.ldap.ILdapDn)1 ILdapRdn (io.apiman.gateway.engine.components.ldap.ILdapRdn)1 LdapConfigBean (io.apiman.gateway.engine.components.ldap.LdapConfigBean)1 LdapSearchScope (io.apiman.gateway.engine.components.ldap.LdapSearchScope)1