Search in sources :

Example 1 with LdapSearchResult

use of io.micronaut.security.ldap.context.LdapSearchResult in project micronaut-security by micronaut-projects.

the class DefaultLdapGroupProcessor method process.

@Override
public Set<String> process(String attribute, LdapSearchResult result, SearchProvider groupResults) throws NamingException {
    Set<String> groupSet = new HashSet<>();
    List<LdapSearchResult> groupSearch = groupResults.get();
    if (groupSearch.isEmpty() && LOG.isDebugEnabled()) {
        LOG.debug("No groups found!");
    }
    for (LdapSearchResult groupResult : groupSearch) {
        groupResult.getAttributes().get(attribute, List.class).ifPresent(groups -> {
            for (Object group : groups) {
                processGroup(group.toString()).ifPresent(groupSet::add);
            }
        });
        if (LOG.isTraceEnabled()) {
            LOG.trace("The following groups were found for [{}]: {}", result.getDn(), groupSet);
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("Attempting to add any additional groups...");
    }
    groupSet.addAll(getAdditionalGroups(result));
    return groupSet;
}
Also used : LdapSearchResult(io.micronaut.security.ldap.context.LdapSearchResult) List(java.util.List) HashSet(java.util.HashSet)

Example 2 with LdapSearchResult

use of io.micronaut.security.ldap.context.LdapSearchResult in project micronaut-security by micronaut-projects.

the class LdapAuthenticationProvider method authenticate.

@Override
public Publisher<AuthenticationResponse> authenticate(HttpRequest<?> httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
    Flux<AuthenticationResponse> reactiveSequence = Flux.create(emitter -> {
        String username = authenticationRequest.getIdentity().toString();
        String password = authenticationRequest.getSecret().toString();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Starting authentication with configuration [{}]", configuration.getName());
            LOG.debug("Attempting to initialize manager context");
        }
        DirContext managerContext;
        try {
            managerContext = contextBuilder.build(configuration.getManagerSettings());
            debug(LOG, "Manager context initialized successfully");
        } catch (NamingException e) {
            debug(LOG, "Failed to create manager context. Returning unknown authentication failure. Encountered {}", e.getMessage());
            emitter.error(AuthenticationResponse.exception(AuthenticationFailureReason.UNKNOWN));
            return;
        }
        debug(LOG, "Attempting to authenticate with user [{}]", username);
        try {
            Optional<LdapSearchResult> optionalResult = ldapSearchService.searchFirst(managerContext, configuration.getSearch().getSettings(new Object[] { username }));
            if (optionalResult.isPresent()) {
                LdapSearchResult result = optionalResult.get();
                debug(LOG, "User found in context [{}]. Attempting to bind.", result.getDn());
                DirContext userContext = null;
                try {
                    String dn = result.getDn();
                    userContext = contextBuilder.build(configuration.getSettings(result.getDn(), password));
                    if (result.getAttributes() == null) {
                        result.setAttributes(userContext.getAttributes(dn));
                    }
                } finally {
                    contextBuilder.close(userContext);
                }
                debug(LOG, "Successfully bound user [{}]. Attempting to retrieving groups.", result.getDn());
                Set<String> groups = Collections.emptySet();
                LdapConfiguration.GroupConfiguration groupSettings = configuration.getGroups();
                if (groupSettings.isEnabled()) {
                    groups = ldapGroupProcessor.process(groupSettings.getAttribute(), result, () -> {
                        Object[] params = new Object[] { groupSettings.getFilterAttribute().map(attr -> result.getAttributes().getValue(attr)).orElse(result.getDn()) };
                        return ldapSearchService.search(managerContext, groupSettings.getSearchSettings(params));
                    });
                    debug(LOG, "Group search returned [{}] for user [{}]", groups, username);
                } else {
                    debug(LOG, "Group search is disabled for configuration [{}]", configuration.getName());
                }
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Attempting to map [{}] with groups [{}] to an authentication response.", username, groups);
                }
                AuthenticationResponse response = contextAuthenticationMapper.map(result.getAttributes(), username, groups);
                if (response.isAuthenticated()) {
                    emitter.next(response);
                    emitter.complete();
                } else {
                    emitter.error(new AuthenticationException(response));
                }
                debug(LOG, "Response successfully created for [{}]. Response is authenticated: [{}]", username, response.isAuthenticated());
            } else {
                debug(LOG, "User not found [{}]", username);
                emitter.error(AuthenticationResponse.exception(AuthenticationFailureReason.USER_NOT_FOUND));
            }
        } catch (NamingException e) {
            debug(LOG, "Failed to authenticate with user [{}].  {}", username, e);
            if (e instanceof javax.naming.AuthenticationException) {
                emitter.error(AuthenticationResponse.exception(AuthenticationFailureReason.CREDENTIALS_DO_NOT_MATCH));
            } else {
                emitter.error(e);
            }
        } finally {
            contextBuilder.close(managerContext);
        }
    }, FluxSink.OverflowStrategy.ERROR);
    reactiveSequence = reactiveSequence.subscribeOn(scheduler);
    return reactiveSequence;
}
Also used : LdapSearchResult(io.micronaut.security.ldap.context.LdapSearchResult) AuthenticationException(io.micronaut.security.authentication.AuthenticationException) LdapConfiguration(io.micronaut.security.ldap.configuration.LdapConfiguration) DirContext(javax.naming.directory.DirContext) AuthenticationResponse(io.micronaut.security.authentication.AuthenticationResponse) NamingException(javax.naming.NamingException)

Aggregations

LdapSearchResult (io.micronaut.security.ldap.context.LdapSearchResult)2 AuthenticationException (io.micronaut.security.authentication.AuthenticationException)1 AuthenticationResponse (io.micronaut.security.authentication.AuthenticationResponse)1 LdapConfiguration (io.micronaut.security.ldap.configuration.LdapConfiguration)1 HashSet (java.util.HashSet)1 List (java.util.List)1 NamingException (javax.naming.NamingException)1 DirContext (javax.naming.directory.DirContext)1