use of io.micronaut.security.ldap.context.LdapSearchResult in project micronaut-security by micronaut-projects.
the class DefaultLdapGroupProcessor method process.
@Override
public Set<String> process(String attribute, LdapSearchResult result, SearchProvider groupResults) throws NamingException {
Set<String> groupSet = new HashSet<>();
List<LdapSearchResult> groupSearch = groupResults.get();
if (groupSearch.isEmpty() && LOG.isDebugEnabled()) {
LOG.debug("No groups found!");
}
for (LdapSearchResult groupResult : groupSearch) {
groupResult.getAttributes().get(attribute, List.class).ifPresent(groups -> {
for (Object group : groups) {
processGroup(group.toString()).ifPresent(groupSet::add);
}
});
if (LOG.isTraceEnabled()) {
LOG.trace("The following groups were found for [{}]: {}", result.getDn(), groupSet);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("Attempting to add any additional groups...");
}
groupSet.addAll(getAdditionalGroups(result));
return groupSet;
}
use of io.micronaut.security.ldap.context.LdapSearchResult in project micronaut-security by micronaut-projects.
the class LdapAuthenticationProvider method authenticate.
@Override
public Publisher<AuthenticationResponse> authenticate(HttpRequest<?> httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
Flux<AuthenticationResponse> reactiveSequence = Flux.create(emitter -> {
String username = authenticationRequest.getIdentity().toString();
String password = authenticationRequest.getSecret().toString();
if (LOG.isDebugEnabled()) {
LOG.debug("Starting authentication with configuration [{}]", configuration.getName());
LOG.debug("Attempting to initialize manager context");
}
DirContext managerContext;
try {
managerContext = contextBuilder.build(configuration.getManagerSettings());
debug(LOG, "Manager context initialized successfully");
} catch (NamingException e) {
debug(LOG, "Failed to create manager context. Returning unknown authentication failure. Encountered {}", e.getMessage());
emitter.error(AuthenticationResponse.exception(AuthenticationFailureReason.UNKNOWN));
return;
}
debug(LOG, "Attempting to authenticate with user [{}]", username);
try {
Optional<LdapSearchResult> optionalResult = ldapSearchService.searchFirst(managerContext, configuration.getSearch().getSettings(new Object[] { username }));
if (optionalResult.isPresent()) {
LdapSearchResult result = optionalResult.get();
debug(LOG, "User found in context [{}]. Attempting to bind.", result.getDn());
DirContext userContext = null;
try {
String dn = result.getDn();
userContext = contextBuilder.build(configuration.getSettings(result.getDn(), password));
if (result.getAttributes() == null) {
result.setAttributes(userContext.getAttributes(dn));
}
} finally {
contextBuilder.close(userContext);
}
debug(LOG, "Successfully bound user [{}]. Attempting to retrieving groups.", result.getDn());
Set<String> groups = Collections.emptySet();
LdapConfiguration.GroupConfiguration groupSettings = configuration.getGroups();
if (groupSettings.isEnabled()) {
groups = ldapGroupProcessor.process(groupSettings.getAttribute(), result, () -> {
Object[] params = new Object[] { groupSettings.getFilterAttribute().map(attr -> result.getAttributes().getValue(attr)).orElse(result.getDn()) };
return ldapSearchService.search(managerContext, groupSettings.getSearchSettings(params));
});
debug(LOG, "Group search returned [{}] for user [{}]", groups, username);
} else {
debug(LOG, "Group search is disabled for configuration [{}]", configuration.getName());
}
if (LOG.isTraceEnabled()) {
LOG.trace("Attempting to map [{}] with groups [{}] to an authentication response.", username, groups);
}
AuthenticationResponse response = contextAuthenticationMapper.map(result.getAttributes(), username, groups);
if (response.isAuthenticated()) {
emitter.next(response);
emitter.complete();
} else {
emitter.error(new AuthenticationException(response));
}
debug(LOG, "Response successfully created for [{}]. Response is authenticated: [{}]", username, response.isAuthenticated());
} else {
debug(LOG, "User not found [{}]", username);
emitter.error(AuthenticationResponse.exception(AuthenticationFailureReason.USER_NOT_FOUND));
}
} catch (NamingException e) {
debug(LOG, "Failed to authenticate with user [{}]. {}", username, e);
if (e instanceof javax.naming.AuthenticationException) {
emitter.error(AuthenticationResponse.exception(AuthenticationFailureReason.CREDENTIALS_DO_NOT_MATCH));
} else {
emitter.error(e);
}
} finally {
contextBuilder.close(managerContext);
}
}, FluxSink.OverflowStrategy.ERROR);
reactiveSequence = reactiveSequence.subscribeOn(scheduler);
return reactiveSequence;
}
Aggregations