Examples with PartialResultException javax.naming.PartialResultException used on opensource projects
Example 21 with PartialResultException
use of javax.naming.PartialResultException in project SSM by Intel-bigdata.
the class LdapRealm method rolesFor.
private Set<String> rolesFor(PrincipalCollection principals, String userNameIn, final LdapContext ldapCtx, final LdapContextFactory ldapContextFactory) throws NamingException {
final Set<String> roleNames = new HashSet<>();
final Set<String> groupNames = new HashSet<>();
final String userName;
if (getUserLowerCase()) {
log.debug("userLowerCase true");
userName = userNameIn.toLowerCase();
} else {
userName = userNameIn;
}
String userDn;
if (userSearchAttributeName == null || userSearchAttributeName.isEmpty()) {
// memberAttributeValuePrefix and memberAttributeValueSuffix
// were computed from memberAttributeValueTemplate
userDn = memberAttributeValuePrefix + userName + memberAttributeValueSuffix;
} else {
userDn = getUserDn(userName);
}
// Activate paged results
int pageSize = getPagingSize();
if (log.isDebugEnabled()) {
log.debug("Ldap PagingSize: " + pageSize);
}
int numResults = 0;
byte[] cookie = null;
try {
ldapCtx.addToEnvironment(Context.REFERRAL, "ignore");
ldapCtx.setRequestControls(new Control[] { new PagedResultsControl(pageSize, Control.NONCRITICAL) });
do {
// ldapsearch -h localhost -p 33389 -D
// uid=guest,ou=people,dc=hadoop,dc=apache,dc=org -w guest-password
// -b dc=hadoop,dc=apache,dc=org -s sub '(objectclass=*)'
NamingEnumeration<SearchResult> searchResultEnum = null;
SearchControls searchControls = getGroupSearchControls();
try {
if (groupSearchEnableMatchingRuleInChain) {
searchResultEnum = ldapCtx.search(getGroupSearchBase(), String.format(MATCHING_RULE_IN_CHAIN_FORMAT, groupObjectClass, memberAttribute, userDn), searchControls);
while (searchResultEnum != null && searchResultEnum.hasMore()) {
// searchResults contains all the groups in search scope
numResults++;
final SearchResult group = searchResultEnum.next();
Attribute attribute = group.getAttributes().get(getGroupIdAttribute());
String groupName = attribute.get().toString();
String roleName = roleNameFor(groupName);
if (roleName != null) {
roleNames.add(roleName);
} else {
roleNames.add(groupName);
}
}
} else {
searchResultEnum = ldapCtx.search(getGroupSearchBase(), "objectClass=" + groupObjectClass, searchControls);
while (searchResultEnum != null && searchResultEnum.hasMore()) {
// searchResults contains all the groups in search scope
numResults++;
final SearchResult group = searchResultEnum.next();
addRoleIfMember(userDn, group, roleNames, groupNames, ldapContextFactory);
}
}
} catch (PartialResultException e) {
log.debug("Ignoring PartitalResultException");
} finally {
if (searchResultEnum != null) {
searchResultEnum.close();
}
}
// Re-activate paged results
ldapCtx.setRequestControls(new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) });
} while (cookie != null);
} catch (SizeLimitExceededException e) {
log.info("Only retrieved first " + numResults + " groups due to SizeLimitExceededException.");
} catch (IOException e) {
log.error("Unabled to setup paged results");
}
// save role names and group names in session so that they can be
// easily looked up outside of this object
SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roleNames);
SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, groupNames);
if (!groupNames.isEmpty() && (principals instanceof MutablePrincipalCollection)) {
((MutablePrincipalCollection) principals).addAll(groupNames, getName());
}
if (log.isDebugEnabled()) {
log.debug("User RoleNames: " + userName + "::" + roleNames);
}
return roleNames;
}
Also used :
Attribute(javax.naming.directory.Attribute)
SearchResult(javax.naming.directory.SearchResult)
PartialResultException(javax.naming.PartialResultException)
IOException(java.io.IOException)
MutablePrincipalCollection(org.apache.shiro.subject.MutablePrincipalCollection)
SizeLimitExceededException(javax.naming.SizeLimitExceededException)
SearchControls(javax.naming.directory.SearchControls)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Example 22 with PartialResultException
use of javax.naming.PartialResultException in project knox by apache.
the class KnoxLdapRealm method rolesFor.
private Set<String> rolesFor(PrincipalCollection principals, final String userName, final LdapContext ldapCtx, final LdapContextFactory ldapContextFactory) throws NamingException {
final Set<String> roleNames = new HashSet<>();
final Set<String> groupNames = new HashSet<>();
String userDn;
if (userSearchAttributeName == null || userSearchAttributeName.isEmpty()) {
// memberAttributeValuePrefix and memberAttributeValueSuffix were computed from memberAttributeValueTemplate
userDn = memberAttributeValuePrefix + userName + memberAttributeValueSuffix;
} else {
userDn = getUserDn(userName);
}
// Activate paged results
int pageSize = 100;
int numResults = 0;
byte[] cookie = null;
try {
ldapCtx.addToEnvironment(Context.REFERRAL, "ignore");
ldapCtx.setRequestControls(new Control[] { new PagedResultsControl(pageSize, Control.NONCRITICAL) });
do {
// ldapsearch -h localhost -p 33389 -D uid=guest,ou=people,dc=hadoop,dc=apache,dc=org -w guest-password
// -b dc=hadoop,dc=apache,dc=org -s sub '(objectclass=*)'
NamingEnumeration<SearchResult> searchResultEnum = null;
try {
searchResultEnum = ldapCtx.search(getGroupSearchBase(), "objectClass=" + groupObjectClass, SUBTREE_SCOPE);
while (searchResultEnum != null && searchResultEnum.hasMore()) {
// searchResults contains all the groups in search scope
numResults++;
final SearchResult group = searchResultEnum.next();
addRoleIfMember(userDn, group, roleNames, groupNames, ldapContextFactory);
}
} catch (PartialResultException e) {
LOG.ignoringPartialResultException();
} finally {
if (searchResultEnum != null) {
searchResultEnum.close();
}
}
// Examine the paged results control response
Control[] controls = ldapCtx.getResponseControls();
if (controls != null) {
for (Control control : controls) {
if (control instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) control;
cookie = prrc.getCookie();
}
}
}
// Re-activate paged results
ldapCtx.setRequestControls(new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) });
} while (cookie != null);
} catch (SizeLimitExceededException e) {
LOG.sizeLimitExceededOnlyRetrieved(numResults);
} catch (IOException e) {
LOG.unableToSetupPagedResults();
}
// save role names and group names in session so that they can be easily looked up outside of this object
SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roleNames);
SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, groupNames);
if (!groupNames.isEmpty() && (principals instanceof MutablePrincipalCollection)) {
((MutablePrincipalCollection) principals).addAll(groupNames, getName());
}
LOG.lookedUpUserRoles(roleNames, userName);
return roleNames;
}
Also used :
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
SearchResult(javax.naming.directory.SearchResult)
PartialResultException(javax.naming.PartialResultException)
IOException(java.io.IOException)
MutablePrincipalCollection(org.apache.shiro.subject.MutablePrincipalCollection)
PagedResultsResponseControl(javax.naming.ldap.PagedResultsResponseControl)
Control(javax.naming.ldap.Control)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
SizeLimitExceededException(javax.naming.SizeLimitExceededException)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
PagedResultsControl(javax.naming.ldap.PagedResultsControl)
Aggregations
PartialResultException (javax.naming.PartialResultException)22
SearchResult (javax.naming.directory.SearchResult)14
Attribute (javax.naming.directory.Attribute)12
SearchControls (javax.naming.directory.SearchControls)12
Attributes (javax.naming.directory.Attributes)9
ArrayList (java.util.ArrayList)7
HashSet (java.util.HashSet)7
HashMap (java.util.HashMap)5
CompositeName (javax.naming.CompositeName)5
Name (javax.naming.Name)5
ParameterizedString (com.google.gerrit.common.data.ParameterizedString)4
IOException (java.io.IOException)4
LinkedHashSet (java.util.LinkedHashSet)4
SizeLimitExceededException (javax.naming.SizeLimitExceededException)4
PagedResultsControl (javax.naming.ldap.PagedResultsControl)4
MutablePrincipalCollection (org.apache.shiro.subject.MutablePrincipalCollection)4
Entry (java.util.Map.Entry)3
NameParser (javax.naming.NameParser)3
NamingException (javax.naming.NamingException)3
ImmutableSet (com.google.common.collect.ImmutableSet)2
