use of javax.naming.directory.Attribute in project orientdb by orientechnologies.
the class OStorageRemote method parseServerURLs.
/**
* Parse the URLs. Multiple URLs must be separated by semicolon (;)
*/
protected void parseServerURLs() {
String lastHost = null;
int dbPos = url.indexOf('/');
if (dbPos == -1) {
// SHORT FORM
addHost(url);
lastHost = url;
name = url;
} else {
name = url.substring(url.lastIndexOf("/") + 1);
for (String host : url.substring(0, dbPos).split(ADDRESS_SEPARATOR)) {
lastHost = host;
addHost(host);
}
}
synchronized (serverURLs) {
if (serverURLs.size() == 1 && OGlobalConfiguration.NETWORK_BINARY_DNS_LOADBALANCING_ENABLED.getValueAsBoolean()) {
// LOOK FOR LOAD BALANCING DNS TXT RECORD
final String primaryServer = lastHost;
OLogManager.instance().debug(this, "Retrieving URLs from DNS '%s' (timeout=%d)...", primaryServer, OGlobalConfiguration.NETWORK_BINARY_DNS_LOADBALANCING_TIMEOUT.getValueAsInteger());
try {
final Hashtable<String, String> env = new Hashtable<String, String>();
env.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
env.put("com.sun.jndi.ldap.connect.timeout", OGlobalConfiguration.NETWORK_BINARY_DNS_LOADBALANCING_TIMEOUT.getValueAsString());
final DirContext ictx = new InitialDirContext(env);
final String hostName = !primaryServer.contains(":") ? primaryServer : primaryServer.substring(0, primaryServer.indexOf(":"));
final Attributes attrs = ictx.getAttributes(hostName, new String[] { "TXT" });
final Attribute attr = attrs.get("TXT");
if (attr != null) {
for (int i = 0; i < attr.size(); ++i) {
String configuration = (String) attr.get(i);
if (configuration.startsWith("\""))
configuration = configuration.substring(1, configuration.length() - 1);
if (configuration != null) {
serverURLs.clear();
final String[] parts = configuration.split(" ");
for (String part : parts) {
if (part.startsWith("s=")) {
addHost(part.substring("s=".length()));
}
}
}
}
}
} catch (NamingException ignore) {
}
}
}
}
use of javax.naming.directory.Attribute in project neo4j by neo4j.
the class LdapRealm method findRoleNamesForUser.
// TODO: Extract to an LdapAuthorizationStrategy ? This ("group by attribute") is one of multiple possible strategies
Set<String> findRoleNamesForUser(String username, LdapContext ldapContext) throws NamingException {
Set<String> roleNames = new LinkedHashSet<>();
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setReturningAttributes(membershipAttributeNames.toArray(new String[1]));
// Use search argument to prevent potential code injection
Object[] searchArguments = new Object[] { username };
NamingEnumeration result = ldapContext.search(userSearchBase, userSearchFilter, searchArguments, searchCtls);
if (result.hasMoreElements()) {
SearchResult searchResult = (SearchResult) result.next();
if (result.hasMoreElements()) {
securityLog.warn(securityLog.isDebugEnabled() ? withRealm("LDAP user search for user principal '%s' is ambiguous. The first match that will " + "be checked for group membership is '%s' but the search also matches '%s'. " + "Please check your LDAP realm configuration.", username, searchResult.toString(), result.next().toString()) : withRealm("LDAP user search for user principal '%s' is ambiguous. The search matches more " + "than one entry. Please check your LDAP realm configuration.", username));
}
Attributes attributes = searchResult.getAttributes();
if (attributes != null) {
NamingEnumeration attributeEnumeration = attributes.getAll();
while (attributeEnumeration.hasMore()) {
Attribute attribute = (Attribute) attributeEnumeration.next();
String attributeId = attribute.getID();
if (membershipAttributeNames.stream().anyMatch(attributeId::equalsIgnoreCase)) {
Collection<String> groupNames = LdapUtils.getAllAttributeValues(attribute);
Collection<String> rolesForGroups = getRoleNamesForGroups(groupNames);
roleNames.addAll(rolesForGroups);
}
}
}
}
return roleNames;
}
use of javax.naming.directory.Attribute in project neo4j by neo4j.
the class LdapRealmTest method shouldAllowMultipleGroupMembershipAttributes.
@Test
public void shouldAllowMultipleGroupMembershipAttributes() throws NamingException {
when(config.get(SecuritySettings.ldap_authorization_user_search_filter)).thenReturn("{0}");
when(config.get(SecuritySettings.ldap_authorization_group_membership_attribute_names)).thenReturn(asList("attr0", "attr1", "attr2"));
when(config.get(SecuritySettings.ldap_authorization_group_to_role_mapping)).thenReturn("group1=role1;group2=role2,role3");
LdapContext ldapContext = mock(LdapContext.class);
NamingEnumeration result = mock(NamingEnumeration.class);
SearchResult searchResult = mock(SearchResult.class);
Attributes attributes = mock(Attributes.class);
Attribute attribute1 = mock(Attribute.class);
Attribute attribute2 = mock(Attribute.class);
Attribute attribute3 = mock(Attribute.class);
NamingEnumeration attributeEnumeration = mock(NamingEnumeration.class);
NamingEnumeration groupEnumeration1 = mock(NamingEnumeration.class);
NamingEnumeration groupEnumeration2 = mock(NamingEnumeration.class);
NamingEnumeration groupEnumeration3 = mock(NamingEnumeration.class);
// Mock ldap search result "attr1" contains "group1" and "attr2" contains "group2" (a bit brittle...)
// "attr0" is non-existing and should have no effect
when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
when(result.hasMoreElements()).thenReturn(true, false);
when(result.next()).thenReturn(searchResult);
when(searchResult.getAttributes()).thenReturn(attributes);
when(attributes.getAll()).thenReturn(attributeEnumeration);
when(attributeEnumeration.hasMore()).thenReturn(true, true, false);
when(attributeEnumeration.next()).thenReturn(attribute1, attribute2, attribute3);
// This attribute should yield role1
when(attribute1.getID()).thenReturn("attr1");
when(attribute1.getAll()).thenReturn(groupEnumeration1);
when(groupEnumeration1.hasMore()).thenReturn(true, false);
when(groupEnumeration1.next()).thenReturn("group1");
// This attribute should yield role2 and role3
when(attribute2.getID()).thenReturn("attr2");
when(attribute2.getAll()).thenReturn(groupEnumeration2);
when(groupEnumeration2.hasMore()).thenReturn(true, false);
when(groupEnumeration2.next()).thenReturn("group2");
// This attribute should have no effect
when(attribute3.getID()).thenReturn("attr3");
when(attribute3.getAll()).thenReturn(groupEnumeration3);
when(groupEnumeration3.hasMore()).thenReturn(true, false);
when(groupEnumeration3.next()).thenReturn("groupWithNoRole");
// When
LdapRealm realm = new LdapRealm(config, securityLog, secureHasher);
Set<String> roles = realm.findRoleNamesForUser("username", ldapContext);
// Then
assertThat(roles, hasItems("role1", "role2", "role3"));
}
use of javax.naming.directory.Attribute in project neo4j by neo4j.
the class LdapGroupHasUsersAuthPlugin method authorize.
private Set<String> authorize(LdapContext ctx, String username) throws NamingException {
Set<String> roleNames = new LinkedHashSet<>();
// Setup our search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setReturningAttributes(new String[] { GROUP_ID });
// Use a search argument to prevent potential code injection
Object[] searchArguments = new Object[] { username };
// Search for groups that has the user as a member
NamingEnumeration result = ctx.search(GROUP_SEARCH_BASE, GROUP_SEARCH_FILTER, searchArguments, searchCtls);
if (result.hasMoreElements()) {
SearchResult searchResult = (SearchResult) result.next();
Attributes attributes = searchResult.getAttributes();
if (attributes != null) {
NamingEnumeration attributeEnumeration = attributes.getAll();
while (attributeEnumeration.hasMore()) {
Attribute attribute = (Attribute) attributeEnumeration.next();
String attributeId = attribute.getID();
if (attributeId.equalsIgnoreCase(GROUP_ID)) {
// We found a group that the user is a member of. See if it has a role mapped to it
String groupId = (String) attribute.get();
String neo4jGroup = getNeo4jRoleForGroupId(groupId);
if (neo4jGroup != null) {
// Yay! Add it to our set of roles
roleNames.add(neo4jGroup);
}
}
}
}
}
return roleNames;
}
use of javax.naming.directory.Attribute in project hadoop by apache.
the class TestLdapGroupsMappingBase method setupMocksBase.
@Before
public void setupMocksBase() throws NamingException {
MockitoAnnotations.initMocks(this);
DirContext ctx = getContext();
doReturn(ctx).when(groupsMapping).getDirContext();
when(ctx.search(Mockito.anyString(), Mockito.anyString(), Mockito.any(Object[].class), Mockito.any(SearchControls.class))).thenReturn(userNames);
// We only ever call hasMoreElements once for the user NamingEnum, so
// we can just have one return value
when(userNames.hasMoreElements()).thenReturn(true);
SearchResult groupSearchResult = mock(SearchResult.class);
// We're going to have to define the loop here. We want two iterations,
// to get both the groups
when(groupNames.hasMoreElements()).thenReturn(true, true, false);
when(groupNames.nextElement()).thenReturn(groupSearchResult);
// Define the attribute for the name of the first group
Attribute group1Attr = new BasicAttribute("cn");
group1Attr.add(testGroups[0]);
Attributes group1Attrs = new BasicAttributes();
group1Attrs.put(group1Attr);
// Define the attribute for the name of the second group
Attribute group2Attr = new BasicAttribute("cn");
group2Attr.add(testGroups[1]);
Attributes group2Attrs = new BasicAttributes();
group2Attrs.put(group2Attr);
// This search result gets reused, so return group1, then group2
when(groupSearchResult.getAttributes()).thenReturn(group1Attrs, group2Attrs);
when(getUserNames().nextElement()).thenReturn(getUserSearchResult());
when(getUserSearchResult().getAttributes()).thenReturn(getAttributes());
// Define results for groups 1 level up
SearchResult parentGroupResult = mock(SearchResult.class);
// only one parent group
when(parentGroupNames.hasMoreElements()).thenReturn(true, false);
when(parentGroupNames.nextElement()).thenReturn(parentGroupResult);
// Define the attribute for the parent group
Attribute parentGroup1Attr = new BasicAttribute("cn");
parentGroup1Attr.add(testParentGroups[2]);
Attributes parentGroup1Attrs = new BasicAttributes();
parentGroup1Attrs.put(parentGroup1Attr);
// attach the attributes to the result
when(parentGroupResult.getAttributes()).thenReturn(parentGroup1Attrs);
when(parentGroupResult.getNameInNamespace()).thenReturn("CN=some_group,DC=test,DC=com");
}
Aggregations