use of javax.naming.directory.SearchResult in project cxf by apache.
the class LdapCertificateRepo method getCRLsFromLdap.
private List<X509CRL> getCRLsFromLdap(String tmpRootDN, String tmpFilter, String tmpAttrName) {
try {
List<X509CRL> crls = new ArrayList<>();
NamingEnumeration<SearchResult> answer = ldapSearch.searchSubTree(tmpRootDN, tmpFilter);
while (answer.hasMore()) {
SearchResult sr = answer.next();
Attributes attrs = sr.getAttributes();
Attribute attribute = attrs.get(tmpAttrName);
if (attribute != null) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream((byte[]) attribute.get()));
crls.add(crl);
}
}
return crls;
} catch (CertificateException e) {
throw new RuntimeException(e.getMessage(), e);
} catch (NamingException e) {
throw new RuntimeException(e.getMessage(), e);
} catch (CRLException e) {
throw new RuntimeException(e.getMessage(), e);
}
}
use of javax.naming.directory.SearchResult in project uPortal by Jasig.
the class SimpleLdapSecurityContext method authenticate.
/**
* Authenticates the user.
*/
public synchronized void authenticate() throws PortalSecurityException {
this.isauth = false;
ILdapServer ldapConn;
ldapConn = LdapServices.getDefaultLdapServer();
String creds = new String(this.myOpaqueCredentials.credentialstring);
if (this.myPrincipal.UID != null && !this.myPrincipal.UID.trim().equals("") && this.myOpaqueCredentials.credentialstring != null && !creds.trim().equals("")) {
DirContext conn = null;
NamingEnumeration results = null;
StringBuffer user = new StringBuffer("(");
String first_name = null;
String last_name = null;
user.append(ldapConn.getUidAttribute()).append("=");
user.append(this.myPrincipal.UID).append(")");
log.debug("SimpleLdapSecurityContext: Looking for {}", user.toString());
try {
conn = ldapConn.getConnection();
// set up search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(attributes);
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// do lookup
if (conn != null) {
try {
results = conn.search(ldapConn.getBaseDN(), user.toString(), searchCtls);
if (results != null) {
if (!results.hasMore()) {
log.error("SimpleLdapSecurityContext: user not found: {}", this.myPrincipal.UID);
}
while (results != null && results.hasMore()) {
SearchResult entry = (SearchResult) results.next();
StringBuffer dnBuffer = new StringBuffer();
dnBuffer.append(entry.getName()).append(", ");
dnBuffer.append(ldapConn.getBaseDN());
Attributes attrs = entry.getAttributes();
first_name = getAttributeValue(attrs, ATTR_FIRSTNAME);
last_name = getAttributeValue(attrs, ATTR_LASTNAME);
// re-bind as user
conn.removeFromEnvironment(javax.naming.Context.SECURITY_PRINCIPAL);
conn.removeFromEnvironment(javax.naming.Context.SECURITY_CREDENTIALS);
conn.addToEnvironment(javax.naming.Context.SECURITY_PRINCIPAL, dnBuffer.toString());
conn.addToEnvironment(javax.naming.Context.SECURITY_CREDENTIALS, this.myOpaqueCredentials.credentialstring);
searchCtls = new SearchControls();
searchCtls.setReturningAttributes(new String[0]);
searchCtls.setSearchScope(SearchControls.OBJECT_SCOPE);
String attrSearch = "(" + ldapConn.getUidAttribute() + "=*)";
log.debug("SimpleLdapSecurityContext: Looking in {} for {}", dnBuffer.toString(), attrSearch);
conn.search(dnBuffer.toString(), attrSearch, searchCtls);
this.isauth = true;
this.myPrincipal.FullName = first_name + " " + last_name;
log.debug("SimpleLdapSecurityContext: User {} ({}) is authenticated", this.myPrincipal.UID, this.myPrincipal.FullName);
// Since LDAP is case-insensitive with respect to uid, force
// user name to lower case for use by the portal
this.myPrincipal.UID = this.myPrincipal.UID.toLowerCase();
}
// while (results != null && results.hasMore())
} else {
log.error("SimpleLdapSecurityContext: No such user: {}", this.myPrincipal.UID);
}
} catch (AuthenticationException ae) {
log.info("SimpleLdapSecurityContext: Password invalid for user: " + this.myPrincipal.UID);
} catch (Exception e) {
log.error("SimpleLdapSecurityContext: LDAP Error with user: " + this.myPrincipal.UID + "; ", e);
throw new PortalSecurityException("SimpleLdapSecurityContext: LDAP Error" + e + " with user: " + this.myPrincipal.UID);
} finally {
ldapConn.releaseConnection(conn);
}
} else {
log.error("LDAP Server Connection unavailable");
}
} catch (final NamingException ne) {
log.error("Error getting connection to LDAP server.", ne);
}
} else {
// If the principal and/or credential are missing, the context authentication
// simply fails. It should not be construed that this is an error. It happens for guest
// access.
log.info("Principal or OpaqueCredentials not initialized prior to authenticate");
}
// Ok...we are now ready to authenticate all of our subcontexts.
super.authenticate();
return;
}
use of javax.naming.directory.SearchResult in project opentheso by miledrousset.
the class LDAPAuthenticator method dnFromUser.
private String dnFromUser(String username) throws NamingException {
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap://ldap.mondomaine.fr");
props.put(Context.REFERRAL, "ignore");
InitialDirContext context = new InitialDirContext(props);
SearchControls ctrls = new SearchControls();
ctrls.setReturningAttributes(new String[] { authBean.getFirstnameLdap(), authBean.getNameLdap() });
ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> answers = context.search(authBean.getScope(), "(" + authBean.getUidLdap() + "=" + username + ")", ctrls);
if (answers != null) {
SearchResult result = answers.next();
return result.getNameInNamespace();
}
return null;
}
use of javax.naming.directory.SearchResult in project opentheso by miledrousset.
the class LDAPAuthenticator method login.
/* (non-Javadoc)
* @see fr.persee.aldo.auth.Authenticator#login(java.lang.String, java.lang.String)
*/
public Account login(String login, String password) {
Account acc = null;
try {
String dn = dnFromUser(login);
if (dn == null) {
// TODO gerer exception
return null;
}
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password);
InitialDirContext context = new InitialDirContext(env);
SearchControls ctrls = new SearchControls();
ctrls.setReturningAttributes(new String[] { authBean.getFirstnameLdap(), authBean.getNameLdap(), authBean.getMailLdap() });
ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> answers;
answers = context.search(authBean.getScope(), "(" + authBean.getUidLdap() + "=" + login + ")", ctrls);
SearchResult result;
result = answers.next();
// System.out.println();
String firstname = result.getAttributes().get(authBean.getFirstnameLdap()).get().toString();
String name = result.getAttributes().get(authBean.getNameLdap()).get().toString();
String mail = result.getAttributes().get(authBean.getMailLdap()).get().toString();
// User
User user = new User();
user.setUser(login);
user.setFirstname(firstname);
user.setLastname(name);
user.setMail(mail);
user.setUid(login);
// Account
acc = new Account();
acc.setBaseId(authBean.getBaseId());
acc.setUser(user);
} catch (NamingException e) {
}
return acc;
}
use of javax.naming.directory.SearchResult in project Payara by payara.
the class LDAPRealm method groupSearch.
/**
* Search for group membership using the given connection.
*/
private List groupSearch(DirContext ctx, String baseDN, String filter, String target) {
List groupList = new ArrayList();
try {
String[] targets = new String[1];
targets[0] = target;
SearchControls ctls = new SearchControls();
ctls.setReturningAttributes(targets);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration e = ctx.search(baseDN, filter.replaceAll(Matcher.quoteReplacement("\\"), Matcher.quoteReplacement("\\\\")), ctls);
while (e.hasMore()) {
SearchResult res = (SearchResult) e.next();
Attribute grpAttr = res.getAttributes().get(target);
int sz = grpAttr.size();
for (int i = 0; i < sz; i++) {
String s = (String) grpAttr.get(i);
groupList.add(s);
}
}
} catch (Exception e) {
_logger.log(Level.WARNING, "ldaprealm.searcherror", filter);
_logger.log(Level.WARNING, "security.exception", e);
}
return groupList;
}
Aggregations