Search in sources :

Example 81 with SearchResult

use of javax.naming.directory.SearchResult in project simba-os by cegeka.

the class ActiveDirectoryLoginModuleTest method injection.

@Test
@SuppressWarnings("unchecked")
public void injection() throws Exception {
    when(configurationService.getValue(SimbaConfigurationParameter.ENABLE_AD_GROUPS)).thenReturn(Boolean.FALSE);
    Map<String, String> options = new HashMap<>();
    options.put("primaryServer", "localhost:389");
    options.put("baseDN", "'dc=rsvzinasti,dc=be'");
    options.put("filter", "(&amp;(objectClass=person)(sAMAccountName=%USERNAME%))");
    options.put("searchScope", "subtree");
    options.put("authDomain", "rsvzinasti.be");
    options.put("authAttr", "sAMAccountName");
    options.put("securityLevel", "simple");
    NamingEnumeration attrsNamingEnumeration = mock(NamingEnumeration.class);
    when(attrsNamingEnumeration.hasMore()).thenReturn(true);
    Attributes attrs = mock(Attributes.class);
    when(attrs.getAll()).thenReturn(attrsNamingEnumeration);
    SearchResult searchResult = mock(SearchResult.class);
    when(searchResult.getName()).thenReturn(null);
    when(searchResult.getAttributes()).thenReturn(attrs);
    NamingEnumeration<SearchResult> searchResultNamingEnumeration = mock(NamingEnumeration.class);
    when(searchResultNamingEnumeration.hasMoreElements()).thenReturn(true).thenReturn(false);
    when(searchResultNamingEnumeration.next()).thenReturn(searchResult);
    ArgumentCaptor<String> searchFilter = ArgumentCaptor.forClass(String.class);
    final LdapContext ldapContext = mock(LdapContext.class);
    when(ldapContext.search(eq("'dc=rsvzinasti,dc=be'"), searchFilter.capture(), any(SearchControls.class))).thenReturn(searchResultNamingEnumeration);
    ActiveDirectoryLoginModule loginModule = new ActiveDirectoryLoginModule() {

        @Override
        protected LdapContext tryPrimaryContext(Hashtable<String, String> env) {
            return ldapContext;
        }
    };
    loginModule.setUsername(" u\\*() ");
    loginModule.setPassword(" p\\*() ");
    loginModule.initialize(new Subject(), mock(CallbackHandler.class), Collections.emptyMap(), options);
    boolean result = loginModule.verifyLoginData();
    assertThat(result).isTrue();
    assertThat(searchFilter.getValue()).isEqualTo("(&amp;(objectClass=person)(sAMAccountName= u5c2a282900 ))");
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) HashMap(java.util.HashMap) Hashtable(java.util.Hashtable) Attributes(javax.naming.directory.Attributes) NamingEnumeration(javax.naming.NamingEnumeration) SearchResult(javax.naming.directory.SearchResult) Subject(javax.security.auth.Subject) SearchControls(javax.naming.directory.SearchControls) LdapContext(javax.naming.ldap.LdapContext) Test(org.junit.Test)

Example 82 with SearchResult

use of javax.naming.directory.SearchResult in project simba-os by cegeka.

the class ActiveDirectoryLoginModule method verifyLoginData.

@Override
protected boolean verifyLoginData() throws FailedLoginException {
    String[] returnedAtts = { authenticationAttribute };
    Encoder encoder = DefaultEncoder.getInstance();
    String requestSearchFilter = searchFilter.replaceAll("%USERNAME%", encoder.encodeForLDAP(getUsername()));
    SearchControls searchCtls = new SearchControls();
    searchCtls.setReturningAttributes(returnedAtts);
    searchCtls.setSearchScope(searchScope);
    Hashtable<String, String> env = getEnv();
    debug("Verifying credentials for user: " + getUsername());
    boolean ldapUser = false;
    String userCN = null;
    try {
        LdapContext ldapContext = getLdapContext(env);
        if (ldapContext != null) {
            NamingEnumeration<SearchResult> answer = ldapContext.search(searchBase, requestSearchFilter, searchCtls);
            while (!ldapUser && answer.hasMoreElements()) {
                SearchResult sr = answer.next();
                userCN = sr.getName();
                Attributes attrs = sr.getAttributes();
                if (attrs != null) {
                    NamingEnumeration<? extends Attribute> ne = attrs.getAll();
                    ldapUser = ne.hasMore();
                    ne.close();
                }
            }
            debug("Authentication succeeded");
            if (Boolean.TRUE.equals(GlobalContext.locate(ConfigurationServiceImpl.class).getValue(SimbaConfigurationParameter.ENABLE_AD_GROUPS)) && userCN != null) {
                updateUserGroups(ldapContext, userCN);
            }
        }
        return ldapUser;
    } catch (NamingException ex) {
        debug("Authentication failed");
        throw new FailedLoginException(ex.getMessage());
    }
}
Also used : Attributes(javax.naming.directory.Attributes) SearchResult(javax.naming.directory.SearchResult) ConfigurationServiceImpl(org.simbasecurity.core.service.config.ConfigurationServiceImpl) FailedLoginException(javax.security.auth.login.FailedLoginException) Encoder(org.owasp.esapi.Encoder) DefaultEncoder(org.owasp.esapi.reference.DefaultEncoder) SearchControls(javax.naming.directory.SearchControls) NamingException(javax.naming.NamingException) InitialLdapContext(javax.naming.ldap.InitialLdapContext) LdapContext(javax.naming.ldap.LdapContext)

Aggregations

SearchResult (javax.naming.directory.SearchResult)82 SearchControls (javax.naming.directory.SearchControls)54 NamingException (javax.naming.NamingException)33 Attributes (javax.naming.directory.Attributes)31 ArrayList (java.util.ArrayList)27 DirContext (javax.naming.directory.DirContext)26 Attribute (javax.naming.directory.Attribute)24 NamingEnumeration (javax.naming.NamingEnumeration)20 Test (org.junit.Test)14 LdapContext (javax.naming.ldap.LdapContext)13 InitialDirContext (javax.naming.directory.InitialDirContext)11 DistinguishedName (org.springframework.ldap.core.DistinguishedName)9 DirContextAdapter (org.springframework.ldap.core.DirContextAdapter)7 HashMap (java.util.HashMap)6 HashSet (java.util.HashSet)6 Name (javax.naming.Name)6 BasicAttributes (javax.naming.directory.BasicAttributes)6 IOException (java.io.IOException)5 PartialResultException (javax.naming.PartialResultException)5 GroupNotFoundException (org.jivesoftware.openfire.group.GroupNotFoundException)5