use of javax.naming.directory.SearchResult in project simba-os by cegeka.
the class ActiveDirectoryLoginModuleTest method injection.
@Test
@SuppressWarnings("unchecked")
public void injection() throws Exception {
when(configurationService.getValue(SimbaConfigurationParameter.ENABLE_AD_GROUPS)).thenReturn(Boolean.FALSE);
Map<String, String> options = new HashMap<>();
options.put("primaryServer", "localhost:389");
options.put("baseDN", "'dc=rsvzinasti,dc=be'");
options.put("filter", "(&(objectClass=person)(sAMAccountName=%USERNAME%))");
options.put("searchScope", "subtree");
options.put("authDomain", "rsvzinasti.be");
options.put("authAttr", "sAMAccountName");
options.put("securityLevel", "simple");
NamingEnumeration attrsNamingEnumeration = mock(NamingEnumeration.class);
when(attrsNamingEnumeration.hasMore()).thenReturn(true);
Attributes attrs = mock(Attributes.class);
when(attrs.getAll()).thenReturn(attrsNamingEnumeration);
SearchResult searchResult = mock(SearchResult.class);
when(searchResult.getName()).thenReturn(null);
when(searchResult.getAttributes()).thenReturn(attrs);
NamingEnumeration<SearchResult> searchResultNamingEnumeration = mock(NamingEnumeration.class);
when(searchResultNamingEnumeration.hasMoreElements()).thenReturn(true).thenReturn(false);
when(searchResultNamingEnumeration.next()).thenReturn(searchResult);
ArgumentCaptor<String> searchFilter = ArgumentCaptor.forClass(String.class);
final LdapContext ldapContext = mock(LdapContext.class);
when(ldapContext.search(eq("'dc=rsvzinasti,dc=be'"), searchFilter.capture(), any(SearchControls.class))).thenReturn(searchResultNamingEnumeration);
ActiveDirectoryLoginModule loginModule = new ActiveDirectoryLoginModule() {
@Override
protected LdapContext tryPrimaryContext(Hashtable<String, String> env) {
return ldapContext;
}
};
loginModule.setUsername(" u\\*() ");
loginModule.setPassword(" p\\*() ");
loginModule.initialize(new Subject(), mock(CallbackHandler.class), Collections.emptyMap(), options);
boolean result = loginModule.verifyLoginData();
assertThat(result).isTrue();
assertThat(searchFilter.getValue()).isEqualTo("(&(objectClass=person)(sAMAccountName= u5c2a282900 ))");
}
use of javax.naming.directory.SearchResult in project simba-os by cegeka.
the class ActiveDirectoryLoginModule method verifyLoginData.
@Override
protected boolean verifyLoginData() throws FailedLoginException {
String[] returnedAtts = { authenticationAttribute };
Encoder encoder = DefaultEncoder.getInstance();
String requestSearchFilter = searchFilter.replaceAll("%USERNAME%", encoder.encodeForLDAP(getUsername()));
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
searchCtls.setSearchScope(searchScope);
Hashtable<String, String> env = getEnv();
debug("Verifying credentials for user: " + getUsername());
boolean ldapUser = false;
String userCN = null;
try {
LdapContext ldapContext = getLdapContext(env);
if (ldapContext != null) {
NamingEnumeration<SearchResult> answer = ldapContext.search(searchBase, requestSearchFilter, searchCtls);
while (!ldapUser && answer.hasMoreElements()) {
SearchResult sr = answer.next();
userCN = sr.getName();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
NamingEnumeration<? extends Attribute> ne = attrs.getAll();
ldapUser = ne.hasMore();
ne.close();
}
}
debug("Authentication succeeded");
if (Boolean.TRUE.equals(GlobalContext.locate(ConfigurationServiceImpl.class).getValue(SimbaConfigurationParameter.ENABLE_AD_GROUPS)) && userCN != null) {
updateUserGroups(ldapContext, userCN);
}
}
return ldapUser;
} catch (NamingException ex) {
debug("Authentication failed");
throw new FailedLoginException(ex.getMessage());
}
}
Aggregations