use of javax.naming.ldap.LdapContext in project Openfire by igniterealtime.
the class LdapGroupProvider method getGroup.
@Override
public Group getGroup(String groupName) throws GroupNotFoundException {
LdapContext ctx = null;
try {
String groupDN = manager.findGroupDN(groupName);
// Load record.
ctx = manager.getContext(manager.getGroupsBaseDN(groupName));
Attributes attrs = ctx.getAttributes(groupDN, standardAttributes);
return processGroup(ctx, attrs);
} catch (Exception e) {
Log.error(e.getMessage(), e);
throw new GroupNotFoundException("Group with name " + groupName + " not found.", e);
} finally {
try {
if (ctx != null) {
ctx.setRequestControls(null);
ctx.close();
}
} catch (Exception ignored) {
// Ignore.
}
}
}
use of javax.naming.ldap.LdapContext in project neo4j by neo4j.
the class LdapRealm method queryForAuthenticationInfoUsingStartTls.
protected AuthenticationInfo queryForAuthenticationInfoUsingStartTls(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
Object principal = getLdapPrincipal(token);
Object credentials = token.getCredentials();
LdapContext ctx = null;
try {
ctx = getLdapContextUsingStartTls(ldapContextFactory, principal, credentials);
return createAuthenticationInfo(token, principal, credentials, ctx);
} finally {
LdapUtils.closeContext(ctx);
}
}
use of javax.naming.ldap.LdapContext in project neo4j by neo4j.
the class LdapRealmTest method shouldWarnAboutGroupMembershipsBeingEmpty.
@Test
public void shouldWarnAboutGroupMembershipsBeingEmpty() throws Exception {
when(config.get(SecuritySettings.ldap_authorization_group_membership_attribute_names)).thenReturn(Collections.emptyList());
LdapContext ldapContext = mock(LdapContext.class);
NamingEnumeration result = mock(NamingEnumeration.class);
when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
when(result.hasMoreElements()).thenReturn(false);
assertException(this::makeAndInit, IllegalArgumentException.class, "Illegal LDAP user search settings, see security log for details.");
verify(securityLog).error(contains("LDAP group membership attribute names are empty. " + "Authorization will not be possible."));
}
use of javax.naming.ldap.LdapContext in project neo4j by neo4j.
the class LdapRealmTest method shouldWarnAboutUserSearchFilterWithoutArgument.
@Test
public void shouldWarnAboutUserSearchFilterWithoutArgument() throws Exception {
when(config.get(SecuritySettings.ldap_authorization_user_search_filter)).thenReturn("");
LdapContext ldapContext = mock(LdapContext.class);
NamingEnumeration result = mock(NamingEnumeration.class);
when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
when(result.hasMoreElements()).thenReturn(false);
makeAndInit();
verify(securityLog).warn(contains("LDAP user search filter does not contain the argument placeholder {0}"));
}
use of javax.naming.ldap.LdapContext in project neo4j by neo4j.
the class LdapRealmTest method shouldAllowMultipleGroupMembershipAttributes.
@Test
public void shouldAllowMultipleGroupMembershipAttributes() throws NamingException {
when(config.get(SecuritySettings.ldap_authorization_user_search_filter)).thenReturn("{0}");
when(config.get(SecuritySettings.ldap_authorization_group_membership_attribute_names)).thenReturn(asList("attr0", "attr1", "attr2"));
when(config.get(SecuritySettings.ldap_authorization_group_to_role_mapping)).thenReturn("group1=role1;group2=role2,role3");
LdapContext ldapContext = mock(LdapContext.class);
NamingEnumeration result = mock(NamingEnumeration.class);
SearchResult searchResult = mock(SearchResult.class);
Attributes attributes = mock(Attributes.class);
Attribute attribute1 = mock(Attribute.class);
Attribute attribute2 = mock(Attribute.class);
Attribute attribute3 = mock(Attribute.class);
NamingEnumeration attributeEnumeration = mock(NamingEnumeration.class);
NamingEnumeration groupEnumeration1 = mock(NamingEnumeration.class);
NamingEnumeration groupEnumeration2 = mock(NamingEnumeration.class);
NamingEnumeration groupEnumeration3 = mock(NamingEnumeration.class);
// Mock ldap search result "attr1" contains "group1" and "attr2" contains "group2" (a bit brittle...)
// "attr0" is non-existing and should have no effect
when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
when(result.hasMoreElements()).thenReturn(true, false);
when(result.next()).thenReturn(searchResult);
when(searchResult.getAttributes()).thenReturn(attributes);
when(attributes.getAll()).thenReturn(attributeEnumeration);
when(attributeEnumeration.hasMore()).thenReturn(true, true, false);
when(attributeEnumeration.next()).thenReturn(attribute1, attribute2, attribute3);
// This attribute should yield role1
when(attribute1.getID()).thenReturn("attr1");
when(attribute1.getAll()).thenReturn(groupEnumeration1);
when(groupEnumeration1.hasMore()).thenReturn(true, false);
when(groupEnumeration1.next()).thenReturn("group1");
// This attribute should yield role2 and role3
when(attribute2.getID()).thenReturn("attr2");
when(attribute2.getAll()).thenReturn(groupEnumeration2);
when(groupEnumeration2.hasMore()).thenReturn(true, false);
when(groupEnumeration2.next()).thenReturn("group2");
// This attribute should have no effect
when(attribute3.getID()).thenReturn("attr3");
when(attribute3.getAll()).thenReturn(groupEnumeration3);
when(groupEnumeration3.hasMore()).thenReturn(true, false);
when(groupEnumeration3.next()).thenReturn("groupWithNoRole");
// When
LdapRealm realm = new LdapRealm(config, securityLog, secureHasher);
Set<String> roles = realm.findRoleNamesForUser("username", ldapContext);
// Then
assertThat(roles, hasItems("role1", "role2", "role3"));
}
Aggregations