use of opengrok.auth.entity.LdapUser in project OpenGrok by OpenGrok.
the class LdapAttrPluginTest method testAttrLookup.
/**
* Test the interaction between {@code LdapUserPlugin} and {@code LdapAttrPlugin}. Namely:
* <ul>
* <li>use of DN from the <code>LdapUser</code> object cached in the session by <code>LdapUserPlugin</code></li>
* <li>configuration of the cached session attribute name</li>
* </ul>
*/
@Test
void testAttrLookup() throws LdapException {
String attr_to_get = "mail";
String instance_num = "42";
String mail_attr_value = "james@bond.com";
// Create mock LDAP provider, simulating the work of LDAP server for LdapAttrPlugin#fillSession().
AbstractLdapProvider mockProvider = mock(LdapFacade.class);
Map<String, Set<String>> attrs = new HashMap<>();
attrs.put(attr_to_get, Collections.singleton(mail_attr_value));
final String dn = "cn=FOO_BAR,L=EMEA,DC=FOO,DC=COM";
AbstractLdapProvider.LdapSearchResult<Map<String, Set<String>>> result = new AbstractLdapProvider.LdapSearchResult<>(dn, attrs);
assertNotNull(result);
when(mockProvider.lookupLdapContent(anyString(), any(String[].class))).thenReturn(result);
// Load the LdapAttrPlugin using the mock LDAP provider.
LdapAttrPlugin plugin = new LdapAttrPlugin();
Map<String, Object> parameters = new TreeMap<>();
parameters.put(LdapAttrPlugin.FILE_PARAM, whitelistFile.getAbsolutePath());
parameters.put(LdapAttrPlugin.ATTR_PARAM, attr_to_get);
parameters.put(LdapAttrPlugin.INSTANCE_PARAM, instance_num);
plugin.load(parameters, mockProvider);
LdapUser ldapUser = new LdapUser(dn, null);
HttpServletRequest request = new DummyHttpServletRequestLdap();
request.getSession().setAttribute(LdapUserPlugin.SESSION_ATTR + instance_num, ldapUser);
// Here it comes all together.
User user = new User("jbond", "007");
plugin.fillSession(request, user);
// See if LdapAttrPlugin set its own session attribute based on the mocked query.
assertTrue((Boolean) request.getSession().getAttribute(plugin.getSessionAllowedAttrName()));
assertTrue(ldapUser.getAttribute(attr_to_get).contains(mail_attr_value));
}
use of opengrok.auth.entity.LdapUser in project OpenGrok by OpenGrok.
the class LdapAttrPlugin method fillSession.
@Override
public void fillSession(HttpServletRequest req, User user) {
updateSession(req, false);
LdapUser ldapUser = (LdapUser) req.getSession().getAttribute(LdapUserPlugin.getSessionAttrName(ldapUserInstance));
if (ldapUser == null) {
LOGGER.log(Level.WARNING, "cannot get {0} attribute from {1}", new Object[] { LdapUserPlugin.SESSION_ATTR, user });
return;
}
// Check attributes cached in LDAP user object first, then query LDAP server
// (and if found, cache the result in the LDAP user object).
Set<String> attributeValues = ldapUser.getAttribute(ldapAttr);
if (attributeValues == null) {
Map<String, Set<String>> records = null;
AbstractLdapProvider ldapProvider = getLdapProvider();
try {
String dn = ldapUser.getDn();
if (dn != null) {
LOGGER.log(Level.FINEST, "searching with dn={0} on {1}", new Object[] { dn, ldapProvider });
AbstractLdapProvider.LdapSearchResult<Map<String, Set<String>>> res;
if ((res = ldapProvider.lookupLdapContent(dn, new String[] { ldapAttr })) == null) {
LOGGER.log(Level.WARNING, "cannot lookup attributes {0} for user {1} on {2})", new Object[] { ldapAttr, ldapUser, ldapProvider });
return;
}
records = res.getAttrs();
} else {
LOGGER.log(Level.FINE, "no DN for LDAP user {0} on {1}", new Object[] { ldapUser, ldapProvider });
}
} catch (LdapException ex) {
throw new AuthorizationException(ex);
}
if (records == null || records.isEmpty() || (attributeValues = records.get(ldapAttr)) == null) {
LOGGER.log(Level.WARNING, "empty records or attribute values {0} for user {1} on {2}", new Object[] { ldapAttr, ldapUser, ldapProvider });
return;
}
ldapUser.setAttribute(ldapAttr, attributeValues);
}
boolean isAttrInWhitelist = attributeValues.stream().anyMatch(whitelist::contains);
LOGGER.log(Level.FINEST, "LDAP user {0} {1} against {2}", new Object[] { ldapUser, isAttrInWhitelist ? "allowed" : "denied", filePath });
updateSession(req, isAttrInWhitelist);
}
use of opengrok.auth.entity.LdapUser in project OpenGrok by OpenGrok.
the class LdapFilterPlugin method fillSession.
@Override
public void fillSession(HttpServletRequest req, User user) {
LdapUser ldapUser;
updateSession(req, false);
if ((ldapUser = (LdapUser) req.getSession().getAttribute(getSessionAttr())) == null) {
LOGGER.log(Level.WARNING, "failed to get LDAP attribute ''{0}'' from session for user {1}", new Object[] { LdapUserPlugin.SESSION_ATTR, user });
return;
}
String expandedFilter = expandFilter(ldapFilter, ldapUser, user);
LOGGER.log(Level.FINEST, "expanded filter ''{0}'' for user {1} and LDAP user {2} into ''{3}''", new Object[] { ldapFilter, user, ldapUser, expandedFilter });
AbstractLdapProvider ldapProvider = getLdapProvider();
try {
if ((ldapProvider.lookupLdapContent(null, expandedFilter)) == null) {
LOGGER.log(Level.FINER, "empty content for LDAP user {0} with filter ''{1}'' on {2}", new Object[] { ldapUser, expandedFilter, ldapProvider });
return;
}
} catch (LdapException ex) {
throw new AuthorizationException(ex);
}
LOGGER.log(Level.FINER, "LDAP user {0} allowed on {1}", new Object[] { ldapUser, ldapProvider });
updateSession(req, true);
}
use of opengrok.auth.entity.LdapUser in project OpenGrok by OpenGrok.
the class LdapUserPlugin method fillSession.
@Override
public void fillSession(HttpServletRequest req, User user) {
Map<String, Set<String>> records;
updateSession(req, null);
if (getLdapProvider() == null) {
LOGGER.log(Level.WARNING, "cannot get LDAP provider");
return;
}
String dn = null;
if (Boolean.TRUE.equals(useDN)) {
dn = user.getUsername();
LOGGER.log(Level.FINEST, "using DN ''{0}'' for user {1}", new Object[] { dn, user });
}
String expandedFilter = null;
if (ldapFilter != null) {
expandedFilter = expandFilter(user);
LOGGER.log(Level.FINEST, "expanded filter for user {0} into ''{1}''", new Object[] { user, expandedFilter });
}
AbstractLdapProvider ldapProvider = getLdapProvider();
try {
AbstractLdapProvider.LdapSearchResult<Map<String, Set<String>>> res;
if ((res = ldapProvider.lookupLdapContent(dn, expandedFilter, attrSet.toArray(new String[0]))) == null) {
LOGGER.log(Level.WARNING, "failed to get LDAP attributes ''{2}'' for user {0} " + "with filter ''{1}'' from LDAP provider {3}", new Object[] { user, expandedFilter, attrSet, getLdapProvider() });
LdapUser ldapUser = new LdapUser(dn, null);
ldapUser.setAttribute(NEGATIVE_CACHE_ATTR, Collections.singleton(null));
updateSession(req, ldapUser);
return;
}
records = res.getAttrs();
if (Boolean.FALSE.equals(useDN)) {
dn = res.getDN();
LOGGER.log(Level.FINEST, "got DN ''{0}'' for user {1}", new Object[] { dn, user });
}
} catch (LdapException ex) {
throw new AuthorizationException(ex);
}
if (records.isEmpty()) {
LOGGER.log(Level.WARNING, "LDAP records for user {0} are empty on {1}", new Object[] { user, ldapProvider });
return;
}
for (String attrName : attrSet) {
if (!records.containsKey(attrName) || records.get(attrName) == null || records.get(attrName).isEmpty()) {
LOGGER.log(Level.WARNING, "''{0}'' record for user {1} is not present or empty on {2}", new Object[] { attrName, user, ldapProvider });
}
}
Map<String, Set<String>> userAttrSet = new HashMap<>();
for (String attrName : this.attrSet) {
userAttrSet.put(attrName, records.get(attrName));
}
LOGGER.log(Level.FINEST, "DN for user {0} is ''{1}'' on {2}", new Object[] { user, dn, ldapProvider });
updateSession(req, new LdapUser(dn, userAttrSet));
}
Aggregations