Examples with LdapConnection org.apache.directory.ldap.client.api.LdapConnection used on opensource projects

Example 16 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-ldap-api by apache.

the class LdapConnectionTemplate method modifyPassword.

/**
 * {@inheritDoc}
 */
@Override
public void modifyPassword(Dn userDn, char[] oldPassword, char[] newPassword, boolean asAdmin) throws PasswordException {
    LdapConnection connection = null;
    try {
        connection = connectionPool.getConnection();
        if (!asAdmin) {
            authenticateConnection(connection, userDn, oldPassword);
        }
        modifyPassword(connection, userDn, newPassword);
    } catch (LdapException e) {
        throw new LdapRuntimeException(e);
    } finally {
        returnLdapConnection(connection);
    }
}

Example 17 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AcceleratorDAO method sessionRoles.

/**
 * SessionRoles returns a list of UserRole's activated for user on impl server.
 * It uses the {@link RbacSessionRolesRequest} and {@link RbacSessionRolesResponse} accelerator APIs.
 *
 * todo: This method does not yet, but will soon populate temporal constraints associated with entities returned.
 *
 * @param session contains a valid sessionId captured from accelerator createSession method.
 * @return List of type UserRole.  May be null if user has no roles activated in session stored - server side.
 * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_SESSION_ROLES_ERR}.
 */
List<UserRole> sessionRoles(Session session) throws SecurityException {
    LdapConnection ld = null;
    List<UserRole> userRoleList = null;
    try {
        ld = getAdminConnection();
        RbacSessionRolesRequest sessionRolesRequest = new RbacSessionRolesRequestImpl();
        sessionRolesRequest.setSessionId(session.getSessionId());
        sessionRolesRequest.setUserIdentity(session.getUserId());
        // Send the request
        RbacSessionRolesResponse sessionRolesResponse = (RbacSessionRolesResponse) ld.extended(sessionRolesRequest);
        LOG.debug("sessionRoles result: {}", sessionRolesResponse.getLdapResult().getResultCode().getResultCode());
        if (CollectionUtils.isNotEmpty(sessionRolesResponse.getRoles())) {
            userRoleList = new ArrayList<UserRole>();
            for (String roleNm : sessionRolesResponse.getRoles()) {
                userRoleList.add(new UserRole(session.getUserId(), roleNm));
            // todo: add temporal constraints here
            }
        }
    } catch (LdapException e) {
        String error = "sessionRoles caught LDAPException=" + " msg=" + e.getMessage();
        throw new SecurityException(GlobalErrIds.ACEL_SESSION_ROLES_ERR, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return userRoleList;
}

Example 18 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AcceleratorDAO method dropActiveRole.

/**
 * Deactivate user role from impl session
 * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#dropActiveRole(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.UserRole)}.
 * Success will result in impl session state to be modified inside server-side cache.
 * It uses the {@link RbacDropRoleRequest} and {@link RbacDropRoleResponse} accelerator APIs.
 *
 * @param session contains a valid sessionId captured from accelerator createSession method.
 * @param userRole both the {@link org.apache.directory.fortress.core.model.UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
 * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_DROP_ROLE_ERR}.
 */
void dropActiveRole(Session session, UserRole userRole) throws SecurityException {
    LdapConnection ld = null;
    try {
        ld = getAdminConnection();
        RbacDropRoleRequest dropRoleRequest = new RbacDropRoleRequestImpl();
        dropRoleRequest.setSessionId(session.getSessionId());
        dropRoleRequest.setRole(userRole.getName());
        dropRoleRequest.setUserIdentity(userRole.getUserId());
        // Send the request
        RbacDropRoleResponse rbacDropRoleResponse = (RbacDropRoleResponse) ld.extended(dropRoleRequest);
        LOG.debug("dropActiveRole result: {}", rbacDropRoleResponse.getLdapResult().getResultCode());
        if (rbacDropRoleResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
            String info = "dropActiveRole Role [" + userRole.getName() + "] User [" + session.getUserId() + "], not previously activated.";
            throw new SecurityException(GlobalErrIds.URLE_NOT_ACTIVE, info);
        }
    } catch (LdapException e) {
        String error = "dropActiveRole role name [" + userRole.getName() + "] caught LDAPException=" + " msg=" + e.getMessage();
        throw new SecurityException(GlobalErrIds.ACEL_DROP_ROLE_ERR, error, e);
    } finally {
        closeAdminConnection(ld);
    }
}

Example 19 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AcceleratorDAO method createSession.

/**
 * Authenticate user and return sessionId inside {@link org.apache.directory.fortress.core.model.Session#sessionId}.
 * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#createSession(org.apache.directory.fortress.core.model.User, boolean)}
 * Success will result in impl session state, i.e. {@link org.apache.directory.fortress.core.model.Session}, to be stored on server-side.
 * Result may be stored inside RBAC server-side audit record and retrieved with {@link org.apache.directory.fortress.core.AuditMgr#searchBinds(org.apache.directory.fortress.core.model.UserAudit)}
 *
 * It uses the {@link RbacCreateSessionRequest} and {@link RbacCreateSessionResponse} accelerator APIs.
 *
 * @param user
 * @return session contains a valid sessionId captured from accelerator createSession method.
 *
 * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_CREATE_SESSION_ERR}.
 */
Session createSession(User user) throws SecurityException {
    Session session = null;
    LdapConnection ld = null;
    try {
        ld = getAdminConnection();
        ld.setTimeOut(0);
        // Create a new RBAC session
        RbacCreateSessionRequest rbacCreateSessionRequest = new RbacCreateSessionRequestImpl();
        // rbacCreateSessionRequest.setTenantId( "jts" );
        rbacCreateSessionRequest.setTenantId(user.getContextId());
        rbacCreateSessionRequest.setUserIdentity(user.getUserId());
        rbacCreateSessionRequest.setPassword(new String(user.getPassword()));
        if (CollectionUtils.isNotEmpty(user.getRoles())) {
            for (UserRole userRole : user.getRoles()) {
                rbacCreateSessionRequest.addRole(userRole.getName());
            }
        }
        // Send the request
        RbacCreateSessionResponse rbacCreateSessionResponse = (RbacCreateSessionResponse) ld.extended(rbacCreateSessionRequest);
        LOG.debug("createSession userId: {}, sessionId: {}, resultCode: {}", user.getUserId(), rbacCreateSessionResponse.getSessionId(), rbacCreateSessionResponse.getLdapResult().getResultCode());
        session = new Session(user, rbacCreateSessionResponse.getSessionId());
        if (rbacCreateSessionResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS) {
            session.setAuthenticated(true);
        } else {
            session.setAuthenticated(false);
            String info = "createSession UserId [" + user.getUserId() + "] failed: " + rbacCreateSessionResponse.getLdapResult() + " , resultCode: " + rbacCreateSessionResponse.getLdapResult().getResultCode().getResultCode();
            throw new SecurityException(GlobalErrIds.USER_PW_INVLD, info);
        }
    } catch (LdapException e) {
        String error = "createSession userId [" + user.getUserId() + "] caught LDAPException=" + " msg=" + e.getMessage();
        throw new SecurityException(GlobalErrIds.ACEL_CREATE_SESSION_ERR, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return session;
}

Example 20 with LdapConnection

use of org.apache.directory.ldap.client.api.LdapConnection in project directory-fortress-core by apache.

the class AdminRoleDAO method assign.

/**
 * This method will add the supplied DN as a role occupant to the target record.
 * This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container.
 *
 * @param entity record contains {@link AdminRole#name}.  Null attributes will be ignored.
 * @param userDn contains the DN for userId who is being assigned.
 * @return input record back to client.
 * @throws UpdateException in the event LDAP errors occur.
 */
AdminRole assign(AdminRole entity, String userDn) throws UpdateException {
    LdapConnection ld = null;
    String dn = getDn(entity);
    try {
        List<Modification> mods = new ArrayList<Modification>();
        mods.add(new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, ROLE_OCCUPANT, userDn));
        ld = getAdminConnection();
        modify(ld, dn, mods, entity);
    } catch (LdapException e) {
        String error = "assign role name [" + entity.getName() + "] user dn [" + userDn + "] caught LdapException=" + e.getMessage();
        throw new UpdateException(GlobalErrIds.ARLE_USER_ASSIGN_FAILED, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return entity;
}