Examples with ExternalIdentityException org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException used on opensource projects

Search in sources :

Example 1 with ExternalIdentityException

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException in project jackrabbit-oak by apache.

the class LdapIdentityProvider method getDeclaredGroupRefs.

//-----------------------------------------------------------< internal >---
/**
     * Collects the declared (direct) groups of an identity
     * @param ref reference to the identity
     * @return map of identities where the key is the DN of the LDAP entity
     */
Map<String, ExternalIdentityRef> getDeclaredGroupRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
    if (!isMyRef(ref)) {
        return Collections.emptyMap();
    }
    String searchFilter = config.getMemberOfSearchFilter(ref.getId());
    LdapConnection connection = null;
    SearchCursor searchCursor = null;
    try {
        // Create the SearchRequest object
        SearchRequest req = new SearchRequestImpl();
        req.setScope(SearchScope.SUBTREE);
        String idAttribute = config.getGroupConfig().getIdAttribute();
        req.addAttributes(idAttribute == null ? SchemaConstants.NO_ATTRIBUTE : idAttribute);
        req.setTimeLimit((int) config.getSearchTimeout());
        req.setBase(new Dn(config.getGroupConfig().getBaseDN()));
        req.setFilter(searchFilter);
        if (log.isDebugEnabled()) {
            log.debug("getDeclaredGroupRefs: using SearchRequest {}.", req);
        }
        Map<String, ExternalIdentityRef> groups = new HashMap<String, ExternalIdentityRef>();
        DebugTimer timer = new DebugTimer();
        connection = connect();
        timer.mark("connect");
        searchCursor = connection.search(req);
        timer.mark("search");
        while (searchCursor.next()) {
            Response response = searchCursor.get();
            if (response instanceof SearchResultEntry) {
                Entry resultEntry = ((SearchResultEntry) response).getEntry();
                ExternalIdentityRef groupRef = new ExternalIdentityRef(resultEntry.getDn().toString(), this.getName());
                groups.put(groupRef.getId(), groupRef);
            }
        }
        timer.mark("iterate");
        if (log.isDebugEnabled()) {
            log.debug("getDeclaredGroupRefs: search below {} with {} found {} entries. {}", config.getGroupConfig().getBaseDN(), searchFilter, groups.size(), timer.getString());
        }
        return groups;
    } catch (Exception e) {
        log.error("Error during ldap membership search.", e);
        throw new ExternalIdentityException("Error during ldap membership search.", e);
    } finally {
        if (searchCursor != null) {
            try {
                searchCursor.close();
            } catch (IOException e) {
                log.warn("Failed to close search cursor.", e);
            }
        }
        disconnect(connection);
    }
}
Also used : SearchRequest(org.apache.directory.api.ldap.model.message.SearchRequest) HashMap(java.util.HashMap) ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) SearchRequestImpl(org.apache.directory.api.ldap.model.message.SearchRequestImpl) Dn(org.apache.directory.api.ldap.model.name.Dn) IOException(java.io.IOException) LoginException(javax.security.auth.login.LoginException) LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException) LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) NoSuchElementException(java.util.NoSuchElementException) IOException(java.io.IOException) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer) Response(org.apache.directory.api.ldap.model.message.Response) Entry(org.apache.directory.api.ldap.model.entry.Entry) SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection) SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry)

Example 2 with ExternalIdentityException

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException in project jackrabbit-oak by apache.

the class LdapIdentityProvider method authenticate.

@Override
public ExternalUser authenticate(@Nonnull Credentials credentials) throws ExternalIdentityException, LoginException {
    if (!(credentials instanceof SimpleCredentials)) {
        log.debug("LDAP IDP can only authenticate SimpleCredentials.");
        return null;
    }
    final SimpleCredentials creds = (SimpleCredentials) credentials;
    final ExternalUser user = getUser(creds.getUserID());
    if (user != null) {
        // see http://tools.ietf.org/html/rfc4513#section-5.1.1 for details.
        if (creds.getPassword().length == 0) {
            throw new LoginException("Refusing to authenticate against LDAP server: Empty passwords not allowed.");
        }
        // authenticate
        LdapConnection connection = null;
        try {
            DebugTimer timer = new DebugTimer();
            if (userPool == null) {
                connection = userConnectionFactory.makeObject();
            } else {
                connection = userPool.getConnection();
            }
            timer.mark("connect");
            connection.bind(user.getExternalId().getId(), new String(creds.getPassword()));
            timer.mark("bind");
            if (log.isDebugEnabled()) {
                log.debug("authenticate({}) {}", user.getId(), timer.getString());
            }
        } catch (LdapAuthenticationException e) {
            throw new LoginException("Unable to authenticate against LDAP server: " + e.getMessage());
        } catch (Exception e) {
            throw new ExternalIdentityException("Error while binding user credentials", e);
        } finally {
            if (connection != null) {
                try {
                    if (userPool == null) {
                        userConnectionFactory.destroyObject(connection);
                    } else {
                        userPool.releaseConnection(connection);
                    }
                } catch (Exception e) {
                // ignore
                }
            }
        }
    }
    return user;
}
Also used : DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer) SimpleCredentials(javax.jcr.SimpleCredentials) LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) LoginException(javax.security.auth.login.LoginException) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) LoginException(javax.security.auth.login.LoginException) LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException) LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) NoSuchElementException(java.util.NoSuchElementException) IOException(java.io.IOException) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 3 with ExternalIdentityException

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException in project jackrabbit-oak by apache.

the class Delegatee method syncAllExternalUsers.

/**
     * @see SynchronizationMBean#syncAllExternalUsers()
     */
@Nonnull
String[] syncAllExternalUsers() {
    List<String> list = new ArrayList<String>();
    context.setForceGroupSync(true).setForceUserSync(true);
    try {
        List<SyncResult> results = new ArrayList<SyncResult>(batchSize);
        Iterator<ExternalUser> it = idp.listUsers();
        while (it.hasNext()) {
            ExternalUser user = it.next();
            results = syncUser(user, results, list);
        }
        commit(list, results, NO_BATCH_SIZE);
        return list.toArray(new String[list.size()]);
    } catch (ExternalIdentityException e) {
        throw new SyncRuntimeException("Unable to retrieve external users", e);
    }
}
Also used : ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) ArrayList(java.util.ArrayList) SyncResult(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) Nonnull(javax.annotation.Nonnull)

Example 4 with ExternalIdentityException

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException in project jackrabbit-oak by apache.

the class Delegatee method syncExternalUsers.

/**
     * @see SynchronizationMBean#syncExternalUsers(String[])
     */
@Nonnull
String[] syncExternalUsers(@Nonnull String[] externalIds) {
    List<String> list = new ArrayList<String>();
    context.setForceGroupSync(true).setForceUserSync(true);
    List<SyncResult> results = new ArrayList<SyncResult>(batchSize);
    for (String externalId : externalIds) {
        ExternalIdentityRef ref = ExternalIdentityRef.fromString(externalId);
        if (!idp.getName().equals(ref.getProviderName())) {
            results.add(new DefaultSyncResultImpl(new DefaultSyncedIdentity(ref.getId(), ref, false, -1), SyncResult.Status.FOREIGN));
        } else {
            try {
                ExternalIdentity id = idp.getIdentity(ref);
                if (id != null) {
                    results = syncUser(id, results, list);
                } else {
                    results.add(new DefaultSyncResultImpl(new DefaultSyncedIdentity("", ref, false, -1), SyncResult.Status.NO_SUCH_IDENTITY));
                }
            } catch (ExternalIdentityException e) {
                log.warn("error while fetching the external identity {}", externalId, e);
                results.add(new ErrorSyncResult(ref, e));
            }
        }
    }
    commit(list, results, NO_BATCH_SIZE);
    return list.toArray(new String[list.size()]);
}
Also used : ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) ArrayList(java.util.ArrayList) DefaultSyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity) ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity) DefaultSyncResultImpl(org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncResultImpl) SyncResult(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) Nonnull(javax.annotation.Nonnull)

Example 5 with ExternalIdentityException

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException in project jackrabbit-oak by apache.

the class LdapIdentityProvider method getDeclaredMemberRefs.

/**
     * Collects the declared (direct) members of a group
     * @param ref the reference to the group
     * @return map of identity refers
     * @throws ExternalIdentityException if an error occurs
     */
Map<String, ExternalIdentityRef> getDeclaredMemberRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
    if (!isMyRef(ref)) {
        return Collections.emptyMap();
    }
    LdapConnection connection = null;
    try {
        Map<String, ExternalIdentityRef> members = new HashMap<String, ExternalIdentityRef>();
        DebugTimer timer = new DebugTimer();
        connection = connect();
        timer.mark("connect");
        Entry entry = connection.lookup(ref.getId());
        timer.mark("lookup");
        Attribute attr = entry.get(config.getGroupMemberAttribute());
        if (attr == null) {
            log.warn("LDAP group does not have configured attribute: {}", config.getGroupMemberAttribute());
        } else {
            for (Value value : attr) {
                ExternalIdentityRef memberRef = new ExternalIdentityRef(value.getString(), this.getName());
                members.put(memberRef.getId(), memberRef);
            }
        }
        timer.mark("iterate");
        if (log.isDebugEnabled()) {
            log.debug("members lookup of {} found {} members. {}", ref.getId(), members.size(), timer.getString());
        }
        return members;
    } catch (Exception e) {
        String msg = "Error during ldap group members lookup.";
        log.error(msg, e);
        throw new ExternalIdentityException(msg, e);
    } finally {
        disconnect(connection);
    }
}
Also used : DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer) Entry(org.apache.directory.api.ldap.model.entry.Entry) SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry) HashMap(java.util.HashMap) ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) Attribute(org.apache.directory.api.ldap.model.entry.Attribute) Value(org.apache.directory.api.ldap.model.entry.Value) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) LoginException(javax.security.auth.login.LoginException) LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException) LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) NoSuchElementException(java.util.NoSuchElementException) IOException(java.io.IOException) ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Aggregations

ExternalIdentityException (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)9 DebugTimer (org.apache.jackrabbit.oak.commons.DebugTimer)5 ExternalIdentityRef (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)5 Nonnull (javax.annotation.Nonnull)4 LoginException (javax.security.auth.login.LoginException)4 IOException (java.io.IOException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 HashMap (java.util.HashMap)3 NoSuchElementException (java.util.NoSuchElementException)3 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)3 LdapAuthenticationException (org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)3 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)3 LdapInvalidAttributeValueException (org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)3 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)3 ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)3 ArrayList (java.util.ArrayList)2 RepositoryException (javax.jcr.RepositoryException)2 Entry (org.apache.directory.api.ldap.model.entry.Entry)2 SearchResultEntry (org.apache.directory.api.ldap.model.message.SearchResultEntry)2 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial