Example 11 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project zeppelin by apache.
the class ShiroAuthenticationService method getUserList.
/**
* Function to extract users from Zeppelin LdapRealm.
*/
private List<String> getUserList(LdapRealm r, String searchText, int numUsersToFetch) {
List<String> userList = new ArrayList<>();
LOGGER.debug("SearchText: {}", searchText);
String userAttribute = r.getUserSearchAttributeName();
String userSearchRealm = r.getUserSearchBase();
String userObjectClass = r.getUserObjectClass();
JndiLdapContextFactory cf = (JndiLdapContextFactory) r.getContextFactory();
try {
LdapContext ctx = cf.getSystemLdapContext();
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
constraints.setCountLimit(numUsersToFetch);
String[] attrIDs = { userAttribute };
constraints.setReturningAttributes(attrIDs);
NamingEnumeration<SearchResult> result = ctx.search(userSearchRealm, "(&(objectclass=" + userObjectClass + ")(" + userAttribute + "=*" + searchText + "*))", constraints);
while (result.hasMore()) {
Attributes attrs = result.next().getAttributes();
if (attrs.get(userAttribute) != null) {
String currentUser;
if (r.getUserLowerCase()) {
LOGGER.debug("userLowerCase true");
currentUser = ((String) attrs.get(userAttribute).get()).toLowerCase();
} else {
LOGGER.debug("userLowerCase false");
currentUser = (String) attrs.get(userAttribute).get();
}
LOGGER.debug("CurrentUser: {}", currentUser);
userList.add(currentUser.trim());
}
}
} catch (Exception e) {
LOGGER.error("Error retrieving User list from Ldap Realm", e);
}
return userList;
}
Also used :
ArrayList(java.util.ArrayList)
Attributes(javax.naming.directory.Attributes)
SearchControls(javax.naming.directory.SearchControls)
SearchResult(javax.naming.directory.SearchResult)
LdapContext(javax.naming.ldap.LdapContext)
UnavailableSecurityManagerException(org.apache.shiro.UnavailableSecurityManagerException)
NamingException(javax.naming.NamingException)
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Example 12 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project zeppelin by apache.
the class GetUserList method getUserList.
/**
* function to extract users from Zeppelin LdapRealm
*/
public List<String> getUserList(LdapRealm r, String searchText) {
List<String> userList = new ArrayList<>();
if (LOG.isDebugEnabled()) {
LOG.debug("SearchText: " + searchText);
}
String userAttribute = r.getUserSearchAttributeName();
String userSearchRealm = r.getUserSearchBase();
String userObjectClass = r.getUserObjectClass();
JndiLdapContextFactory CF = (JndiLdapContextFactory) r.getContextFactory();
try {
LdapContext ctx = CF.getSystemLdapContext();
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attrIDs = { userAttribute };
constraints.setReturningAttributes(attrIDs);
NamingEnumeration result = ctx.search(userSearchRealm, "(&(objectclass=" + userObjectClass + ")(" + userAttribute + "=" + searchText + "))", constraints);
while (result.hasMore()) {
Attributes attrs = ((SearchResult) result.next()).getAttributes();
if (attrs.get(userAttribute) != null) {
String currentUser;
if (r.getUserLowerCase()) {
LOG.debug("userLowerCase true");
currentUser = ((String) attrs.get(userAttribute).get()).toLowerCase();
} else {
LOG.debug("userLowerCase false");
currentUser = (String) attrs.get(userAttribute).get();
}
if (LOG.isDebugEnabled()) {
LOG.debug("CurrentUser: " + currentUser);
}
userList.add(currentUser.trim());
}
}
} catch (Exception e) {
LOG.error("Error retrieving User list from Ldap Realm", e);
}
return userList;
}
Also used :
ArrayList(java.util.ArrayList)
Attributes(javax.naming.directory.Attributes)
SearchControls(javax.naming.directory.SearchControls)
NamingEnumeration(javax.naming.NamingEnumeration)
SearchResult(javax.naming.directory.SearchResult)
LdapContext(javax.naming.ldap.LdapContext)
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Example 13 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project neo4j by neo4j.
the class LdapRealm method configureRealm.
private void configureRealm(Config config) {
JndiLdapContextFactory contextFactory = new JndiLdapContextFactory();
Map<String, Object> environment = contextFactory.getEnvironment();
Long connectionTimeoutMillis = config.get(SecuritySettings.ldap_connection_timeout);
Long readTimeoutMillis = config.get(SecuritySettings.ldap_read_timeout);
environment.put(JNDI_LDAP_CONNECT_TIMEOUT, connectionTimeoutMillis.toString());
environment.put(JNDI_LDAP_READ_TIMEOUT, readTimeoutMillis.toString());
contextFactory.setEnvironment(environment);
contextFactory.setUrl(parseLdapServerUrl(config.get(SecuritySettings.ldap_server)));
contextFactory.setAuthenticationMechanism(config.get(SecuritySettings.ldap_authentication_mechanism));
contextFactory.setReferral(config.get(SecuritySettings.ldap_referral));
contextFactory.setSystemUsername(config.get(SecuritySettings.ldap_authorization_system_username));
contextFactory.setSystemPassword(config.get(SecuritySettings.ldap_authorization_system_password));
contextFactory.setPoolingEnabled(config.get(SecuritySettings.ldap_authorization_connection_pooling));
setContextFactory(contextFactory);
String userDnTemplate = config.get(SecuritySettings.ldap_authentication_user_dn_template);
if (userDnTemplate != null) {
setUserDnTemplate(userDnTemplate);
}
authenticationEnabled = config.get(SecuritySettings.ldap_authentication_enabled);
authorizationEnabled = config.get(SecuritySettings.ldap_authorization_enabled);
useStartTls = config.get(SecuritySettings.ldap_use_starttls);
userSearchBase = config.get(SecuritySettings.ldap_authorization_user_search_base);
userSearchFilter = config.get(SecuritySettings.ldap_authorization_user_search_filter);
membershipAttributeNames = config.get(SecuritySettings.ldap_authorization_group_membership_attribute_names);
useSystemAccountForAuthorization = config.get(SecuritySettings.ldap_authorization_use_system_account);
groupToRoleMapping = parseGroupToRoleMapping(config.get(SecuritySettings.ldap_authorization_group_to_role_mapping));
setAuthenticationCachingEnabled(config.get(SecuritySettings.ldap_authentication_cache_enabled));
setAuthorizationCachingEnabled(true);
}
Also used :
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Example 14 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project neo4j by neo4j.
the class LdapRealmTest method shouldLogSuccessfulAuthorizationQueries.
@Test
public void shouldLogSuccessfulAuthorizationQueries() throws Exception {
// Given
when(config.get(SecuritySettings.ldap_use_starttls)).thenReturn(true);
LdapRealm realm = new TestLdapRealm(config, securityLog, false);
JndiLdapContextFactory jndiLdapContectFactory = mock(JndiLdapContextFactory.class);
when(jndiLdapContectFactory.getUrl()).thenReturn("ldap://myserver.org:12345");
// When
realm.doGetAuthorizationInfo(new SimplePrincipalCollection("olivia", "LdapRealm"));
// Then
verify(securityLog).debug(contains("{LdapRealm}: Queried for authorization info for user 'olivia'"));
}
Also used :
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Test(org.junit.Test)
Example 15 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project vertx-auth by vert-x3.
the class LDAPAuthProvider method createRealm.
public static Realm createRealm(JsonObject config) {
JndiLdapRealm ldapRealm = new JndiLdapRealm();
JndiLdapContextFactory factory = new JndiLdapContextFactory();
String userDNTemplate = config.getString(LDAP_USER_DN_TEMPLATE_FIELD);
if (userDNTemplate != null) {
ldapRealm.setUserDnTemplate(userDNTemplate);
}
String url = config.getString(LDAP_URL);
if (url != null) {
factory.setUrl(url);
}
String authenticationMechanism = config.getString(LDAP_AUTHENTICATION_MECHANISM);
if (authenticationMechanism != null) {
factory.setAuthenticationMechanism(authenticationMechanism);
}
String contextFactoryClassName = config.getString(LDAP_CONTEXT_FACTORY_CLASS_NAME);
if (contextFactoryClassName != null) {
factory.setContextFactoryClassName(contextFactoryClassName);
}
boolean poolingEnabled = config.getBoolean(LDAP_POOLING_ENABLED, false);
factory.setPoolingEnabled(poolingEnabled);
String referral = config.getString(LDAP_REFERRAL);
if (referral != null) {
factory.setReferral(referral);
}
String systemUsername = config.getString(LDAP_SYSTEM_USERNAME);
if (systemUsername != null) {
factory.setSystemUsername(systemUsername);
}
String systemPassword = config.getString(LDAP_SYSTEM_PASSWORD);
if (systemPassword != null) {
factory.setSystemPassword(systemPassword);
}
ldapRealm.setContextFactory(factory);
ldapRealm.init();
return ldapRealm;
}
Also used :
JndiLdapRealm(org.apache.shiro.realm.ldap.JndiLdapRealm)
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Aggregations
JndiLdapContextFactory (org.apache.shiro.realm.ldap.JndiLdapContextFactory)16
LdapContext (javax.naming.ldap.LdapContext)8
ArrayList (java.util.ArrayList)6
Attributes (javax.naming.directory.Attributes)6
SearchControls (javax.naming.directory.SearchControls)6
SearchResult (javax.naming.directory.SearchResult)6
Test (org.junit.Test)5
NamingEnumeration (javax.naming.NamingEnumeration)4
NamingException (javax.naming.NamingException)2
UnavailableSecurityManagerException (org.apache.shiro.UnavailableSecurityManagerException)2
JndiLdapRealm (org.apache.shiro.realm.ldap.JndiLdapRealm)2
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2
IOException (java.io.IOException)1
Hashtable (java.util.Hashtable)1
CommunicationException (javax.naming.CommunicationException)1
BasicAttribute (javax.naming.directory.BasicAttribute)1
ModificationItem (javax.naming.directory.ModificationItem)1
InitialLdapContext (javax.naming.ldap.InitialLdapContext)1
StartTlsRequest (javax.naming.ldap.StartTlsRequest)1
StartTlsResponse (javax.naming.ldap.StartTlsResponse)1
