Search in sources :

Example 1 with AbstractLdapProperties

use of org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties in project cas by apereo.

the class Beans method newLdaptiveBlockingConnectionPool.

/**
     * New blocking connection pool connection pool.
     *
     * @param l the l
     * @return the connection pool
     */
public static ConnectionPool newLdaptiveBlockingConnectionPool(final AbstractLdapProperties l) {
    final DefaultConnectionFactory bindCf = newLdaptiveConnectionFactory(l);
    final PoolConfig pc = newLdaptivePoolConfig(l);
    final BlockingConnectionPool cp = new BlockingConnectionPool(pc, bindCf);
    cp.setBlockWaitTime(newDuration(l.getBlockWaitTime()));
    cp.setPoolConfig(pc);
    final IdlePruneStrategy strategy = new IdlePruneStrategy();
    strategy.setIdleTime(newDuration(l.getIdleTime()));
    strategy.setPrunePeriod(newDuration(l.getPrunePeriod()));
    cp.setPruneStrategy(strategy);
    switch(l.getValidator().getType().trim().toLowerCase()) {
        case "compare":
            final CompareRequest compareRequest = new CompareRequest();
            compareRequest.setDn(l.getValidator().getDn());
            compareRequest.setAttribute(new LdapAttribute(l.getValidator().getAttributeName(), l.getValidator().getAttributeValues().toArray(new String[] {})));
            compareRequest.setReferralHandler(new SearchReferralHandler());
            cp.setValidator(new CompareValidator(compareRequest));
            break;
        case "none":
            LOGGER.debug("No validator is configured for the LDAP connection pool of [{}]", l.getLdapUrl());
            break;
        case "search":
        default:
            final SearchRequest searchRequest = new SearchRequest();
            searchRequest.setBaseDn(l.getValidator().getBaseDn());
            searchRequest.setSearchFilter(new SearchFilter(l.getValidator().getSearchFilter()));
            searchRequest.setReturnAttributes(ReturnAttributes.NONE.value());
            searchRequest.setSearchScope(l.getValidator().getScope());
            searchRequest.setSizeLimit(1L);
            searchRequest.setReferralHandler(new SearchReferralHandler());
            cp.setValidator(new SearchValidator(searchRequest));
            break;
    }
    cp.setFailFastInitialize(l.isFailFast());
    if (StringUtils.isNotBlank(l.getPoolPassivator())) {
        final AbstractLdapProperties.LdapConnectionPoolPassivator pass = AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(l.getPoolPassivator().toUpperCase());
        switch(pass) {
            case CLOSE:
                cp.setPassivator(new ClosePassivator());
                break;
            case BIND:
                final BindRequest bindRequest = new BindRequest();
                bindRequest.setDn(l.getBindDn());
                bindRequest.setCredential(new Credential(l.getBindCredential()));
                cp.setPassivator(new BindPassivator(bindRequest));
                break;
            default:
                break;
        }
    }
    LOGGER.debug("Initializing ldap connection pool for [{}] and bindDn [{}]", l.getLdapUrl(), l.getBindDn());
    cp.initialize();
    return cp;
}
Also used : DefaultConnectionFactory(org.ldaptive.DefaultConnectionFactory) IdlePruneStrategy(org.ldaptive.pool.IdlePruneStrategy) SearchRequest(org.ldaptive.SearchRequest) MongoCredential(com.mongodb.MongoCredential) Credential(org.ldaptive.Credential) ClosePassivator(org.ldaptive.pool.ClosePassivator) BindRequest(org.ldaptive.BindRequest) BlockingConnectionPool(org.ldaptive.pool.BlockingConnectionPool) SearchFilter(org.ldaptive.SearchFilter) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) CompareRequest(org.ldaptive.CompareRequest) SearchValidator(org.ldaptive.pool.SearchValidator) CompareValidator(org.ldaptive.pool.CompareValidator) BindPassivator(org.ldaptive.pool.BindPassivator) LdapAttribute(org.ldaptive.LdapAttribute) PoolConfig(org.ldaptive.pool.PoolConfig) SearchReferralHandler(org.ldaptive.referral.SearchReferralHandler)

Example 2 with AbstractLdapProperties

use of org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties in project cas by apereo.

the class Beans method newLdaptiveConnectionConfig.

/**
     * New connection config connection config.
     *
     * @param l the ldap properties
     * @return the connection config
     */
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties l) {
    if (StringUtils.isBlank(l.getLdapUrl())) {
        throw new IllegalArgumentException("LDAP url cannot be empty/blank");
    }
    LOGGER.debug("Creating LDAP connection configuration for [{}]", l.getLdapUrl());
    final ConnectionConfig cc = new ConnectionConfig();
    final String urls = l.getLdapUrl().contains(" ") ? l.getLdapUrl() : Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
    LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
    cc.setLdapUrl(urls);
    cc.setUseSSL(l.isUseSsl());
    cc.setUseStartTLS(l.isUseStartTls());
    cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
    cc.setResponseTimeout(newDuration(l.getResponseTimeout()));
    if (StringUtils.isNotBlank(l.getConnectionStrategy())) {
        final AbstractLdapProperties.LdapConnectionStrategy strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(l.getConnectionStrategy());
        switch(strategy) {
            case RANDOM:
                cc.setConnectionStrategy(new RandomConnectionStrategy());
                break;
            case DNS_SRV:
                cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
                break;
            case ACTIVE_PASSIVE:
                cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                break;
            case ROUND_ROBIN:
                cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
                break;
            case DEFAULT:
            default:
                cc.setConnectionStrategy(new DefaultConnectionStrategy());
                break;
        }
    }
    if (l.getTrustCertificates() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", l.getTrustCertificates());
        final X509CredentialConfig cfg = new X509CredentialConfig();
        cfg.setTrustCertificates(l.getTrustCertificates());
        cc.setSslConfig(new SslConfig(cfg));
    } else if (l.getKeystore() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via keystore [{}]", l.getKeystore());
        final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
        cfg.setKeyStore(l.getKeystore());
        cfg.setKeyStorePassword(l.getKeystorePassword());
        cfg.setKeyStoreType(l.getKeystoreType());
        cc.setSslConfig(new SslConfig(cfg));
    } else {
        LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
        cc.setSslConfig(new SslConfig());
    }
    if (l.getSaslMechanism() != null) {
        LOGGER.debug("Creating LDAP SASL mechanism via [{}]", l.getSaslMechanism());
        final BindConnectionInitializer bc = new BindConnectionInitializer();
        final SaslConfig sc;
        switch(l.getSaslMechanism()) {
            case DIGEST_MD5:
                sc = new DigestMd5Config();
                ((DigestMd5Config) sc).setRealm(l.getSaslRealm());
                break;
            case CRAM_MD5:
                sc = new CramMd5Config();
                break;
            case EXTERNAL:
                sc = new ExternalConfig();
                break;
            case GSSAPI:
                sc = new GssApiConfig();
                ((GssApiConfig) sc).setRealm(l.getSaslRealm());
                break;
            default:
                throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
        }
        sc.setAuthorizationId(l.getSaslAuthorizationId());
        sc.setMutualAuthentication(l.getSaslMutualAuth());
        sc.setQualityOfProtection(l.getSaslQualityOfProtection());
        sc.setSecurityStrength(l.getSaslSecurityStrength());
        bc.setBindSaslConfig(sc);
        cc.setConnectionInitializer(bc);
    } else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
        LOGGER.debug("Creating LDAP fast-bind connection initializer");
        cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
    } else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
        LOGGER.debug("Creating LDAP bind connection initializer via [{}]", l.getBindDn());
        cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
    }
    return cc;
}
Also used : GssApiConfig(org.ldaptive.sasl.GssApiConfig) ActivePassiveConnectionStrategy(org.ldaptive.ActivePassiveConnectionStrategy) DefaultConnectionStrategy(org.ldaptive.DefaultConnectionStrategy) MongoCredential(com.mongodb.MongoCredential) Credential(org.ldaptive.Credential) SaslConfig(org.ldaptive.sasl.SaslConfig) CramMd5Config(org.ldaptive.sasl.CramMd5Config) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) RandomConnectionStrategy(org.ldaptive.RandomConnectionStrategy) SslConfig(org.ldaptive.ssl.SslConfig) ExternalConfig(org.ldaptive.sasl.ExternalConfig) DnsSrvConnectionStrategy(org.ldaptive.DnsSrvConnectionStrategy) DigestMd5Config(org.ldaptive.sasl.DigestMd5Config) RoundRobinConnectionStrategy(org.ldaptive.RoundRobinConnectionStrategy) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) ConnectionConfig(org.ldaptive.ConnectionConfig)

Aggregations

MongoCredential (com.mongodb.MongoCredential)2 AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)2 Credential (org.ldaptive.Credential)2 ActivePassiveConnectionStrategy (org.ldaptive.ActivePassiveConnectionStrategy)1 BindConnectionInitializer (org.ldaptive.BindConnectionInitializer)1 BindRequest (org.ldaptive.BindRequest)1 CompareRequest (org.ldaptive.CompareRequest)1 ConnectionConfig (org.ldaptive.ConnectionConfig)1 DefaultConnectionFactory (org.ldaptive.DefaultConnectionFactory)1 DefaultConnectionStrategy (org.ldaptive.DefaultConnectionStrategy)1 DnsSrvConnectionStrategy (org.ldaptive.DnsSrvConnectionStrategy)1 LdapAttribute (org.ldaptive.LdapAttribute)1 RandomConnectionStrategy (org.ldaptive.RandomConnectionStrategy)1 RoundRobinConnectionStrategy (org.ldaptive.RoundRobinConnectionStrategy)1 SearchFilter (org.ldaptive.SearchFilter)1 SearchRequest (org.ldaptive.SearchRequest)1 BindPassivator (org.ldaptive.pool.BindPassivator)1 BlockingConnectionPool (org.ldaptive.pool.BlockingConnectionPool)1 ClosePassivator (org.ldaptive.pool.ClosePassivator)1 CompareValidator (org.ldaptive.pool.CompareValidator)1