Example 1 with AbstractAccount
use of org.exist.security.AbstractAccount in project exist by eXist-db.
the class ActiveDirectoryRealm method authenticate.
/*
* (non-Javadoc)
*
* @see org.exist.security.Realm#authenticate(java.lang.String,
* java.lang.Object)
*/
@Override
public Subject authenticate(final String username, Object credentials) throws AuthenticationException {
String[] returnedAtts = { "sn", "givenName", "mail" };
String searchFilter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
// Create the search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
LdapContext ctxGC = null;
boolean ldapUser = false;
try {
ctxGC = ensureContextFactory().getLdapContext(username, String.valueOf(credentials));
// Search objects in GC using filters
NamingEnumeration<SearchResult> answer = ctxGC.search(((ContextFactory) ensureContextFactory()).getSearchBase(), searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = answer.next();
Attributes attrs = sr.getAttributes();
Map<String, Object> amap = null;
if (attrs != null) {
amap = new HashMap<>();
NamingEnumeration<? extends Attribute> ne = attrs.getAll();
while (ne.hasMore()) {
Attribute attr = ne.next();
amap.put(attr.getID(), attr.get());
ldapUser = true;
}
ne.close();
}
}
} catch (NamingException e) {
e.printStackTrace();
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
}
if (ldapUser) {
AbstractAccount account = (AbstractAccount) getAccount(username);
if (account == null) {
try (final DBBroker broker = getDatabase().get(Optional.of(getSecurityManager().getSystemSubject()))) {
// perform as SYSTEM user
account = (AbstractAccount) getSecurityManager().addAccount(new UserAider(ID, username));
} catch (Exception e) {
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
}
}
return new SubjectAccreditedImpl(account, ctxGC);
}
return null;
}
Also used :
Attribute(javax.naming.directory.Attribute)
AuthenticationException(org.exist.security.AuthenticationException)
AbstractAccount(org.exist.security.AbstractAccount)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
AuthenticationException(org.exist.security.AuthenticationException)
NamingException(javax.naming.NamingException)
DBBroker(org.exist.storage.DBBroker)
SubjectAccreditedImpl(org.exist.security.internal.SubjectAccreditedImpl)
SearchControls(javax.naming.directory.SearchControls)
NamingException(javax.naming.NamingException)
UserAider(org.exist.security.internal.aider.UserAider)
LdapContext(javax.naming.ldap.LdapContext)
Example 2 with AbstractAccount
use of org.exist.security.AbstractAccount in project exist by eXist-db.
the class LDAPRealm method authenticate.
@Override
public Subject authenticate(final String username, final Object credentials) throws AuthenticationException {
final String name = ensureCase(username);
// Binds using the username and password provided by the user.
LdapContext ctx = null;
try {
ctx = getContextWithCredentials(Optional.of(Tuple(name, String.valueOf(credentials))));
final AbstractAccount account = (AbstractAccount) getAccount(ctx, name);
if (account == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Account '{}' can not be found.", name);
}
throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, "Account '" + name + "' can not be found.");
}
return new AuthenticatedLdapSubjectAccreditedImpl(account, ctx, String.valueOf(credentials));
} catch (final NamingException e) {
if (LOG.isDebugEnabled()) {
LOG.debug(e.getMessage(), e);
}
if (e instanceof javax.naming.AuthenticationException) {
throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, e.getMessage());
} else {
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
}
} finally {
LdapUtils.closeContext(ctx);
}
}
Also used :
AbstractAccount(org.exist.security.AbstractAccount)
AuthenticationException(org.exist.security.AuthenticationException)
NamingException(javax.naming.NamingException)
LdapContext(javax.naming.ldap.LdapContext)
Example 3 with AbstractAccount
use of org.exist.security.AbstractAccount in project exist by eXist-db.
the class RealmImpl method deleteAccount.
@Override
public boolean deleteAccount(final Account account) throws PermissionDeniedException, EXistException {
if (account == null) {
return false;
}
usersByName.<PermissionDeniedException, EXistException>write2E(principalDb -> {
final AbstractAccount remove_account = (AbstractAccount) principalDb.get(account.getName());
if (remove_account == null) {
throw new IllegalArgumentException("No such account exists!");
}
if (SecurityManager.SYSTEM.equals(account.getName()) || SecurityManager.DBA_USER.equals(account.getName()) || SecurityManager.GUEST_USER.equals(account.getName()) || SecurityManager.UNKNOWN_USER.equals(account.getName())) {
throw new PermissionDeniedException("The '" + account.getName() + "' account is required by the system for correct operation, and you cannot delete it! You may be able to disable it instead.");
}
try (final DBBroker broker = getDatabase().getBroker()) {
final Account user = broker.getCurrentSubject();
if (!(account.getName().equals(user.getName()) || user.hasDbaRole())) {
throw new PermissionDeniedException("You are not allowed to delete '" + account.getName() + "' user");
}
remove_account.setRemoved(true);
remove_account.setCollection(broker, collectionRemovedAccounts, XmldbURI.create(UUIDGenerator.getUUID() + ".xml"));
try (final Txn txn = broker.continueOrBeginTransaction()) {
collectionAccounts.removeXMLResource(txn, broker, XmldbURI.create(remove_account.getName() + ".xml"));
txn.commit();
} catch (final Exception e) {
LOG.warn(e.getMessage(), e);
}
getSecurityManager().registerAccount(remove_account);
principalDb.remove(remove_account.getName());
}
});
return true;
}
Also used :
Account(org.exist.security.Account)
AbstractAccount(org.exist.security.AbstractAccount)
DBBroker(org.exist.storage.DBBroker)
AbstractAccount(org.exist.security.AbstractAccount)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
Txn(org.exist.storage.txn.Txn)
ConfigurationException(org.exist.config.ConfigurationException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
AuthenticationException(org.exist.security.AuthenticationException)
Aggregations
AbstractAccount (org.exist.security.AbstractAccount)3
AuthenticationException (org.exist.security.AuthenticationException)3
NamingException (javax.naming.NamingException)2
LdapContext (javax.naming.ldap.LdapContext)2
DBBroker (org.exist.storage.DBBroker)2
Attribute (javax.naming.directory.Attribute)1
Attributes (javax.naming.directory.Attributes)1
SearchControls (javax.naming.directory.SearchControls)1
SearchResult (javax.naming.directory.SearchResult)1
EXistException (org.exist.EXistException)1
ConfigurationException (org.exist.config.ConfigurationException)1
Account (org.exist.security.Account)1
PermissionDeniedException (org.exist.security.PermissionDeniedException)1
SubjectAccreditedImpl (org.exist.security.internal.SubjectAccreditedImpl)1
UserAider (org.exist.security.internal.aider.UserAider)1
Txn (org.exist.storage.txn.Txn)1
