Example 46 with Attribute
use of org.forgerock.opendj.ldap.Attribute in project ddf by codice.
the class LdapClaimsHandler method retrieveClaimValues.
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
Principal principal = parameters.getPrincipal();
String user = AttributeMapLoader.getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return new ProcessedClaimCollection();
}
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
Connection connection = null;
try {
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", this.getObjectClass())).and(new EqualsFilter(this.getUserNameAttribute(), user));
List<String> searchAttributeList = new ArrayList<String>();
for (Claim claim : claims) {
if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
searchAttributeList.add(getClaimsLdapAttributeMapping().get(claim.getClaimType().toString()));
} else {
LOGGER.debug("Unsupported claim: {}", claim.getClaimType());
}
}
String[] searchAttributes = null;
searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
connection = connectionFactory.getConnection();
if (connection != null) {
BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
BindResult bindResult = connection.bind(request);
if (bindResult.isSuccess()) {
String baseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDN(), overrideCertDn);
LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", baseDN, filter.toString());
ConnectionEntryReader entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), searchAttributes);
SearchResultEntry entry;
while (entryReader.hasNext()) {
entry = entryReader.readEntry();
for (Claim claim : claims) {
URI claimType = claim.getClaimType();
String ldapAttribute = getClaimsLdapAttributeMapping().get(claimType.toString());
Attribute attr = entry.getAttribute(ldapAttribute);
if (attr == null) {
LOGGER.trace("Claim '{}' is null", claim.getClaimType());
} else {
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(claimType);
c.setPrincipal(principal);
for (ByteString value : attr) {
String itemValue = value.toString();
if (this.isX500FilterEnabled()) {
try {
X500Principal x500p = new X500Principal(itemValue);
itemValue = x500p.getName();
int index = itemValue.indexOf('=');
itemValue = itemValue.substring(index + 1, itemValue.indexOf(',', index));
} catch (Exception ex) {
// Ignore, not X500 compliant thus use the whole
// string as the value
LOGGER.debug("Not X500 compliant", ex);
}
}
c.addValue(itemValue);
}
claimsColl.add(c);
}
}
}
} else {
LOGGER.info("LDAP Connection failed.");
}
}
} catch (LdapException e) {
LOGGER.info("Cannot connect to server, therefore unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
LOGGER.debug("Cannot connect to server, therefore unable to set user attributes.", e);
} catch (SearchResultReferenceIOException e) {
LOGGER.info("Unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
LOGGER.debug("Unable to set user attributes.", e);
} finally {
if (connection != null) {
connection.close();
}
}
return claimsColl;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
Connection(org.forgerock.opendj.ldap.Connection)
ArrayList(java.util.ArrayList)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
ByteString(org.forgerock.opendj.ldap.ByteString)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
URI(java.net.URI)
LdapException(org.forgerock.opendj.ldap.LdapException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
AndFilter(org.springframework.ldap.filter.AndFilter)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
X500Principal(javax.security.auth.x500.X500Principal)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
LdapException(org.forgerock.opendj.ldap.LdapException)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 47 with Attribute
use of org.forgerock.opendj.ldap.Attribute in project ddf by codice.
the class RoleClaimsHandler method retrieveClaimValues.
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
String[] attributes = { groupNameAttribute, memberNameAttribute };
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
Connection connection = null;
try {
Principal principal = parameters.getPrincipal();
String user = AttributeMapLoader.getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return new ProcessedClaimCollection();
}
connection = connectionFactory.getConnection();
if (connection != null) {
BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
BindResult bindResult = connection.bind(request);
String membershipValue = user;
AndFilter filter;
ConnectionEntryReader entryReader;
if (!membershipUserAttribute.equals(loginUserAttribute)) {
String baseDN = AttributeMapLoader.getBaseDN(principal, userBaseDn, overrideCertDn);
filter = new AndFilter();
filter.and(new EqualsFilter(this.getLoginUserAttribute(), user));
entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), membershipUserAttribute);
while (entryReader.hasNext()) {
SearchResultEntry entry = entryReader.readEntry();
Attribute attr = entry.getAttribute(membershipUserAttribute);
if (attr != null) {
for (ByteString value : attr) {
membershipValue = value.toString();
}
}
}
}
filter = new AndFilter();
String userBaseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDn(), overrideCertDn);
filter.and(new EqualsFilter("objectClass", getObjectClass())).and(new EqualsFilter(getMemberNameAttribute(), getMembershipUserAttribute() + "=" + membershipValue + "," + userBaseDN));
if (bindResult.isSuccess()) {
LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", groupBaseDn, filter.toString());
entryReader = connection.search(groupBaseDn, SearchScope.WHOLE_SUBTREE, filter.toString(), attributes);
SearchResultEntry entry;
while (entryReader.hasNext()) {
entry = entryReader.readEntry();
Attribute attr = entry.getAttribute(groupNameAttribute);
if (attr == null) {
LOGGER.trace("Claim '{}' is null", roleClaimType);
} else {
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(getRoleURI());
c.setPrincipal(principal);
for (ByteString value : attr) {
String itemValue = value.toString();
c.addValue(itemValue);
}
claimsColl.add(c);
}
}
} else {
LOGGER.info("LDAP Connection failed.");
}
}
} catch (LdapException e) {
LOGGER.info("Cannot connect to server, therefore unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Cannot connect to server, therefore unable to set role claims.", e);
} catch (SearchResultReferenceIOException e) {
LOGGER.info("Unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Unable to set role claims.", e);
} finally {
if (connection != null) {
connection.close();
}
}
return claimsColl;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
Connection(org.forgerock.opendj.ldap.Connection)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
ByteString(org.forgerock.opendj.ldap.ByteString)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
AndFilter(org.springframework.ldap.filter.AndFilter)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
LdapException(org.forgerock.opendj.ldap.LdapException)
Principal(java.security.Principal)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 48 with Attribute
use of org.forgerock.opendj.ldap.Attribute in project admin-console-beta by connexta.
the class LdapQuery method performFunction.
@Override
public MapField.ListImpl performFunction() {
List<SearchResultEntry> searchResults;
List<MapField> convertedSearchResults = new ArrayList<>();
try (LdapConnectionAttempt connectionAttempt = utils.bindUserToLdapConnection(conn, creds)) {
addErrorMessages(connectionAttempt);
if (containsErrorMsgs()) {
return null;
}
searchResults = utils.getLdapQueryResults(connectionAttempt.getResult(), queryBase.getValue(), query.getValue(), SearchScope.WHOLE_SUBTREE, maxQueryResults.getValue() == null ? DEFAULT_MAX_QUERY_RESULTS : maxQueryResults.getValue());
for (SearchResultEntry entry : searchResults) {
MapField entryMap = new MapField();
for (Attribute attri : entry.getAllAttributes()) {
entryMap.put("name", entry.getName().toString());
if (!attri.getAttributeDescriptionAsString().toLowerCase().contains("password")) {
List<String> attributeValueList = attri.parallelStream().map(ByteString::toString).collect(Collectors.toList());
String attributeValue = attributeValueList.size() == 1 ? attributeValueList.get(0) : attributeValueList.toString();
entryMap.put(attri.getAttributeDescriptionAsString(), attributeValue);
}
}
convertedSearchResults.add(entryMap);
}
} catch (IOException e) {
LOGGER.warn("Error closing LDAP connection", e);
}
return new MapField.ListImpl().addAll(convertedSearchResults);
}
Also used :
Attribute(org.forgerock.opendj.ldap.Attribute)
ArrayList(java.util.ArrayList)
ByteString(org.forgerock.opendj.ldap.ByteString)
IOException(java.io.IOException)
LdapConnectionAttempt(org.codice.ddf.admin.ldap.commons.LdapConnectionAttempt)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
MapField(org.codice.ddf.admin.common.fields.common.MapField)
Example 49 with Attribute
use of org.forgerock.opendj.ldap.Attribute in project ddf by codice.
the class LdapClaimsHandler method retrieveClaims.
@Override
public ClaimsCollection retrieveClaims(ClaimsParameters parameters) {
Principal principal = parameters.getPrincipal();
String user = attributeMapLoader.getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return new ClaimsCollectionImpl();
}
ClaimsCollection claimsColl = new ClaimsCollectionImpl();
Connection connection = null;
try {
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", this.getObjectClass())).and(new EqualsFilter(this.getUserNameAttribute(), user));
List<String> searchAttributeList = new ArrayList<String>();
for (Map.Entry<String, String> claimEntry : getClaimsLdapAttributeMapping().entrySet()) {
searchAttributeList.add(claimEntry.getValue());
}
String[] searchAttributes = null;
searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
connection = connectionFactory.getConnection();
if (connection != null) {
BindRequest request = selectBindMethod();
BindResult bindResult = connection.bind(request);
if (bindResult.isSuccess()) {
String baseDN = attributeMapLoader.getBaseDN(principal, getUserBaseDN(), overrideCertDn);
LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", baseDN, filter);
ConnectionEntryReader entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), searchAttributes);
SearchResultEntry entry;
while (entryReader.hasNext()) {
if (entryReader.isEntry()) {
entry = entryReader.readEntry();
for (Map.Entry<String, String> claimEntry : getClaimsLdapAttributeMapping().entrySet()) {
String claimType = claimEntry.getKey();
String ldapAttribute = claimEntry.getValue();
Attribute attr = entry.getAttribute(ldapAttribute);
if (attr == null) {
LOGGER.trace("Claim '{}' is null", claimType);
} else {
Claim claim = new ClaimImpl(claimType);
for (ByteString value : attr) {
String itemValue = value.toString();
if (this.isX500FilterEnabled()) {
try {
X500Principal x500p = new X500Principal(itemValue);
itemValue = x500p.getName();
int index = itemValue.indexOf('=');
itemValue = itemValue.substring(index + 1, itemValue.indexOf(',', index));
} catch (Exception ex) {
// Ignore, not X500 compliant thus use the whole
// string as the value
LOGGER.debug("Not X500 compliant", ex);
}
}
claim.addValue(itemValue);
}
claimsColl.add(claim);
}
}
} else {
// Got a continuation reference
LOGGER.debug("Referral ignored while searching for user {}", user);
entryReader.readReference();
}
}
} else {
LOGGER.info("LDAP Connection failed.");
}
}
} catch (LdapException e) {
LOGGER.info("Cannot connect to server, therefore unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
LOGGER.debug("Cannot connect to server, therefore unable to set user attributes.", e);
} catch (SearchResultReferenceIOException e) {
LOGGER.info("Unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
LOGGER.debug("Unable to set user attributes.", e);
} finally {
if (connection != null) {
connection.close();
}
}
return claimsColl;
}
Also used :
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
ArrayList(java.util.ArrayList)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
ByteString(org.forgerock.opendj.ldap.ByteString)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
LdapException(org.forgerock.opendj.ldap.LdapException)
Connection(org.forgerock.opendj.ldap.Connection)
ClaimImpl(ddf.security.claims.impl.ClaimImpl)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
LdapException(org.forgerock.opendj.ldap.LdapException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
AndFilter(org.springframework.ldap.filter.AndFilter)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ClaimsCollectionImpl(ddf.security.claims.impl.ClaimsCollectionImpl)
ClaimsCollection(ddf.security.claims.ClaimsCollection)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
X500Principal(javax.security.auth.x500.X500Principal)
Map(java.util.Map)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
Claim(ddf.security.claims.Claim)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 50 with Attribute
use of org.forgerock.opendj.ldap.Attribute in project ddf by codice.
the class RoleClaimsHandler method retrieveClaims.
@Override
public ClaimsCollection retrieveClaims(ClaimsParameters parameters) {
String[] attributes = { groupNameAttribute, memberNameAttribute };
ClaimsCollection claimsColl = new ClaimsCollectionImpl();
Connection connection = null;
try {
Principal principal = parameters.getPrincipal();
String user = attributeMapLoader.getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return new ClaimsCollectionImpl();
}
connection = connectionFactory.getConnection();
if (connection != null) {
BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
BindResult bindResult = connection.bind(request);
String membershipValue = user;
String baseDN = attributeMapLoader.getBaseDN(principal, userBaseDn, overrideCertDn);
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter(this.getLoginUserAttribute(), user));
ConnectionEntryReader entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), membershipUserAttribute);
String userDN = String.format("%s=%s,%s", loginUserAttribute, user, baseDN);
String specificUserBaseDN = baseDN;
while (entryReader.hasNext()) {
if (entryReader.isEntry()) {
SearchResultEntry entry = entryReader.readEntry();
userDN = entry.getName().toString();
specificUserBaseDN = userDN.substring(userDN.indexOf(',') + 1);
if (!membershipUserAttribute.equals(loginUserAttribute)) {
Attribute attr = entry.getAttribute(membershipUserAttribute);
if (attr != null) {
for (ByteString value : attr) {
membershipValue = value.toString();
}
}
}
} else {
// Got a continuation reference
LOGGER.debug("Referral ignored while searching for user {}", user);
entryReader.readReference();
}
}
filter = new AndFilter();
filter.and(new EqualsFilter("objectClass", getObjectClass())).and(new OrFilter().or(new EqualsFilter(getMemberNameAttribute(), getMembershipUserAttribute() + "=" + membershipValue + "," + specificUserBaseDN)).or(new EqualsFilter(getMemberNameAttribute(), userDN)));
if (bindResult.isSuccess()) {
LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", groupBaseDn, filter);
entryReader = connection.search(groupBaseDn, SearchScope.WHOLE_SUBTREE, filter.toString(), attributes);
SearchResultEntry entry;
while (entryReader.hasNext()) {
if (entryReader.isEntry()) {
entry = entryReader.readEntry();
Attribute attr = entry.getAttribute(groupNameAttribute);
if (attr == null) {
LOGGER.trace("Claim '{}' is null", roleClaimType);
} else {
Claim claim = new ClaimImpl(roleClaimType);
for (ByteString value : attr) {
String itemValue = value.toString();
claim.addValue(itemValue);
}
claimsColl.add(claim);
}
} else {
// Got a continuation reference
LOGGER.debug("Referral ignored while searching for user {}", user);
entryReader.readReference();
}
}
} else {
LOGGER.info("LDAP Connection failed.");
}
}
} catch (LdapException e) {
LOGGER.info("Cannot connect to server, therefore unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Cannot connect to server, therefore unable to set role claims.", e);
} catch (SearchResultReferenceIOException e) {
LOGGER.info("Unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Unable to set role claims.", e);
} finally {
if (connection != null) {
connection.close();
}
}
return claimsColl;
}
Also used :
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
Connection(org.forgerock.opendj.ldap.Connection)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
ClaimImpl(ddf.security.claims.impl.ClaimImpl)
ByteString(org.forgerock.opendj.ldap.ByteString)
OrFilter(org.springframework.ldap.filter.OrFilter)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
AndFilter(org.springframework.ldap.filter.AndFilter)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ClaimsCollectionImpl(ddf.security.claims.impl.ClaimsCollectionImpl)
ClaimsCollection(ddf.security.claims.ClaimsCollection)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
LdapException(org.forgerock.opendj.ldap.LdapException)
Principal(java.security.Principal)
Claim(ddf.security.claims.Claim)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Aggregations
Attribute (org.forgerock.opendj.ldap.Attribute)50
ByteString (org.forgerock.opendj.ldap.ByteString)37
LdapException (org.forgerock.opendj.ldap.LdapException)32
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)30
Connection (org.forgerock.opendj.ldap.Connection)27
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)18
IOException (java.io.IOException)14
HashSet (java.util.HashSet)14
LinkedAttribute (org.forgerock.opendj.ldap.LinkedAttribute)11
SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)11
SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)10
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)8
ArrayList (java.util.ArrayList)7
FileNotFoundException (java.io.FileNotFoundException)6
LinkedHashSet (java.util.LinkedHashSet)6
Set (java.util.Set)6
HashMap (java.util.HashMap)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
Principal (java.security.Principal)4
Map (java.util.Map)4
