Examples with Connection org.forgerock.opendj.ldap.Connection used on opensource projects

Search in sources :

Example 86 with Connection

use of org.forgerock.opendj.ldap.Connection in project ddf by codice.

the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNotNullPrincipal.

@Test
public void testRetrieveClaimsValuesNotNullPrincipal() throws LdapException, SearchResultReferenceIOException {
    BindResult bindResult = mock(BindResult.class);
    ClaimsParameters claimsParameters;
    Connection connection = mock(Connection.class);
    ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
    ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
    LDAPConnectionFactory connectionFactory = PowerMockito.mock(LDAPConnectionFactory.class);
    LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
    LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
    ProcessedClaimCollection processedClaims;
    RoleClaimsHandler claimsHandler;
    SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
    SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
    String groupName = "avengers";
    when(bindResult.isSuccess()).thenReturn(true);
    membershipAttribute.add("tstark");
    when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
    // hasNext() returns 'true' the first time, then 'false' every time after.
    when(membershipReader.hasNext()).thenReturn(true, false);
    when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
    groupNameAttribute.add(groupName);
    when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
    when(groupNameReader.hasNext()).thenReturn(true, false);
    when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
    when(connection.bind(anyObject())).thenReturn(bindResult);
    when(connection.search(anyObject(), anyObject(), eq("(&(objectClass=groupOfNames)(member=uid=tstark,))"), anyVararg())).thenReturn(groupNameReader);
    when(connection.search(anyString(), anyObject(), anyString(), matches("uid"))).thenReturn(membershipReader);
    when(connectionFactory.getConnection()).thenReturn(connection);
    claimsHandler = new RoleClaimsHandler();
    claimsHandler.setLdapConnectionFactory(connectionFactory);
    claimsHandler.setBindMethod("Simple");
    claimsHandler.setBindUserCredentials("foo");
    claimsHandler.setBindUserDN("bar");
    claimsParameters = new ClaimsParameters();
    claimsParameters.setPrincipal(new UserPrincipal(USER_CN));
    ClaimCollection claimCollection = new ClaimCollection();
    processedClaims = claimsHandler.retrieveClaimValues(claimCollection, claimsParameters);
    assertThat(processedClaims, hasSize(1));
    ProcessedClaim claim = processedClaims.get(0);
    assertThat(claim.getPrincipal(), equalTo(new UserPrincipal(USER_CN)));
    assertThat(claim.getValues(), hasSize(1));
    assertThat(claim.getValues().get(0), equalTo(groupName));
}
Also used : ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) Connection(org.forgerock.opendj.ldap.Connection) Matchers.anyString(org.mockito.Matchers.anyString) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) BindResult(org.forgerock.opendj.ldap.responses.BindResult) LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 87 with Connection

use of org.forgerock.opendj.ldap.Connection in project ddf by codice.

the class RoleClaimsHandler method retrieveClaimValues.

@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
    String[] attributes = { groupNameAttribute, memberNameAttribute };
    ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
    Connection connection = null;
    try {
        Principal principal = parameters.getPrincipal();
        String user = AttributeMapLoader.getUser(principal);
        if (user == null) {
            LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
            return new ProcessedClaimCollection();
        }
        connection = connectionFactory.getConnection();
        if (connection != null) {
            BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
            BindResult bindResult = connection.bind(request);
            String membershipValue = user;
            AndFilter filter;
            ConnectionEntryReader entryReader;
            if (!membershipUserAttribute.equals(loginUserAttribute)) {
                String baseDN = AttributeMapLoader.getBaseDN(principal, userBaseDn, overrideCertDn);
                filter = new AndFilter();
                filter.and(new EqualsFilter(this.getLoginUserAttribute(), user));
                entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), membershipUserAttribute);
                while (entryReader.hasNext()) {
                    SearchResultEntry entry = entryReader.readEntry();
                    Attribute attr = entry.getAttribute(membershipUserAttribute);
                    if (attr != null) {
                        for (ByteString value : attr) {
                            membershipValue = value.toString();
                        }
                    }
                }
            }
            filter = new AndFilter();
            String userBaseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDn(), overrideCertDn);
            filter.and(new EqualsFilter("objectClass", getObjectClass())).and(new EqualsFilter(getMemberNameAttribute(), getMembershipUserAttribute() + "=" + membershipValue + "," + userBaseDN));
            if (bindResult.isSuccess()) {
                LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", groupBaseDn, filter.toString());
                entryReader = connection.search(groupBaseDn, SearchScope.WHOLE_SUBTREE, filter.toString(), attributes);
                SearchResultEntry entry;
                while (entryReader.hasNext()) {
                    entry = entryReader.readEntry();
                    Attribute attr = entry.getAttribute(groupNameAttribute);
                    if (attr == null) {
                        LOGGER.trace("Claim '{}' is null", roleClaimType);
                    } else {
                        ProcessedClaim c = new ProcessedClaim();
                        c.setClaimType(getRoleURI());
                        c.setPrincipal(principal);
                        for (ByteString value : attr) {
                            String itemValue = value.toString();
                            c.addValue(itemValue);
                        }
                        claimsColl.add(c);
                    }
                }
            } else {
                LOGGER.info("LDAP Connection failed.");
            }
        }
    } catch (LdapException e) {
        LOGGER.info("Cannot connect to server, therefore unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
        LOGGER.debug("Cannot connect to server, therefore unable to set role claims.", e);
    } catch (SearchResultReferenceIOException e) {
        LOGGER.info("Unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
        LOGGER.debug("Unable to set role claims.", e);
    } finally {
        if (connection != null) {
            connection.close();
        }
    }
    return claimsColl;
}
Also used : ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) Connection(org.forgerock.opendj.ldap.Connection) BindRequest(org.forgerock.opendj.ldap.requests.BindRequest) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) AndFilter(org.springframework.ldap.filter.AndFilter) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) BindResult(org.forgerock.opendj.ldap.responses.BindResult) EqualsFilter(org.springframework.ldap.filter.EqualsFilter) LdapException(org.forgerock.opendj.ldap.LdapException) Principal(java.security.Principal) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 88 with Connection

use of org.forgerock.opendj.ldap.Connection in project admin-console-beta by connexta.

the class LdapTestSettings method performFunction.

@Override
public BooleanField performFunction() {
    LdapConnectionAttempt connectionAttempt = utils.bindUserToLdapConnection(conn, bindInfo);
    addResultMessages(connectionAttempt.messages());
    if (!connectionAttempt.connection().isPresent()) {
        return new BooleanField(false);
    }
    Connection ldapConnection = connectionAttempt.connection().get();
    if (!checkDirExists(settings.baseUserDn(), ldapConnection)) {
        addArgumentMessage(BASE_USER_DN_NOT_FOUND.setPath(settings.path()));
    } else {
        addArgumentMessages(checkUsersInDir(settings, ldapConnection));
    }
    if (!checkDirExists(settings.baseGroupDn(), ldapConnection)) {
        addArgumentMessage(BASE_GROUP_DN_NOT_FOUND.setPath(settings.path()));
    } else {
        // First check the group objectClass is on at least one entry in the directory
        addArgumentMessages(checkGroupObjectClass(settings, ldapConnection));
        // Then, check that there is a group entry (of the correct objectClass) that has
        // any member references
        addArgumentMessages(checkGroup(settings, ldapConnection));
    }
    return new BooleanField(!containsErrorMsgs());
}
Also used : BooleanField(org.codice.ddf.admin.common.fields.base.scalar.BooleanField) Connection(org.forgerock.opendj.ldap.Connection) LdapConnectionAttempt(org.codice.ddf.admin.ldap.commons.LdapConnectionAttempt)

Aggregations

Connection (org.forgerock.opendj.ldap.Connection)88 LdapException (org.forgerock.opendj.ldap.LdapException)70 ByteString (org.forgerock.opendj.ldap.ByteString)45 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)42 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)35 ResultCode (org.forgerock.opendj.ldap.ResultCode)29 Attribute (org.forgerock.opendj.ldap.Attribute)25 HashSet (java.util.HashSet)23 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)20 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)17 IOException (java.io.IOException)16 SSOException (com.iplanet.sso.SSOException)15 PolicyException (com.sun.identity.policy.PolicyException)14 SMSException (com.sun.identity.sm.SMSException)13 ModifyRequest (org.forgerock.opendj.ldap.requests.ModifyRequest)12 LinkedAttribute (org.forgerock.opendj.ldap.LinkedAttribute)11 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)10 InvalidNameException (com.sun.identity.policy.InvalidNameException)10 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)10 LinkedHashSet (java.util.LinkedHashSet)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial