Search in sources :

Example 16 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class OptionalWarningLdapLdapAccountStateHandlerTests method verifyAlwaysWarningOnMatch.

@Test
public void verifyAlwaysWarningOnMatch() {
    final OptionalWarningLdapLdapAccountStateHandler h = new OptionalWarningLdapLdapAccountStateHandler();
    h.setWarnAttributeName("attribute");
    h.setWarningAttributeValue("value");
    h.setDisplayWarningOnMatch(true);
    final AuthenticationResponse response = mock(AuthenticationResponse.class);
    final LdapEntry entry = mock(LdapEntry.class);
    when(response.getLdapEntry()).thenReturn(entry);
    when(entry.getAttribute(anyString())).thenReturn(new LdapAttribute("attribute", "value"));
    final List<MessageDescriptor> messages = new ArrayList<>();
    final LdapPasswordPolicyConfiguration config = new LdapPasswordPolicyConfiguration();
    config.setAlwaysDisplayPasswordExpirationWarning(true);
    h.handleWarning(new AccountState.DefaultWarning(ZonedDateTime.now(), 1), response, config, messages);
    assertEquals(2, messages.size());
}
Also used : MessageDescriptor(org.apereo.cas.authentication.MessageDescriptor) LdapAttribute(org.ldaptive.LdapAttribute) ArrayList(java.util.ArrayList) LdapEntry(org.ldaptive.LdapEntry) AccountState(org.ldaptive.auth.AccountState) AuthenticationResponse(org.ldaptive.auth.AuthenticationResponse) Test(org.junit.Test)

Example 17 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class SurrogateLdapAuthenticationService method getEligibleAccountsForSurrogateToProxy.

@Override
public Collection<String> getEligibleAccountsForSurrogateToProxy(final String username) {
    final Collection<String> eligible = new LinkedHashSet<>();
    try {
        final SearchFilter filter = LdapUtils.newLdaptiveSearchFilter(ldapProperties.getSearchFilter(), CollectionUtils.wrap(username));
        LOGGER.debug("Using search filter: [{}]", filter);
        final Response<SearchResult> response = LdapUtils.executeSearchOperation(this.connectionFactory, ldapProperties.getBaseDn(), filter);
        LOGGER.debug("LDAP response: [{}]", response);
        if (!LdapUtils.containsResultEntry(response)) {
            return eligible;
        }
        final LdapEntry ldapEntry = response.getResult().getEntry();
        final LdapAttribute attribute = ldapEntry.getAttribute(ldapProperties.getMemberAttributeName());
        if (attribute == null || attribute.getStringValues().isEmpty()) {
            return eligible;
        }
        final Pattern pattern = RegexUtils.createPattern(ldapProperties.getMemberAttributeValueRegex());
        eligible.addAll(attribute.getStringValues().stream().map(pattern::matcher).filter(Matcher::matches).map(p -> p.group(1)).collect(Collectors.toList()));
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return eligible;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) Pattern(java.util.regex.Pattern) LdapAttribute(org.ldaptive.LdapAttribute) SearchFilter(org.ldaptive.SearchFilter) SearchResult(org.ldaptive.SearchResult) LdapEntry(org.ldaptive.LdapEntry)

Example 18 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapAuthenticationHandler method createPrincipal.

/**
     * Creates a CAS principal with attributes if the LDAP entry contains principal attributes.
     *
     * @param username  Username that was successfully authenticated which is used for principal ID when
     *                  {@link #setPrincipalIdAttribute(String)} is not specified.
     * @param ldapEntry LDAP entry that may contain principal attributes.
     * @return Principal if the LDAP entry contains at least a principal ID attribute value, null otherwise.
     * @throws LoginException On security policy errors related to principal creation.
     */
protected Principal createPrincipal(final String username, final LdapEntry ldapEntry) throws LoginException {
    LOGGER.debug("Creating LDAP principal for [{}] based on [{}] and attributes [{}]", username, ldapEntry.getDn(), ldapEntry.getAttributeNames());
    final String id = getLdapPrincipalIdentifier(username, ldapEntry);
    final Map<String, Object> attributeMap = new LinkedHashMap<>(this.principalAttributeMap.size());
    this.principalAttributeMap.entrySet().forEach(ldapAttr -> {
        final LdapAttribute attr = ldapEntry.getAttribute(ldapAttr.getKey());
        if (attr != null) {
            LOGGER.debug("Found principal attribute: [{}]", attr);
            final String principalAttrName = ldapAttr.getValue();
            if (attr.size() > 1) {
                LOGGER.debug("Principal attribute: [{}] is multivalued", attr);
                attributeMap.put(principalAttrName, attr.getStringValues());
            } else {
                attributeMap.put(principalAttrName, attr.getStringValue());
            }
        } else {
            LOGGER.warn("Requested LDAP attribute [{}] could not be found on the resolved LDAP entry for [{}]", ldapAttr.getKey(), ldapEntry.getDn());
        }
    });
    final String dnAttribute = getName().concat(".").concat(username);
    LOGGER.debug("Recording principal DN attribute as [{}]", dnAttribute);
    attributeMap.put(dnAttribute, ldapEntry.getDn());
    LOGGER.debug("Created LDAP principal for id [{}] and [{}] attributes", id, attributeMap.size());
    return this.principalFactory.createPrincipal(id, attributeMap);
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute) LinkedHashMap(java.util.LinkedHashMap)

Example 19 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class OptionalWarningAccountStateHandler method handleWarning.

@Override
protected void handleWarning(final AccountState.Warning warning, final AuthenticationResponse response, final LdapPasswordPolicyConfiguration configuration, final List<MessageDescriptor> messages) {
    if (StringUtils.isBlank(this.warnAttributeName)) {
        LOGGER.debug("No warning attribute name is defined");
        return;
    }
    if (StringUtils.isBlank(this.warningAttributeValue)) {
        LOGGER.debug("No warning attribute value to match is defined");
        return;
    }
    final LdapAttribute attribute = response.getLdapEntry().getAttribute(this.warnAttributeName);
    boolean matches = false;
    if (attribute != null) {
        LOGGER.debug("Found warning attribute [{}] with value [{}]", attribute.getName(), attribute.getStringValue());
        matches = this.warningAttributeValue.equals(attribute.getStringValue());
    }
    LOGGER.debug("matches=[{}], displayWarningOnMatch=[{}]", matches, this.displayWarningOnMatch);
    if (this.displayWarningOnMatch == matches) {
        super.handleWarning(warning, response, configuration, messages);
    }
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute)

Example 20 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class OptionalWarningLdapLdapAccountStateHandlerTests method verifyWarningOnMatch.

@Test
public void verifyWarningOnMatch() {
    final OptionalWarningLdapLdapAccountStateHandler h = new OptionalWarningLdapLdapAccountStateHandler();
    h.setWarnAttributeName("attribute");
    h.setWarningAttributeValue("value");
    h.setDisplayWarningOnMatch(true);
    final AuthenticationResponse response = mock(AuthenticationResponse.class);
    final LdapEntry entry = mock(LdapEntry.class);
    when(response.getLdapEntry()).thenReturn(entry);
    when(entry.getAttribute(anyString())).thenReturn(new LdapAttribute("attribute", "value"));
    final List<MessageDescriptor> messages = new ArrayList<>();
    final LdapPasswordPolicyConfiguration config = new LdapPasswordPolicyConfiguration();
    config.setPasswordWarningNumberOfDays(5);
    h.handleWarning(new AccountState.DefaultWarning(ZonedDateTime.now(), 1), response, config, messages);
    assertEquals(2, messages.size());
}
Also used : MessageDescriptor(org.apereo.cas.authentication.MessageDescriptor) LdapAttribute(org.ldaptive.LdapAttribute) ArrayList(java.util.ArrayList) LdapEntry(org.ldaptive.LdapEntry) AccountState(org.ldaptive.auth.AccountState) AuthenticationResponse(org.ldaptive.auth.AuthenticationResponse) Test(org.junit.Test)

Aggregations

LdapAttribute (org.ldaptive.LdapAttribute)27 LdapEntry (org.ldaptive.LdapEntry)18 SearchResult (org.ldaptive.SearchResult)11 SearchFilter (org.ldaptive.SearchFilter)7 ArrayList (java.util.ArrayList)6 ConnectionFactory (org.ldaptive.ConnectionFactory)5 LinkedHashMap (java.util.LinkedHashMap)4 PasswordManagementProperties (org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)4 MessageDescriptor (org.apereo.cas.authentication.MessageDescriptor)3 AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)3 Test (org.junit.Test)3 BindRequest (org.ldaptive.BindRequest)3 CompareRequest (org.ldaptive.CompareRequest)3 LdapException (org.ldaptive.LdapException)3 URI (java.net.URI)2 URL (java.net.URL)2 StandardCharsets (java.nio.charset.StandardCharsets)2 Arrays (java.util.Arrays)2 HashSet (java.util.HashSet)2 List (java.util.List)2