use of org.ldaptive.LdapAttribute in project cas by apereo.
the class OptionalWarningLdapLdapAccountStateHandlerTests method verifyAlwaysWarningOnMatch.
@Test
public void verifyAlwaysWarningOnMatch() {
final OptionalWarningLdapLdapAccountStateHandler h = new OptionalWarningLdapLdapAccountStateHandler();
h.setWarnAttributeName("attribute");
h.setWarningAttributeValue("value");
h.setDisplayWarningOnMatch(true);
final AuthenticationResponse response = mock(AuthenticationResponse.class);
final LdapEntry entry = mock(LdapEntry.class);
when(response.getLdapEntry()).thenReturn(entry);
when(entry.getAttribute(anyString())).thenReturn(new LdapAttribute("attribute", "value"));
final List<MessageDescriptor> messages = new ArrayList<>();
final LdapPasswordPolicyConfiguration config = new LdapPasswordPolicyConfiguration();
config.setAlwaysDisplayPasswordExpirationWarning(true);
h.handleWarning(new AccountState.DefaultWarning(ZonedDateTime.now(), 1), response, config, messages);
assertEquals(2, messages.size());
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class SurrogateLdapAuthenticationService method getEligibleAccountsForSurrogateToProxy.
@Override
public Collection<String> getEligibleAccountsForSurrogateToProxy(final String username) {
final Collection<String> eligible = new LinkedHashSet<>();
try {
final SearchFilter filter = LdapUtils.newLdaptiveSearchFilter(ldapProperties.getSearchFilter(), CollectionUtils.wrap(username));
LOGGER.debug("Using search filter: [{}]", filter);
final Response<SearchResult> response = LdapUtils.executeSearchOperation(this.connectionFactory, ldapProperties.getBaseDn(), filter);
LOGGER.debug("LDAP response: [{}]", response);
if (!LdapUtils.containsResultEntry(response)) {
return eligible;
}
final LdapEntry ldapEntry = response.getResult().getEntry();
final LdapAttribute attribute = ldapEntry.getAttribute(ldapProperties.getMemberAttributeName());
if (attribute == null || attribute.getStringValues().isEmpty()) {
return eligible;
}
final Pattern pattern = RegexUtils.createPattern(ldapProperties.getMemberAttributeValueRegex());
eligible.addAll(attribute.getStringValues().stream().map(pattern::matcher).filter(Matcher::matches).map(p -> p.group(1)).collect(Collectors.toList()));
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return eligible;
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapAuthenticationHandler method createPrincipal.
/**
* Creates a CAS principal with attributes if the LDAP entry contains principal attributes.
*
* @param username Username that was successfully authenticated which is used for principal ID when
* {@link #setPrincipalIdAttribute(String)} is not specified.
* @param ldapEntry LDAP entry that may contain principal attributes.
* @return Principal if the LDAP entry contains at least a principal ID attribute value, null otherwise.
* @throws LoginException On security policy errors related to principal creation.
*/
protected Principal createPrincipal(final String username, final LdapEntry ldapEntry) throws LoginException {
LOGGER.debug("Creating LDAP principal for [{}] based on [{}] and attributes [{}]", username, ldapEntry.getDn(), ldapEntry.getAttributeNames());
final String id = getLdapPrincipalIdentifier(username, ldapEntry);
final Map<String, Object> attributeMap = new LinkedHashMap<>(this.principalAttributeMap.size());
this.principalAttributeMap.entrySet().forEach(ldapAttr -> {
final LdapAttribute attr = ldapEntry.getAttribute(ldapAttr.getKey());
if (attr != null) {
LOGGER.debug("Found principal attribute: [{}]", attr);
final String principalAttrName = ldapAttr.getValue();
if (attr.size() > 1) {
LOGGER.debug("Principal attribute: [{}] is multivalued", attr);
attributeMap.put(principalAttrName, attr.getStringValues());
} else {
attributeMap.put(principalAttrName, attr.getStringValue());
}
} else {
LOGGER.warn("Requested LDAP attribute [{}] could not be found on the resolved LDAP entry for [{}]", ldapAttr.getKey(), ldapEntry.getDn());
}
});
final String dnAttribute = getName().concat(".").concat(username);
LOGGER.debug("Recording principal DN attribute as [{}]", dnAttribute);
attributeMap.put(dnAttribute, ldapEntry.getDn());
LOGGER.debug("Created LDAP principal for id [{}] and [{}] attributes", id, attributeMap.size());
return this.principalFactory.createPrincipal(id, attributeMap);
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class OptionalWarningAccountStateHandler method handleWarning.
@Override
protected void handleWarning(final AccountState.Warning warning, final AuthenticationResponse response, final LdapPasswordPolicyConfiguration configuration, final List<MessageDescriptor> messages) {
if (StringUtils.isBlank(this.warnAttributeName)) {
LOGGER.debug("No warning attribute name is defined");
return;
}
if (StringUtils.isBlank(this.warningAttributeValue)) {
LOGGER.debug("No warning attribute value to match is defined");
return;
}
final LdapAttribute attribute = response.getLdapEntry().getAttribute(this.warnAttributeName);
boolean matches = false;
if (attribute != null) {
LOGGER.debug("Found warning attribute [{}] with value [{}]", attribute.getName(), attribute.getStringValue());
matches = this.warningAttributeValue.equals(attribute.getStringValue());
}
LOGGER.debug("matches=[{}], displayWarningOnMatch=[{}]", matches, this.displayWarningOnMatch);
if (this.displayWarningOnMatch == matches) {
super.handleWarning(warning, response, configuration, messages);
}
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class OptionalWarningLdapLdapAccountStateHandlerTests method verifyWarningOnMatch.
@Test
public void verifyWarningOnMatch() {
final OptionalWarningLdapLdapAccountStateHandler h = new OptionalWarningLdapLdapAccountStateHandler();
h.setWarnAttributeName("attribute");
h.setWarningAttributeValue("value");
h.setDisplayWarningOnMatch(true);
final AuthenticationResponse response = mock(AuthenticationResponse.class);
final LdapEntry entry = mock(LdapEntry.class);
when(response.getLdapEntry()).thenReturn(entry);
when(entry.getAttribute(anyString())).thenReturn(new LdapAttribute("attribute", "value"));
final List<MessageDescriptor> messages = new ArrayList<>();
final LdapPasswordPolicyConfiguration config = new LdapPasswordPolicyConfiguration();
config.setPasswordWarningNumberOfDays(5);
h.handleWarning(new AccountState.DefaultWarning(ZonedDateTime.now(), 1), response, config, messages);
assertEquals(2, messages.size());
}
Aggregations