use of org.opengrok.indexer.authorization.AuthorizationException in project OpenGrok by OpenGrok.
the class LdapAttrPlugin method fillSession.
@Override
public void fillSession(HttpServletRequest req, User user) {
updateSession(req, false);
LdapUser ldapUser = (LdapUser) req.getSession().getAttribute(LdapUserPlugin.getSessionAttrName(ldapUserInstance));
if (ldapUser == null) {
LOGGER.log(Level.WARNING, "cannot get {0} attribute from {1}", new Object[] { LdapUserPlugin.SESSION_ATTR, user });
return;
}
// Check attributes cached in LDAP user object first, then query LDAP server
// (and if found, cache the result in the LDAP user object).
Set<String> attributeValues = ldapUser.getAttribute(ldapAttr);
if (attributeValues == null) {
Map<String, Set<String>> records = null;
AbstractLdapProvider ldapProvider = getLdapProvider();
try {
String dn = ldapUser.getDn();
if (dn != null) {
LOGGER.log(Level.FINEST, "searching with dn={0} on {1}", new Object[] { dn, ldapProvider });
AbstractLdapProvider.LdapSearchResult<Map<String, Set<String>>> res;
if ((res = ldapProvider.lookupLdapContent(dn, new String[] { ldapAttr })) == null) {
LOGGER.log(Level.WARNING, "cannot lookup attributes {0} for user {1} on {2})", new Object[] { ldapAttr, ldapUser, ldapProvider });
return;
}
records = res.getAttrs();
} else {
LOGGER.log(Level.FINE, "no DN for LDAP user {0} on {1}", new Object[] { ldapUser, ldapProvider });
}
} catch (LdapException ex) {
throw new AuthorizationException(ex);
}
if (records == null || records.isEmpty() || (attributeValues = records.get(ldapAttr)) == null) {
LOGGER.log(Level.WARNING, "empty records or attribute values {0} for user {1} on {2}", new Object[] { ldapAttr, ldapUser, ldapProvider });
return;
}
ldapUser.setAttribute(ldapAttr, attributeValues);
}
boolean isAttrInWhitelist = attributeValues.stream().anyMatch(whitelist::contains);
LOGGER.log(Level.FINEST, "LDAP user {0} {1} against {2}", new Object[] { ldapUser, isAttrInWhitelist ? "allowed" : "denied", filePath });
updateSession(req, isAttrInWhitelist);
}
use of org.opengrok.indexer.authorization.AuthorizationException in project OpenGrok by OpenGrok.
the class LdapFilterPlugin method fillSession.
@Override
public void fillSession(HttpServletRequest req, User user) {
LdapUser ldapUser;
updateSession(req, false);
if ((ldapUser = (LdapUser) req.getSession().getAttribute(getSessionAttr())) == null) {
LOGGER.log(Level.WARNING, "failed to get LDAP attribute ''{0}'' from session for user {1}", new Object[] { LdapUserPlugin.SESSION_ATTR, user });
return;
}
String expandedFilter = expandFilter(ldapFilter, ldapUser, user);
LOGGER.log(Level.FINEST, "expanded filter ''{0}'' for user {1} and LDAP user {2} into ''{3}''", new Object[] { ldapFilter, user, ldapUser, expandedFilter });
AbstractLdapProvider ldapProvider = getLdapProvider();
try {
if ((ldapProvider.lookupLdapContent(null, expandedFilter)) == null) {
LOGGER.log(Level.FINER, "empty content for LDAP user {0} with filter ''{1}'' on {2}", new Object[] { ldapUser, expandedFilter, ldapProvider });
return;
}
} catch (LdapException ex) {
throw new AuthorizationException(ex);
}
LOGGER.log(Level.FINER, "LDAP user {0} allowed on {1}", new Object[] { ldapUser, ldapProvider });
updateSession(req, true);
}
use of org.opengrok.indexer.authorization.AuthorizationException in project OpenGrok by OpenGrok.
the class LdapUserPlugin method fillSession.
@Override
public void fillSession(HttpServletRequest req, User user) {
Map<String, Set<String>> records;
updateSession(req, null);
if (getLdapProvider() == null) {
LOGGER.log(Level.WARNING, "cannot get LDAP provider");
return;
}
String dn = null;
if (Boolean.TRUE.equals(useDN)) {
dn = user.getUsername();
LOGGER.log(Level.FINEST, "using DN ''{0}'' for user {1}", new Object[] { dn, user });
}
String expandedFilter = null;
if (ldapFilter != null) {
expandedFilter = expandFilter(user);
LOGGER.log(Level.FINEST, "expanded filter for user {0} into ''{1}''", new Object[] { user, expandedFilter });
}
AbstractLdapProvider ldapProvider = getLdapProvider();
try {
AbstractLdapProvider.LdapSearchResult<Map<String, Set<String>>> res;
if ((res = ldapProvider.lookupLdapContent(dn, expandedFilter, attrSet.toArray(new String[0]))) == null) {
LOGGER.log(Level.WARNING, "failed to get LDAP attributes ''{2}'' for user {0} " + "with filter ''{1}'' from LDAP provider {3}", new Object[] { user, expandedFilter, attrSet, getLdapProvider() });
LdapUser ldapUser = new LdapUser(dn, null);
ldapUser.setAttribute(NEGATIVE_CACHE_ATTR, Collections.singleton(null));
updateSession(req, ldapUser);
return;
}
records = res.getAttrs();
if (Boolean.FALSE.equals(useDN)) {
dn = res.getDN();
LOGGER.log(Level.FINEST, "got DN ''{0}'' for user {1}", new Object[] { dn, user });
}
} catch (LdapException ex) {
throw new AuthorizationException(ex);
}
if (records.isEmpty()) {
LOGGER.log(Level.WARNING, "LDAP records for user {0} are empty on {1}", new Object[] { user, ldapProvider });
return;
}
for (String attrName : attrSet) {
if (!records.containsKey(attrName) || records.get(attrName) == null || records.get(attrName).isEmpty()) {
LOGGER.log(Level.WARNING, "''{0}'' record for user {1} is not present or empty on {2}", new Object[] { attrName, user, ldapProvider });
}
}
Map<String, Set<String>> userAttrSet = new HashMap<>();
for (String attrName : this.attrSet) {
userAttrSet.put(attrName, records.get(attrName));
}
LOGGER.log(Level.FINEST, "DN for user {0} is ''{1}'' on {2}", new Object[] { user, dn, ldapProvider });
updateSession(req, new LdapUser(dn, userAttrSet));
}
Aggregations