Search in sources :

Example 1 with RbacCreateSessionRequestImpl

use of org.openldap.accelerator.api.createSession.RbacCreateSessionRequestImpl in project directory-fortress-core by apache.

the class AcceleratorDAO method createSession.

/**
 * Authenticate user and return sessionId inside {@link org.apache.directory.fortress.core.model.Session#sessionId}.
 * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#createSession(org.apache.directory.fortress.core.model.User, boolean)}
 * Success will result in impl session state, i.e. {@link org.apache.directory.fortress.core.model.Session}, to be stored on server-side.
 * Result may be stored inside RBAC server-side audit record and retrieved with {@link org.apache.directory.fortress.core.AuditMgr#searchBinds(org.apache.directory.fortress.core.model.UserAudit)}
 *
 * It uses the {@link RbacCreateSessionRequest} and {@link RbacCreateSessionResponse} accelerator APIs.
 *
 * @param user
 * @return session contains a valid sessionId captured from accelerator createSession method.
 *
 * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_CREATE_SESSION_ERR}.
 */
Session createSession(User user) throws SecurityException {
    Session session = null;
    LdapConnection ld = null;
    try {
        ld = getAdminConnection();
        ld.setTimeOut(0);
        // Create a new RBAC session
        RbacCreateSessionRequest rbacCreateSessionRequest = new RbacCreateSessionRequestImpl();
        // rbacCreateSessionRequest.setTenantId( "jts" );
        rbacCreateSessionRequest.setTenantId(user.getContextId());
        rbacCreateSessionRequest.setUserIdentity(user.getUserId());
        rbacCreateSessionRequest.setPassword(new String(user.getPassword()));
        if (CollectionUtils.isNotEmpty(user.getRoles())) {
            for (UserRole userRole : user.getRoles()) {
                rbacCreateSessionRequest.addRole(userRole.getName());
            }
        }
        // Send the request
        RbacCreateSessionResponse rbacCreateSessionResponse = (RbacCreateSessionResponse) ld.extended(rbacCreateSessionRequest);
        LOG.debug("createSession userId: {}, sessionId: {}, resultCode: {}", user.getUserId(), rbacCreateSessionResponse.getSessionId(), rbacCreateSessionResponse.getLdapResult().getResultCode());
        session = new Session(user, rbacCreateSessionResponse.getSessionId());
        if (rbacCreateSessionResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS) {
            session.setAuthenticated(true);
        } else {
            session.setAuthenticated(false);
            String info = "createSession UserId [" + user.getUserId() + "] failed: " + rbacCreateSessionResponse.getLdapResult() + " , resultCode: " + rbacCreateSessionResponse.getLdapResult().getResultCode().getResultCode();
            throw new SecurityException(GlobalErrIds.USER_PW_INVLD, info);
        }
    } catch (LdapException e) {
        String error = "createSession userId [" + user.getUserId() + "] caught LDAPException=" + " msg=" + e.getMessage();
        throw new SecurityException(GlobalErrIds.ACEL_CREATE_SESSION_ERR, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return session;
}
Also used : RbacCreateSessionRequest(org.openldap.accelerator.api.createSession.RbacCreateSessionRequest) RbacCreateSessionResponse(org.openldap.accelerator.api.createSession.RbacCreateSessionResponse) UserRole(org.apache.directory.fortress.core.model.UserRole) RbacCreateSessionRequestImpl(org.openldap.accelerator.api.createSession.RbacCreateSessionRequestImpl) SecurityException(org.apache.directory.fortress.core.SecurityException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) Session(org.apache.directory.fortress.core.model.Session) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Aggregations

LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1 SecurityException (org.apache.directory.fortress.core.SecurityException)1 Session (org.apache.directory.fortress.core.model.Session)1 UserRole (org.apache.directory.fortress.core.model.UserRole)1 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)1 RbacCreateSessionRequest (org.openldap.accelerator.api.createSession.RbacCreateSessionRequest)1 RbacCreateSessionRequestImpl (org.openldap.accelerator.api.createSession.RbacCreateSessionRequestImpl)1 RbacCreateSessionResponse (org.openldap.accelerator.api.createSession.RbacCreateSessionResponse)1