Search in sources :

Example 6 with AttributesMapper

use of org.springframework.ldap.core.AttributesMapper in project metron by apache.

the class KnoxSSOAuthenticationFilter method getAuthentication.

/**
 * Builds the Spring Authentication object using the supplied user name and groups looked up from LDAP.  Groups are currently
 * mapped directly to Spring roles by converting to upper case and prepending the name with "ROLE_".
 * @param userName The username to build the Authentication object with.
 * @param httpRequest HttpServletRequest
 * @return Authentication object for the given user.
 */
protected Authentication getAuthentication(String userName, HttpServletRequest httpRequest) {
    String ldapName = LdapNameBuilder.newInstance().add(userSearchBase).add("uid", userName).build().toString();
    // Search ldap for a user's groups and convert to a Spring role
    List<GrantedAuthority> grantedAuths = ldapTemplate.search(query().where("objectclass").is("groupOfNames").and("member").is(ldapName), (AttributesMapper<String>) attrs -> (String) attrs.get("cn").get()).stream().map(group -> String.format("%s%s", SECURITY_ROLE_PREFIX, group.toUpperCase())).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
    final UserDetails principal = new User(userName, "", grantedAuths);
    final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
    WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
    authentication.setDetails(webDetails);
    return authentication;
}
Also used : WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) FilterChain(javax.servlet.FilterChain) ServletException(javax.servlet.ServletException) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) User(org.springframework.security.core.userdetails.User) JWSObject(com.nimbusds.jose.JWSObject) LdapTemplate(org.springframework.ldap.core.LdapTemplate) HttpServletRequest(javax.servlet.http.HttpServletRequest) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) UserDetails(org.springframework.security.core.userdetails.UserDetails) SECURITY_ROLE_PREFIX(org.apache.metron.rest.MetronRestConstants.SECURITY_ROLE_PREFIX) Filter(javax.servlet.Filter) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) Cookie(javax.servlet.http.Cookie) ParseException(java.text.ParseException) Path(java.nio.file.Path) JWSVerifier(com.nimbusds.jose.JWSVerifier) ServletRequest(javax.servlet.ServletRequest) Logger(org.slf4j.Logger) Files(java.nio.file.Files) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SignedJWT(com.nimbusds.jwt.SignedJWT) Collectors(java.util.stream.Collectors) LdapNameBuilder(org.springframework.ldap.support.LdapNameBuilder) StandardCharsets(java.nio.charset.StandardCharsets) GrantedAuthority(org.springframework.security.core.GrantedAuthority) List(java.util.List) AttributesMapper(org.springframework.ldap.core.AttributesMapper) SecurityContext(org.springframework.security.core.context.SecurityContext) ServletResponse(javax.servlet.ServletResponse) LdapQueryBuilder.query(org.springframework.ldap.query.LdapQueryBuilder.query) FilterConfig(javax.servlet.FilterConfig) SecurityUtils(org.apache.metron.rest.security.SecurityUtils) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Authentication(org.springframework.security.core.Authentication) UserDetails(org.springframework.security.core.userdetails.UserDetails) User(org.springframework.security.core.userdetails.User) WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Aggregations

AttributesMapper (org.springframework.ldap.core.AttributesMapper)6 Attributes (javax.naming.directory.Attributes)4 HashMap (java.util.HashMap)3 Map (java.util.Map)3 Attribute (javax.naming.directory.Attribute)3 AndFilter (org.springframework.ldap.filter.AndFilter)3 EqualsFilter (org.springframework.ldap.filter.EqualsFilter)3 List (java.util.List)2 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1 JWSObject (com.nimbusds.jose.JWSObject)1 JWSVerifier (com.nimbusds.jose.JWSVerifier)1 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 IOException (java.io.IOException)1 StandardCharsets (java.nio.charset.StandardCharsets)1 Files (java.nio.file.Files)1 Path (java.nio.file.Path)1 Principal (java.security.Principal)1 CertificateException (java.security.cert.CertificateException)1 ParseException (java.text.ParseException)1