use of org.springframework.ldap.core.DirContextOperations in project spring-security by spring-projects.
the class NamespaceLdapAuthenticationProviderTests method ldapAuthenticationProviderCustomLdapAuthoritiesPopulator.
// SEC-2490
@Test
public void ldapAuthenticationProviderCustomLdapAuthoritiesPopulator() throws Exception {
LdapContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://blah.example.com:789/dc=springframework,dc=org");
CustomAuthoritiesPopulatorConfig.LAP = new DefaultLdapAuthoritiesPopulator(contextSource, null) {
@Override
protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user, String username) {
return new HashSet<>(AuthorityUtils.createAuthorityList("ROLE_EXTRA"));
}
};
this.spring.register(CustomAuthoritiesPopulatorConfig.class).autowire();
// @formatter:off
SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin().user("bob").password("bobspassword");
SecurityMockMvcResultMatchers.AuthenticatedMatcher user = authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA")));
// @formatter:on
this.mockMvc.perform(request).andExpect(user);
}
use of org.springframework.ldap.core.DirContextOperations in project spring-security by spring-projects.
the class SpringSecurityLdapTemplate method searchForSingleEntryInternal.
/**
* Internal method extracted to avoid code duplication in AD search.
*/
public static DirContextOperations searchForSingleEntryInternal(DirContext ctx, SearchControls searchControls, String base, String filter, Object[] params) throws NamingException {
final DistinguishedName ctxBaseDn = new DistinguishedName(ctx.getNameInNamespace());
final DistinguishedName searchBaseDn = new DistinguishedName(base);
final NamingEnumeration<SearchResult> resultsEnum = ctx.search(searchBaseDn, filter, params, buildControls(searchControls));
logger.trace(LogMessage.format("Searching for entry under DN '%s', base = '%s', filter = '%s'", ctxBaseDn, searchBaseDn, filter));
Set<DirContextOperations> results = new HashSet<>();
try {
while (resultsEnum.hasMore()) {
SearchResult searchResult = resultsEnum.next();
DirContextAdapter dca = (DirContextAdapter) searchResult.getObject();
Assert.notNull(dca, "No object returned by search, DirContext is not correctly configured");
logger.debug(LogMessage.format("Found DN: %s", dca.getDn()));
results.add(dca);
}
} catch (PartialResultException ex) {
LdapUtils.closeEnumeration(resultsEnum);
logger.trace("Ignoring PartialResultException");
}
if (results.size() != 1) {
throw new IncorrectResultSizeDataAccessException(1, results.size());
}
return results.iterator().next();
}
use of org.springframework.ldap.core.DirContextOperations in project spring-security by spring-projects.
the class BindAuthenticator method authenticate.
@Override
public DirContextOperations authenticate(Authentication authentication) {
DirContextOperations user = null;
Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication, "Can only process UsernamePasswordAuthenticationToken objects");
String username = authentication.getName();
String password = (String) authentication.getCredentials();
if (!StringUtils.hasLength(password)) {
logger.debug(LogMessage.format("Failed to authenticate since no credentials provided"));
throw new BadCredentialsException(this.messages.getMessage("BindAuthenticator.emptyPassword", "Empty Password"));
}
// If DN patterns are configured, try authenticating with them directly
for (String dn : getUserDns(username)) {
user = bindWithDn(dn, username, password);
if (user != null) {
break;
}
}
if (user == null) {
logger.debug(LogMessage.of(() -> "Failed to bind with any user DNs " + getUserDns(username)));
}
// with the returned DN.
if (user == null && getUserSearch() != null) {
logger.trace("Searching for user using " + getUserSearch());
DirContextOperations userFromSearch = getUserSearch().searchForUser(username);
user = bindWithDn(userFromSearch.getDn().toString(), username, password, userFromSearch.getAttributes());
if (user == null) {
logger.debug("Failed to find user using " + getUserSearch());
}
}
if (user == null) {
throw new BadCredentialsException(this.messages.getMessage("BindAuthenticator.badCredentials", "Bad credentials"));
}
return user;
}
use of org.springframework.ldap.core.DirContextOperations in project midpoint by Evolveum.
the class MidPointLdapAuthenticationProvider method createAuthenticatorProvider.
private LdapAuthenticationProvider createAuthenticatorProvider(LdapAuthenticator authenticator) {
return new LdapAuthenticationProvider(authenticator) {
@Override
protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken authentication) {
DirContextOperations originalDirContextOperations = super.doAuthentication(authentication);
return MidPointLdapAuthenticationProvider.this.doAuthentication(originalDirContextOperations);
}
@Override
protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user) {
Authentication authNCtx = super.createSuccessfulAuthentication(authentication, user);
MidPointLdapAuthenticationProvider.this.createSuccessfulAuthentication(authentication, authNCtx);
return authNCtx;
}
};
}
use of org.springframework.ldap.core.DirContextOperations in project perun by CESNET.
the class PerunUserImpl method removeFromFacilityAdmins.
@Override
public void removeFromFacilityAdmins(User user, Facility facility) {
DirContextOperations entry = findByDN(buildDN(user));
Name facilityDN = addBaseDN(perunFacility.getEntryDN(String.valueOf(facility.getId())));
entry.removeAttributeValue(PerunAttribute.PerunAttributeNames.ldapAttrAdminOfFacility, facilityDN.toString());
ldapTemplate.modifyAttributes(entry);
}
Aggregations