use of org.springframework.ldap.core.DirContextOperations in project service-authorization by reportportal.
the class LdapUserReplicator method replicateUser.
/**
* Replicates LDAP user to internal database (if does NOT exist). Creates personal project for that user
*
* @param name Username
* @param ctx LDAP context
* @param attributes Synchronization Attributes
* @return Internal User representation
*/
public User replicateUser(String name, DirContextOperations ctx, SynchronizationAttributes attributes) {
String email = (String) ctx.getObjectAttribute(attributes.getEmail());
if (isNullOrEmpty(email)) {
throw new UserSynchronizationException("Email not provided");
}
email = normalizeId(email);
String login = normalizeId(name);
User user = userRepository.findOne(login);
if (null == user) {
User newUser = new User();
newUser.setLogin(login);
ofNullable(attributes.getFullName()).flatMap(it -> ofNullable(ctx.getStringAttribute(it))).ifPresent(newUser::setFullName);
ofNullable(attributes.getPhoto()).flatMap(it -> ofNullable(ctx.getObjectAttribute(it))).filter(photo -> photo instanceof byte[]).map(photo -> (byte[]) photo).ifPresent(photo -> newUser.setPhotoId(uploadPhoto(login, photo)));
checkEmail(email);
newUser.setEmail(email);
newUser.setMetaInfo(defaultMetaInfo());
newUser.setType(UserType.LDAP);
newUser.setRole(UserRole.USER);
newUser.setIsExpired(false);
newUser.setDefaultProject(generatePersonalProject(newUser));
userRepository.save(newUser);
user = newUser;
} else if (!UserType.LDAP.equals(user.getType())) {
// if user with such login exists, but it's not GitHub user than throw an exception
throw new UserSynchronizationException("User with login '" + user.getId() + "' already exists");
}
return user;
}
use of org.springframework.ldap.core.DirContextOperations in project ranger by apache.
the class PasswordComparisonAuthenticator method authenticate.
// ~ Methods
// ========================================================================================================
public DirContextOperations authenticate(final Authentication authentication) {
Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication, "Can only process UsernamePasswordAuthenticationToken objects");
// locate the user and check the password
DirContextOperations user = null;
String username = authentication.getName();
String password = (String) authentication.getCredentials();
Iterator dns = getUserDns(username).iterator();
SpringSecurityLdapTemplate ldapTemplate = new SpringSecurityLdapTemplate(getContextSource());
while (dns.hasNext() && user == null) {
final String userDn = (String) dns.next();
try {
user = ldapTemplate.retrieveEntry(userDn, getUserAttributes());
} catch (NameNotFoundException ignore) {
}
}
if (user == null && getUserSearch() != null) {
user = getUserSearch().searchForUser(username);
}
if (user == null) {
throw new UsernameNotFoundException("User not found: " + username);
}
if (logger.isDebugEnabled()) {
logger.debug("Performing LDAP compare of password attribute '" + passwordAttributeName + "' for user '" + user.getDn() + "'");
}
String encodedPassword = passwordEncoder.encode(password);
byte[] passwordBytes = encodedPassword.getBytes();
if (!ldapTemplate.compare(user.getDn().toString(), passwordAttributeName, passwordBytes)) {
throw new BadCredentialsException(messages.getMessage("PasswordComparisonAuthenticator.badCredentials", "Bad credentials"));
}
return user;
}
use of org.springframework.ldap.core.DirContextOperations in project tutorials by eugenp.
the class LdapClient method modify.
public void modify(final String username, final String password) {
Name dn = LdapNameBuilder.newInstance().add("ou", "users").add("cn", username).build();
DirContextOperations context = ldapTemplate.lookupContext(dn);
context.setAttributeValues("objectclass", new String[] { "top", "person", "organizationalPerson", "inetOrgPerson" });
context.setAttributeValue("cn", username);
context.setAttributeValue("sn", username);
context.setAttributeValue("userPassword", digestSHA(password));
ldapTemplate.modifyAttributes(context);
}
use of org.springframework.ldap.core.DirContextOperations in project opencast by opencast.
the class OpencastLdapAuthoritiesPopulatorTest method doTest.
/**
* Perform the test of an instance of the class OpencastLdapAuthoritiesPopulator.
*
* @param populator
* an instance of {@link OpencastLdapAuthoritiesPopulator} to test
* @param mappings
* a {@link Map} containing the LDAP attribute name - value pairs, where the name is a {@link String} and the
* value an array of {@code String}s, possibly {@code null} or empty.
*/
private void doTest(OpencastLdapAuthoritiesPopulator populator, Map<String, String[]> mappings, String rolePrefix, String[] excludePrefixes, boolean toUppercase, String[] additionalAuthorities, JpaGroupRoleProvider groupRoleProvider) {
DirContextOperations dirContextMock = EasyMock.createNiceMock(DirContextOperations.class);
// Populate the DirContextOperations class
for (String attrName : mappings.keySet()) {
EasyMock.expect(dirContextMock.getStringAttributes(attrName)).andReturn(mappings.get(attrName)).anyTimes();
}
EasyMock.replay(dirContextMock);
// Prepare the expected result
HashSet<GrantedAuthority> expectedResult = new HashSet<>();
for (String attrName : mappings.keySet()) {
if (mappings.get(attrName) != null) {
for (String attrValues : mappings.get(attrName)) {
addRoles(expectedResult, rolePrefix, excludePrefixes, toUppercase, groupRoleProvider, org, attrValues.split(","));
}
}
}
// Add the internal roles
for (Role role : DEFAULT_INTERNAL_ROLES) {
expectedResult.add(new SimpleGrantedAuthority(role.getName()));
}
// Add the additional authorities
addRoles(expectedResult, rolePrefix, excludePrefixes, toUppercase, groupRoleProvider, org, additionalAuthorities);
// Check the response is correct
checkResponse(populator.getGrantedAuthorities(dirContextMock, USERNAME), expectedResult);
}
use of org.springframework.ldap.core.DirContextOperations in project nifi-registry by apache.
the class LdapUserGroupProvider method load.
/**
* Reloads the tenants.
*/
private void load(final ContextSource contextSource) {
// create the ldapTemplate based on the context source. use a single source context to use the same connection
// to support paging when configured
final SingleContextSource singleContextSource = new SingleContextSource(contextSource.getReadOnlyContext());
final LdapTemplate ldapTemplate = new LdapTemplate(singleContextSource);
try {
final List<User> userList = new ArrayList<>();
final List<Group> groupList = new ArrayList<>();
// group dn -> user identifiers lookup
final Map<String, Set<String>> groupToUserIdentifierMappings = new HashMap<>();
// user dn -> user lookup
final Map<String, User> userLookup = new HashMap<>();
if (performUserSearch) {
// search controls
final SearchControls userControls = new SearchControls();
userControls.setSearchScope(userSearchScope.ordinal());
// consider paging support for users
final DirContextProcessor userProcessor;
if (pageSize == null) {
userProcessor = new NullDirContextProcessor();
} else {
userProcessor = new PagedResultsDirContextProcessor(pageSize);
}
// looking for objects matching the user object class
final AndFilter userFilter = new AndFilter();
userFilter.and(new EqualsFilter("objectClass", userObjectClass));
// if a filter has been provided by the user, we add it to the filter
if (StringUtils.isNotBlank(userSearchFilter)) {
userFilter.and(new HardcodedFilter(userSearchFilter));
}
do {
userList.addAll(ldapTemplate.search(userSearchBase, userFilter.encode(), userControls, new AbstractContextMapper<User>() {
@Override
protected User doMapFromContext(DirContextOperations ctx) {
// get the user identity
final String identity = getUserIdentity(ctx);
// build the user
final User user = new User.Builder().identifierGenerateFromSeed(identity).identity(identity).build();
// store the user for group member later
userLookup.put(getReferencedUserValue(ctx), user);
if (StringUtils.isNotBlank(userGroupNameAttribute)) {
final Attribute attributeGroups = ctx.getAttributes().get(userGroupNameAttribute);
if (attributeGroups == null) {
logger.warn("User group name attribute [" + userGroupNameAttribute + "] does not exist. Ignoring group membership.");
} else {
try {
final NamingEnumeration<String> groupValues = (NamingEnumeration<String>) attributeGroups.getAll();
while (groupValues.hasMoreElements()) {
// store the group -> user identifier mapping
groupToUserIdentifierMappings.computeIfAbsent(groupValues.next(), g -> new HashSet<>()).add(user.getIdentifier());
}
} catch (NamingException e) {
throw new AuthorizationAccessException("Error while retrieving user group name attribute [" + userIdentityAttribute + "].");
}
}
}
return user;
}
}, userProcessor));
} while (hasMorePages(userProcessor));
}
if (performGroupSearch) {
final SearchControls groupControls = new SearchControls();
groupControls.setSearchScope(groupSearchScope.ordinal());
// consider paging support for groups
final DirContextProcessor groupProcessor;
if (pageSize == null) {
groupProcessor = new NullDirContextProcessor();
} else {
groupProcessor = new PagedResultsDirContextProcessor(pageSize);
}
// looking for objects matching the group object class
AndFilter groupFilter = new AndFilter();
groupFilter.and(new EqualsFilter("objectClass", groupObjectClass));
// if a filter has been provided by the user, we add it to the filter
if (StringUtils.isNotBlank(groupSearchFilter)) {
groupFilter.and(new HardcodedFilter(groupSearchFilter));
}
do {
groupList.addAll(ldapTemplate.search(groupSearchBase, groupFilter.encode(), groupControls, new AbstractContextMapper<Group>() {
@Override
protected Group doMapFromContext(DirContextOperations ctx) {
final String dn = ctx.getDn().toString();
// get the group identity
final String name = getGroupName(ctx);
// get the value of this group that may associate it to users
final String referencedGroupValue = getReferencedGroupValue(ctx);
if (!StringUtils.isBlank(groupMemberAttribute)) {
Attribute attributeUsers = ctx.getAttributes().get(groupMemberAttribute);
if (attributeUsers == null) {
logger.warn("Group member attribute [" + groupMemberAttribute + "] does not exist. Ignoring group membership.");
} else {
try {
final NamingEnumeration<String> userValues = (NamingEnumeration<String>) attributeUsers.getAll();
while (userValues.hasMoreElements()) {
final String userValue = userValues.next();
if (performUserSearch) {
// find the user by it's referenced attribute and add the identifier to this group
final User user = userLookup.get(userValue);
// ensure the user is known
if (user != null) {
groupToUserIdentifierMappings.computeIfAbsent(referencedGroupValue, g -> new HashSet<>()).add(user.getIdentifier());
} else {
logger.warn(String.format("%s contains member %s but that user was not found while searching users. Ignoring group membership.", name, userValue));
}
} else {
// since performUserSearch is false, then the referenced group attribute must be blank... the user value must be the dn
final String userDn = userValue;
final String userIdentity;
if (useDnForUserIdentity) {
// use the user value to avoid the unnecessary look up
userIdentity = userDn;
} else {
// lookup the user to extract the user identity
userIdentity = getUserIdentity((DirContextAdapter) ldapTemplate.lookup(userDn));
}
// build the user
final User user = new User.Builder().identifierGenerateFromSeed(userIdentity).identity(userIdentity).build();
// add this user
userList.add(user);
groupToUserIdentifierMappings.computeIfAbsent(referencedGroupValue, g -> new HashSet<>()).add(user.getIdentifier());
}
}
} catch (NamingException e) {
throw new AuthorizationAccessException("Error while retrieving group name attribute [" + groupNameAttribute + "].");
}
}
}
// build this group
final Group.Builder groupBuilder = new Group.Builder().identifierGenerateFromSeed(name).name(name);
// add all users that were associated with this referenced group attribute
if (groupToUserIdentifierMappings.containsKey(referencedGroupValue)) {
groupToUserIdentifierMappings.remove(referencedGroupValue).forEach(userIdentifier -> groupBuilder.addUser(userIdentifier));
}
return groupBuilder.build();
}
}, groupProcessor));
} while (hasMorePages(groupProcessor));
// any remaining groupDn's were referenced by a user but not found while searching groups
groupToUserIdentifierMappings.forEach((referencedGroupValue, userIdentifiers) -> {
logger.warn(String.format("[%s] are members of %s but that group was not found while searching users. Ignoring group membership.", StringUtils.join(userIdentifiers, ", "), referencedGroupValue));
});
} else {
// since performGroupSearch is false, then the referenced user attribute must be blank... the group value must be the dn
// groups are not being searched so lookup any groups identified while searching users
groupToUserIdentifierMappings.forEach((groupDn, userIdentifiers) -> {
final String groupName;
if (useDnForGroupName) {
// use the dn to avoid the unnecessary look up
groupName = groupDn;
} else {
groupName = getGroupName((DirContextAdapter) ldapTemplate.lookup(groupDn));
}
// define the group
final Group.Builder groupBuilder = new Group.Builder().identifierGenerateFromSeed(groupName).name(groupName);
// add each user
userIdentifiers.forEach(userIdentifier -> groupBuilder.addUser(userIdentifier));
// build the group
groupList.add(groupBuilder.build());
});
}
// record the updated tenants
tenants.set(new TenantHolder(new HashSet<>(userList), new HashSet<>(groupList)));
} finally {
singleContextSource.destroy();
}
}
Aggregations