Example 16 with LdapAuthenticationProvider
use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project ranger by apache.
the class AuthenticationCheck method getLdapBindAuthentication.
private Authentication getLdapBindAuthentication(String ldapUrl, String bindDn, String bindPassword, String userName, String userPassword) {
Authentication result = null;
try {
LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(ldapUrl);
ldapContextSource.setUserDn(bindDn);
ldapContextSource.setPassword(bindPassword);
ldapContextSource.setReferral("follow");
ldapContextSource.setCacheEnvironmentProperties(false);
ldapContextSource.setAnonymousReadOnly(true);
ldapContextSource.setPooled(true);
ldapContextSource.afterPropertiesSet();
DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, groupSearchBase);
defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(roleAttribute);
defaultLdapAuthoritiesPopulator.setGroupSearchFilter(groupSearchFilter);
defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
String searchFilter = "(uid={0})";
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(adDomain, searchFilter, ldapContextSource);
userSearch.setSearchSubtree(true);
BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
bindAuthenticator.setUserSearch(userSearch);
String[] userDnPatterns = new String[] { userDnPattern };
bindAuthenticator.setUserDnPatterns(userDnPatterns);
bindAuthenticator.afterPropertiesSet();
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
final UserDetails principal = new User(userName, userPassword, grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
result = ldapAuthenticationProvider.authenticate(finalAuthentication);
}
} catch (BadCredentialsException bce) {
logFile.println("ERROR: LDAP Authentication Failed. Please verify values for ranger.admin.auth.sampleuser and " + "ranger.admin.auth.samplepassword\n");
} catch (Exception e) {
logFile.println("ERROR: LDAP Authentication Failed: " + e);
}
return result;
}
Also used :
BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator)
DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource)
User(org.springframework.security.core.userdetails.User)
LdapContextSource(org.springframework.ldap.core.support.LdapContextSource)
DefaultLdapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
Authentication(org.springframework.security.core.Authentication)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)
Example 17 with LdapAuthenticationProvider
use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project ranger by apache.
the class AuthenticationCheck method getADBindAuthentication.
private Authentication getADBindAuthentication(String ldapUrl, String bindDn, String bindPassword, String userName, String userPassword) {
Authentication result = null;
try {
LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(ldapUrl);
ldapContextSource.setUserDn(bindDn);
ldapContextSource.setPassword(bindPassword);
ldapContextSource.setReferral("follow");
ldapContextSource.setCacheEnvironmentProperties(true);
ldapContextSource.setAnonymousReadOnly(false);
ldapContextSource.setPooled(true);
ldapContextSource.afterPropertiesSet();
String searchFilter = "(sAMAccountName={0})";
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(adDomain, searchFilter, ldapContextSource);
userSearch.setSearchSubtree(true);
BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
bindAuthenticator.setUserSearch(userSearch);
bindAuthenticator.afterPropertiesSet();
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
final UserDetails principal = new User(userName, userPassword, grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
result = ldapAuthenticationProvider.authenticate(finalAuthentication);
}
} catch (BadCredentialsException bce) {
logFile.println("ERROR: LDAP Authentication Failed. Please verify values for ranger.admin.auth.sampleuser and " + "ranger.admin.auth.samplepassword\n");
} catch (Exception e) {
logFile.println("ERROR: LDAP Authentication Failed: " + e);
}
return result;
}
Also used :
BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator)
DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource)
User(org.springframework.security.core.userdetails.User)
LdapContextSource(org.springframework.ldap.core.support.LdapContextSource)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
Authentication(org.springframework.security.core.Authentication)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)
Example 18 with LdapAuthenticationProvider
use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project gravitee-management-rest-api by gravitee-io.
the class LdapAuthenticationProviderConfigurer method build.
private LdapAuthenticationProvider build() throws Exception {
BaseLdapPathContextSource contextSource = getContextSource();
LdapAuthenticator ldapAuthenticator = createLdapAuthenticator(contextSource);
LdapAuthoritiesPopulator authoritiesPopulator = getLdapAuthoritiesPopulator();
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProviderProxy(ldapAuthenticator, authoritiesPopulator);
SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
simpleAuthorityMapper.setPrefix(rolePrefix);
simpleAuthorityMapper.afterPropertiesSet();
ldapAuthenticationProvider.setAuthoritiesMapper(simpleAuthorityMapper);
if (userDetailsContextMapper != null) {
ldapAuthenticationProvider.setUserDetailsContextMapper(userDetailsContextMapper);
}
return ldapAuthenticationProvider;
}
Also used :
BaseLdapPathContextSource(org.springframework.ldap.core.support.BaseLdapPathContextSource)
SimpleAuthorityMapper(org.springframework.security.core.authority.mapping.SimpleAuthorityMapper)
LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)
Example 19 with LdapAuthenticationProvider
use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project gravitee-management-rest-api by gravitee-io.
the class LdapAuthenticationProviderConfigurer method configure.
@Override
public void configure(B builder) throws Exception {
LdapAuthenticationProvider provider = postProcess(build());
builder.authenticationProvider(provider);
}
Also used :
LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)
Example 20 with LdapAuthenticationProvider
use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project nifi by apache.
the class LdapProvider method onConfigured.
@Override
public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException {
final String rawExpiration = configurationContext.getProperty("Authentication Expiration");
if (StringUtils.isBlank(rawExpiration)) {
throw new ProviderCreationException("The Authentication Expiration must be specified.");
}
try {
expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration));
}
final LdapContextSource context = new LdapContextSource();
final Map<String, Object> baseEnvironment = new HashMap<>();
// connect/read time out
setTimeout(configurationContext, baseEnvironment, "Connect Timeout", "com.sun.jndi.ldap.connect.timeout");
setTimeout(configurationContext, baseEnvironment, "Read Timeout", "com.sun.jndi.ldap.read.timeout");
// authentication strategy
final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy");
final LdapAuthenticationStrategy authenticationStrategy;
try {
authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", ")));
}
switch(authenticationStrategy) {
case ANONYMOUS:
context.setAnonymousReadOnly(true);
break;
default:
final String userDn = configurationContext.getProperty("Manager DN");
final String password = configurationContext.getProperty("Manager Password");
context.setUserDn(userDn);
context.setPassword(password);
switch(authenticationStrategy) {
case SIMPLE:
context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
break;
case LDAPS:
context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
// indicate a secure connection
baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
// get the configured ssl context
final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext);
if (ldapsSslContext != null) {
// initialize the ldaps socket factory prior to use
LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory());
baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName());
}
break;
case START_TLS:
final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
// shutdown gracefully
final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully");
if (StringUtils.isNotBlank(rawShutdownGracefully)) {
final boolean shutdownGracefully = Boolean.TRUE.toString().equalsIgnoreCase(rawShutdownGracefully);
tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully);
}
// get the configured ssl context
final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext);
if (startTlsSslContext != null) {
tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory());
}
// set the authentication strategy
context.setAuthenticationStrategy(tlsAuthenticationStrategy);
break;
}
break;
}
// referrals
final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy");
final ReferralStrategy referralStrategy;
try {
referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", ")));
}
// using the value as this needs to be the lowercase version while the value is configured with the enum constant
context.setReferral(referralStrategy.getValue());
// url
final String urls = configurationContext.getProperty("Url");
if (StringUtils.isBlank(urls)) {
throw new ProviderCreationException("LDAP identity provider 'Url' must be specified.");
}
// connection
context.setUrls(StringUtils.split(urls));
// search criteria
final String userSearchBase = configurationContext.getProperty("User Search Base");
final String userSearchFilter = configurationContext.getProperty("User Search Filter");
if (StringUtils.isBlank(userSearchBase) || StringUtils.isBlank(userSearchFilter)) {
throw new ProviderCreationException("LDAP identity provider 'User Search Base' and 'User Search Filter' must be specified.");
}
final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
// bind
final BindAuthenticator authenticator = new BindAuthenticator(context);
authenticator.setUserSearch(userSearch);
// identity strategy
final String rawIdentityStrategy = configurationContext.getProperty("Identity Strategy");
if (StringUtils.isBlank(rawIdentityStrategy)) {
logger.info(String.format("Identity Strategy is not configured, defaulting strategy to %s.", IdentityStrategy.USE_DN));
// if this value is not configured, default to use dn which was the previous implementation
identityStrategy = IdentityStrategy.USE_DN;
} else {
try {
// attempt to get the configured identity strategy
identityStrategy = IdentityStrategy.valueOf(rawIdentityStrategy);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("Unrecognized identity strategy '%s'. Possible values are [%s]", rawIdentityStrategy, StringUtils.join(IdentityStrategy.values(), ", ")));
}
}
// set the base environment is necessary
if (!baseEnvironment.isEmpty()) {
context.setBaseEnvironmentProperties(baseEnvironment);
}
try {
// handling initializing beans
context.afterPropertiesSet();
authenticator.afterPropertiesSet();
} catch (final Exception e) {
throw new ProviderCreationException(e.getMessage(), e);
}
// create the underlying provider
provider = new LdapAuthenticationProvider(authenticator);
}
Also used :
BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator)
LdapContextSource(org.springframework.ldap.core.support.LdapContextSource)
HashMap(java.util.HashMap)
SimpleDirContextAuthenticationStrategy(org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy)
AbstractTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy)
SSLContext(javax.net.ssl.SSLContext)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationException(org.springframework.ldap.AuthenticationException)
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
KeyStoreException(java.security.KeyStoreException)
IdentityAccessException(org.apache.nifi.authentication.exception.IdentityAccessException)
ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
ProviderDestructionException(org.apache.nifi.authentication.exception.ProviderDestructionException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
InvalidLoginCredentialsException(org.apache.nifi.authentication.exception.InvalidLoginCredentialsException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
LdapUserSearch(org.springframework.security.ldap.search.LdapUserSearch)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)
AbstractLdapAuthenticationProvider(org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider)
LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)
Aggregations
LdapAuthenticationProvider (org.springframework.security.ldap.authentication.LdapAuthenticationProvider)35
Authentication (org.springframework.security.core.Authentication)17
LdapContextSource (org.springframework.ldap.core.support.LdapContextSource)14
BindAuthenticator (org.springframework.security.ldap.authentication.BindAuthenticator)14
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)13
UserDetails (org.springframework.security.core.userdetails.UserDetails)12
GrantedAuthority (org.springframework.security.core.GrantedAuthority)11
FilterBasedLdapUserSearch (org.springframework.security.ldap.search.FilterBasedLdapUserSearch)11
DefaultSpringSecurityContextSource (org.springframework.security.ldap.DefaultSpringSecurityContextSource)10
AuthenticationException (org.springframework.security.core.AuthenticationException)8
DefaultLdapAuthoritiesPopulator (org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator)8
Test (org.junit.jupiter.api.Test)7
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)7
ArrayList (java.util.ArrayList)6
User (org.apache.atlas.web.model.User)6
DefaultTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)5
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)5
User (org.springframework.security.core.userdetails.User)5
ActiveDirectoryLdapAuthenticationProvider (org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider)5
AlertConfigurationException (com.synopsys.integration.alert.api.common.model.exception.AlertConfigurationException)3
