Examples with PasswordPolicyResponseControl - org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

Example 1 with PasswordPolicyResponseControl

use of org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl in project spring-security by spring-projects.

the class LdapUserDetailsMapper method mapUserFromContext.

// ~ Methods
// ========================================================================================================
@Override
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
    String dn = ctx.getNameInNamespace();
    this.logger.debug("Mapping user details from context with DN: " + dn);
    LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence();
    essence.setDn(dn);
    Object passwordValue = ctx.getObjectAttribute(this.passwordAttributeName);
    if (passwordValue != null) {
        essence.setPassword(mapPassword(passwordValue));
    }
    essence.setUsername(username);
    // Map the roles
    for (int i = 0; (this.roleAttributes != null) && (i < this.roleAttributes.length); i++) {
        String[] rolesForAttribute = ctx.getStringAttributes(this.roleAttributes[i]);
        if (rolesForAttribute == null) {
            this.logger.debug("Couldn't read role attribute '" + this.roleAttributes[i] + "' for user " + dn);
            continue;
        }
        for (String role : rolesForAttribute) {
            GrantedAuthority authority = createAuthority(role);
            if (authority != null) {
                essence.addAuthority(authority);
            }
        }
    }
    for (GrantedAuthority authority : authorities) {
        essence.addAuthority(authority);
    }
    // Check for PPolicy data
    PasswordPolicyResponseControl ppolicy = (PasswordPolicyResponseControl) ctx.getObjectAttribute(PasswordPolicyControl.OID);
    if (ppolicy != null) {
        essence.setTimeBeforeExpiration(ppolicy.getTimeBeforeExpiration());
        essence.setGraceLoginsRemaining(ppolicy.getGraceLoginsRemaining());
    }
    return essence.createUserDetails();
}

Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) PasswordPolicyResponseControl(org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl)

Example 2 with PasswordPolicyResponseControl

use of org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl in project libresonic by Libresonic.

the class LibresonicUserDetailsContextMapper method mapUserFromContext.

// ~ Methods
// ========================================================================================================
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
    String dn = ctx.getNameInNamespace();
    logger.debug("Mapping user details from context with DN: " + dn);
    // User must be defined in Libresonic, unless auto-shadowing is enabled.
    User user = securityService.getUserByName(username, false);
    if (user == null && !settingsService.isLdapAutoShadowing()) {
        throw new BadCredentialsException("User does not exist.");
    }
    if (user == null) {
        User newUser = new User(username, "", null, true, 0L, 0L, 0L);
        newUser.setStreamRole(true);
        newUser.setSettingsRole(true);
        securityService.createUser(newUser);
        logger.info("Created local user '" + username + "' for DN " + dn);
        user = securityService.getUserByName(username, false);
    }
    // LDAP authentication must be enabled for the given user.
    if (!user.isLdapAuthenticated()) {
        throw new BadCredentialsException("LDAP authentication disabled for user.");
    }
    LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence();
    essence.setDn(dn);
    Object passwordValue = ctx.getObjectAttribute(passwordAttributeName);
    if (passwordValue != null) {
        essence.setPassword(mapPassword(passwordValue));
    }
    essence.setUsername(user.getUsername());
    // Add the supplied authorities
    for (GrantedAuthority authority : securityService.getGrantedAuthorities(user.getUsername())) {
        essence.addAuthority(authority);
    }
    // Check for PPolicy data
    PasswordPolicyResponseControl ppolicy = (PasswordPolicyResponseControl) ctx.getObjectAttribute(PasswordPolicyControl.OID);
    if (ppolicy != null) {
        essence.setTimeBeforeExpiration(ppolicy.getTimeBeforeExpiration());
        essence.setGraceLoginsRemaining(ppolicy.getGraceLoginsRemaining());
    }
    return essence.createUserDetails();
}

Also used : User(org.libresonic.player.domain.User) LdapUserDetailsImpl(org.springframework.security.ldap.userdetails.LdapUserDetailsImpl) GrantedAuthority(org.springframework.security.core.GrantedAuthority) PasswordPolicyResponseControl(org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)

Aggregations

GrantedAuthority (org.springframework.security.core.GrantedAuthority)2 PasswordPolicyResponseControl (org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl)2 User (org.libresonic.player.domain.User)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1 LdapUserDetailsImpl (org.springframework.security.ldap.userdetails.LdapUserDetailsImpl)1