Example 11 with FilterBasedLdapUserSearch
use of org.springframework.security.ldap.search.FilterBasedLdapUserSearch in project gocd by gocd.
the class LdapUserSearchTest method shouldNotProceedWithTheNextSearchBaseWhenUserIsFoundInOne.
@Test
public void shouldNotProceedWithTheNextSearchBaseWhenUserIsFoundInOne() {
final FilterBasedLdapUserSearch filter1 = mock(FilterBasedLdapUserSearch.class);
final FilterBasedLdapUserSearch filter2 = mock(FilterBasedLdapUserSearch.class);
LdapConfig ldapConfig = setLdapConfig(new BasesConfig(new BaseConfig("base1"), new BaseConfig("base2")));
doReturn(filter1).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().get(0).getValue(), ldapConfig.searchFilter());
doReturn(filter2).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().get(1).getValue(), ldapConfig.searchFilter());
DirContextOperations foundUser = mock(DirContextOperations.class);
when(filter1.searchForUser("username")).thenReturn(foundUser);
assertThat(spy.searchForUser("username"), is(foundUser));
verify(filter1).searchForUser("username");
verify(filter2, never()).searchForUser("username");
}
Also used :
LdapConfig(com.thoughtworks.go.config.LdapConfig)
DirContextOperations(org.springframework.ldap.core.DirContextOperations)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
BasesConfig(com.thoughtworks.go.config.server.security.ldap.BasesConfig)
BaseConfig(com.thoughtworks.go.config.server.security.ldap.BaseConfig)
Test(org.junit.Test)
Example 12 with FilterBasedLdapUserSearch
use of org.springframework.security.ldap.search.FilterBasedLdapUserSearch in project gocd by gocd.
the class LdapUserSearchTest method shouldThrowBadCredentialsExceptionWhenNoUserFound_WithOneSearchBase.
@Test
public void shouldThrowBadCredentialsExceptionWhenNoUserFound_WithOneSearchBase() {
final FilterBasedLdapUserSearch filterBasedLdapUserSearch = mock(FilterBasedLdapUserSearch.class);
LdapConfig ldapConfig = setLdapConfig(new BasesConfig(new BaseConfig("search_base,foo")));
doReturn(filterBasedLdapUserSearch).when(spy).getFilterBasedLdapUserSearch(ldapConfig.getBasesConfig().first().getValue(), ldapConfig.searchFilter());
when(filterBasedLdapUserSearch.searchForUser("username")).thenThrow(new UsernameNotFoundException("User username not found in directory."));
thrown.expect(BadCredentialsException.class);
thrown.expectMessage(is("Bad credentials"));
spy.searchForUser("username");
verify(filterBasedLdapUserSearch).searchForUser("username");
}
Also used :
LdapConfig(com.thoughtworks.go.config.LdapConfig)
UsernameNotFoundException(org.springframework.security.userdetails.UsernameNotFoundException)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
BasesConfig(com.thoughtworks.go.config.server.security.ldap.BasesConfig)
BaseConfig(com.thoughtworks.go.config.server.security.ldap.BaseConfig)
Test(org.junit.Test)
Example 13 with FilterBasedLdapUserSearch
use of org.springframework.security.ldap.search.FilterBasedLdapUserSearch in project spring-security by spring-projects.
the class BindAuthenticatorTests method testAuthenticationWithUserSearch.
@Test
public void testAuthenticationWithUserSearch() throws Exception {
// DirContextAdapter ctx = new DirContextAdapter(new
// DistinguishedName("uid=bob,ou=people"));
this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(uid={0})", getContextSource()));
this.authenticator.afterPropertiesSet();
DirContextOperations result = this.authenticator.authenticate(this.bob);
//ensure we are getting the same attributes back
assertThat(result.getStringAttribute("cn")).isEqualTo("Bob Hamilton");
// SEC-1444
this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(cn={0})", getContextSource()));
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("mouse, jerry", "jerryspassword"));
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("slash/guy", "slashguyspassword"));
// SEC-1661
this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", getContextSource()));
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("", "(cn={0})", getContextSource()));
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
}
Also used :
DirContextOperations(org.springframework.ldap.core.DirContextOperations)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 14 with FilterBasedLdapUserSearch
use of org.springframework.security.ldap.search.FilterBasedLdapUserSearch in project incubator-atlas by apache.
the class AtlasLdapAuthenticationProvider method getLdapBindAuthentication.
private Authentication getLdapBindAuthentication(Authentication authentication) {
try {
if (isDebugEnabled) {
LOG.debug("==> AtlasLdapAuthenticationProvider getLdapBindAuthentication");
}
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
userPassword = authentication.getCredentials().toString();
}
LdapContextSource ldapContextSource = getLdapContextSource();
DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = getDefaultLdapAuthoritiesPopulator(ldapContextSource);
if (ldapUserSearchFilter == null || ldapUserSearchFilter.trim().isEmpty()) {
ldapUserSearchFilter = "(uid={0})";
}
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(ldapBase, ldapUserSearchFilter, ldapContextSource);
userSearch.setSearchSubtree(true);
BindAuthenticator bindAuthenticator = getBindAuthenticator(userSearch, ldapContextSource);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
final UserDetails principal = new User(userName, userPassword, grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
if (groupsFromUGI) {
authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
}
return authentication;
} else {
LOG.error("LDAP Authentication::userName or userPassword is null or empty for userName " + userName);
}
} catch (Exception e) {
LOG.error(" getLdapBindAuthentication LDAP Authentication Failed:", e);
}
if (isDebugEnabled) {
LOG.debug("<== AtlasLdapAuthenticationProvider getLdapBindAuthentication");
}
return authentication;
}
Also used :
BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator)
User(org.apache.atlas.web.model.User)
LdapContextSource(org.springframework.ldap.core.support.LdapContextSource)
DefaultLdapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
AuthenticationException(org.springframework.security.core.AuthenticationException)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
Authentication(org.springframework.security.core.Authentication)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)
Aggregations
FilterBasedLdapUserSearch (org.springframework.security.ldap.search.FilterBasedLdapUserSearch)14
LdapConfig (com.thoughtworks.go.config.LdapConfig)11
BaseConfig (com.thoughtworks.go.config.server.security.ldap.BaseConfig)11
Test (org.junit.Test)11
BasesConfig (com.thoughtworks.go.config.server.security.ldap.BasesConfig)10
DirContextOperations (org.springframework.ldap.core.DirContextOperations)7
UsernameNotFoundException (org.springframework.security.userdetails.UsernameNotFoundException)7
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
User (org.apache.atlas.web.model.User)2
LdapContextSource (org.springframework.ldap.core.support.LdapContextSource)2
Authentication (org.springframework.security.core.Authentication)2
GrantedAuthority (org.springframework.security.core.GrantedAuthority)2
UserDetails (org.springframework.security.core.userdetails.UserDetails)2
BindAuthenticator (org.springframework.security.ldap.authentication.BindAuthenticator)2
LdapAuthenticationProvider (org.springframework.security.ldap.authentication.LdapAuthenticationProvider)2
SecurityConfig (com.thoughtworks.go.config.SecurityConfig)1
BadCredentialsException (org.springframework.security.BadCredentialsException)1
AuthenticationException (org.springframework.security.core.AuthenticationException)1
DefaultSpringSecurityContextSource (org.springframework.security.ldap.DefaultSpringSecurityContextSource)1
ActiveDirectoryLdapAuthenticationProvider (org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider)1
