Example 6 with LdapUserSearch
use of org.springframework.security.ldap.search.LdapUserSearch in project nifi-registry by apache.
the class LdapIdentityProvider method onConfigured.
@Override
public final void onConfigured(final IdentityProviderConfigurationContext configurationContext) throws SecurityProviderCreationException {
final String rawExpiration = configurationContext.getProperty("Authentication Expiration");
if (StringUtils.isBlank(rawExpiration)) {
throw new SecurityProviderCreationException("The Authentication Expiration must be specified.");
}
try {
expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS);
} catch (final IllegalArgumentException iae) {
throw new SecurityProviderCreationException(String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration));
}
final LdapContextSource context = new LdapContextSource();
final Map<String, Object> baseEnvironment = new HashMap<>();
// connect/read time out
setTimeout(configurationContext, baseEnvironment, "Connect Timeout", "com.sun.jndi.ldap.connect.timeout");
setTimeout(configurationContext, baseEnvironment, "Read Timeout", "com.sun.jndi.ldap.read.timeout");
// authentication strategy
final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy");
final LdapAuthenticationStrategy authenticationStrategy;
try {
authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy);
} catch (final IllegalArgumentException iae) {
throw new SecurityProviderCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", ")));
}
switch(authenticationStrategy) {
case ANONYMOUS:
context.setAnonymousReadOnly(true);
break;
default:
final String userDn = configurationContext.getProperty("Manager DN");
final String password = configurationContext.getProperty("Manager Password");
context.setUserDn(userDn);
context.setPassword(password);
switch(authenticationStrategy) {
case SIMPLE:
context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
break;
case LDAPS:
context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
// indicate a secure connection
baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
// get the configured ssl context
final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext);
if (ldapsSslContext != null) {
// initialize the ldaps socket factory prior to use
LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory());
baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName());
}
break;
case START_TLS:
final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
// shutdown gracefully
final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully");
if (StringUtils.isNotBlank(rawShutdownGracefully)) {
final boolean shutdownGracefully = Boolean.TRUE.toString().equalsIgnoreCase(rawShutdownGracefully);
tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully);
}
// get the configured ssl context
final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext);
if (startTlsSslContext != null) {
tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory());
}
// set the authentication strategy
context.setAuthenticationStrategy(tlsAuthenticationStrategy);
break;
}
break;
}
// referrals
final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy");
final ReferralStrategy referralStrategy;
try {
referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy);
} catch (final IllegalArgumentException iae) {
throw new SecurityProviderCreationException(String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", ")));
}
// using the value as this needs to be the lowercase version while the value is configured with the enum constant
context.setReferral(referralStrategy.getValue());
// url
final String urls = configurationContext.getProperty("Url");
if (StringUtils.isBlank(urls)) {
throw new SecurityProviderCreationException("LDAP identity provider 'Url' must be specified.");
}
// connection
context.setUrls(StringUtils.split(urls));
// search criteria
final String userSearchBase = configurationContext.getProperty("User Search Base");
final String userSearchFilter = configurationContext.getProperty("User Search Filter");
if (StringUtils.isBlank(userSearchBase) || StringUtils.isBlank(userSearchFilter)) {
throw new SecurityProviderCreationException("LDAP identity provider 'User Search Base' and 'User Search Filter' must be specified.");
}
final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
// bind
final BindAuthenticator authenticator = new BindAuthenticator(context);
authenticator.setUserSearch(userSearch);
// identity strategy
final String rawIdentityStrategy = configurationContext.getProperty("Identity Strategy");
if (StringUtils.isBlank(rawIdentityStrategy)) {
logger.info(String.format("Identity Strategy is not configured, defaulting strategy to %s.", IdentityStrategy.USE_DN));
// if this value is not configured, default to use dn which was the previous implementation
identityStrategy = IdentityStrategy.USE_DN;
} else {
try {
// attempt to get the configured identity strategy
identityStrategy = IdentityStrategy.valueOf(rawIdentityStrategy);
} catch (final IllegalArgumentException iae) {
throw new SecurityProviderCreationException(String.format("Unrecognized identity strategy '%s'. Possible values are [%s]", rawIdentityStrategy, StringUtils.join(IdentityStrategy.values(), ", ")));
}
}
// set the base environment is necessary
if (!baseEnvironment.isEmpty()) {
context.setBaseEnvironmentProperties(baseEnvironment);
}
try {
// handling initializing beans
context.afterPropertiesSet();
authenticator.afterPropertiesSet();
} catch (final Exception e) {
throw new SecurityProviderCreationException(e.getMessage(), e);
}
// create the underlying provider
ldapAuthenticationProvider = new LdapAuthenticationProvider(authenticator);
}
Also used :
BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator)
SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException)
LdapContextSource(org.springframework.ldap.core.support.LdapContextSource)
HashMap(java.util.HashMap)
SimpleDirContextAuthenticationStrategy(org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy)
AbstractTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy)
SSLContext(javax.net.ssl.SSLContext)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationException(org.springframework.ldap.AuthenticationException)
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
KeyStoreException(java.security.KeyStoreException)
IdentityAccessException(org.apache.nifi.registry.security.authentication.exception.IdentityAccessException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SecurityProviderDestructionException(org.apache.nifi.registry.security.exception.SecurityProviderDestructionException)
InvalidCredentialsException(org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException)
SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
LdapUserSearch(org.springframework.security.ldap.search.LdapUserSearch)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)
AbstractLdapAuthenticationProvider(org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider)
LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)
Example 7 with LdapUserSearch
use of org.springframework.security.ldap.search.LdapUserSearch in project spring-security by spring-projects.
the class LdapAuthenticationProviderConfigurer method createLdapAuthenticator.
/**
* Creates the {@link LdapAuthenticator} to use
* @param contextSource the {@link BaseLdapPathContextSource} to use
* @return the {@link LdapAuthenticator} to use
*/
private LdapAuthenticator createLdapAuthenticator(BaseLdapPathContextSource contextSource) {
AbstractLdapAuthenticator ldapAuthenticator = (this.passwordEncoder != null) ? createPasswordCompareAuthenticator(contextSource) : createBindAuthenticator(contextSource);
LdapUserSearch userSearch = createUserSearch();
if (userSearch != null) {
ldapAuthenticator.setUserSearch(userSearch);
}
if (this.userDnPatterns != null && this.userDnPatterns.length > 0) {
ldapAuthenticator.setUserDnPatterns(this.userDnPatterns);
}
return postProcess(ldapAuthenticator);
}
Also used :
AbstractLdapAuthenticator(org.springframework.security.ldap.authentication.AbstractLdapAuthenticator)
LdapUserSearch(org.springframework.security.ldap.search.LdapUserSearch)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
Example 8 with LdapUserSearch
use of org.springframework.security.ldap.search.LdapUserSearch in project nifi by apache.
the class LdapProvider method onConfigured.
@Override
public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException {
final String rawExpiration = configurationContext.getProperty("Authentication Expiration");
if (StringUtils.isBlank(rawExpiration)) {
throw new ProviderCreationException("The Authentication Expiration must be specified.");
}
try {
expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration));
}
final LdapContextSource context = new LdapContextSource();
final Map<String, Object> baseEnvironment = new HashMap<>();
// connect/read time out
setTimeout(configurationContext, baseEnvironment, "Connect Timeout", "com.sun.jndi.ldap.connect.timeout");
setTimeout(configurationContext, baseEnvironment, "Read Timeout", "com.sun.jndi.ldap.read.timeout");
// authentication strategy
final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy");
final LdapAuthenticationStrategy authenticationStrategy;
try {
authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", ")));
}
switch(authenticationStrategy) {
case ANONYMOUS:
context.setAnonymousReadOnly(true);
break;
default:
final String userDn = configurationContext.getProperty("Manager DN");
final String password = configurationContext.getProperty("Manager Password");
context.setUserDn(userDn);
context.setPassword(password);
switch(authenticationStrategy) {
case SIMPLE:
context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
break;
case LDAPS:
context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
// indicate a secure connection
baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
// get the configured ssl context
final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext);
if (ldapsSslContext != null) {
// initialize the ldaps socket factory prior to use
LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory());
baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName());
}
break;
case START_TLS:
final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
// shutdown gracefully
final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully");
if (StringUtils.isNotBlank(rawShutdownGracefully)) {
final boolean shutdownGracefully = Boolean.TRUE.toString().equalsIgnoreCase(rawShutdownGracefully);
tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully);
}
// get the configured ssl context
final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext);
if (startTlsSslContext != null) {
tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory());
}
// set the authentication strategy
context.setAuthenticationStrategy(tlsAuthenticationStrategy);
break;
}
break;
}
// referrals
final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy");
final ReferralStrategy referralStrategy;
try {
referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", ")));
}
// using the value as this needs to be the lowercase version while the value is configured with the enum constant
context.setReferral(referralStrategy.getValue());
// url
final String urls = configurationContext.getProperty("Url");
if (StringUtils.isBlank(urls)) {
throw new ProviderCreationException("LDAP identity provider 'Url' must be specified.");
}
// connection
context.setUrls(StringUtils.split(urls));
// search criteria
final String userSearchBase = configurationContext.getProperty("User Search Base");
final String userSearchFilter = configurationContext.getProperty("User Search Filter");
if (StringUtils.isBlank(userSearchBase) || StringUtils.isBlank(userSearchFilter)) {
throw new ProviderCreationException("LDAP identity provider 'User Search Base' and 'User Search Filter' must be specified.");
}
final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
// bind
final BindAuthenticator authenticator = new BindAuthenticator(context);
authenticator.setUserSearch(userSearch);
// identity strategy
final String rawIdentityStrategy = configurationContext.getProperty("Identity Strategy");
if (StringUtils.isBlank(rawIdentityStrategy)) {
logger.info(String.format("Identity Strategy is not configured, defaulting strategy to %s.", IdentityStrategy.USE_DN));
// if this value is not configured, default to use dn which was the previous implementation
identityStrategy = IdentityStrategy.USE_DN;
} else {
try {
// attempt to get the configured identity strategy
identityStrategy = IdentityStrategy.valueOf(rawIdentityStrategy);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("Unrecognized identity strategy '%s'. Possible values are [%s]", rawIdentityStrategy, StringUtils.join(IdentityStrategy.values(), ", ")));
}
}
// set the base environment is necessary
if (!baseEnvironment.isEmpty()) {
context.setBaseEnvironmentProperties(baseEnvironment);
}
try {
// handling initializing beans
context.afterPropertiesSet();
authenticator.afterPropertiesSet();
} catch (final Exception e) {
throw new ProviderCreationException(e.getMessage(), e);
}
// create the underlying provider
provider = new LdapAuthenticationProvider(authenticator);
}
Also used :
BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator)
LdapContextSource(org.springframework.ldap.core.support.LdapContextSource)
HashMap(java.util.HashMap)
SimpleDirContextAuthenticationStrategy(org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy)
AbstractTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy)
SSLContext(javax.net.ssl.SSLContext)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationException(org.springframework.ldap.AuthenticationException)
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
KeyStoreException(java.security.KeyStoreException)
IdentityAccessException(org.apache.nifi.authentication.exception.IdentityAccessException)
ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
ProviderDestructionException(org.apache.nifi.authentication.exception.ProviderDestructionException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
InvalidLoginCredentialsException(org.apache.nifi.authentication.exception.InvalidLoginCredentialsException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
LdapUserSearch(org.springframework.security.ldap.search.LdapUserSearch)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)
AbstractLdapAuthenticationProvider(org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider)
LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)
Example 9 with LdapUserSearch
use of org.springframework.security.ldap.search.LdapUserSearch in project hub-alert by blackducksoftware.
the class LdapManager method createLdapUserSearch.
private LdapUserSearch createLdapUserSearch(FieldUtility configurationModel, LdapContextSource contextSource) {
LdapUserSearch userSearch = null;
String userSearchFilter = configurationModel.getStringOrEmpty(AuthenticationDescriptor.KEY_LDAP_USER_SEARCH_FILTER);
String userSearchBase = configurationModel.getStringOrEmpty(AuthenticationDescriptor.KEY_LDAP_USER_SEARCH_BASE);
if (StringUtils.isNotBlank(userSearchFilter)) {
userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, contextSource);
}
return userSearch;
}
Also used :
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch)
LdapUserSearch(org.springframework.security.ldap.search.LdapUserSearch)
Aggregations
FilterBasedLdapUserSearch (org.springframework.security.ldap.search.FilterBasedLdapUserSearch)9
LdapUserSearch (org.springframework.security.ldap.search.LdapUserSearch)9
ArrayList (java.util.ArrayList)4
List (java.util.List)4
Test (org.junit.Test)4
DefaultLdapUserRoleListService (org.pentaho.platform.plugin.services.security.userrole.ldap.DefaultLdapUserRoleListService)4
SearchResultToAttrValueList (org.pentaho.platform.plugin.services.security.userrole.ldap.transform.SearchResultToAttrValueList)4
LdapUserDetailsService (org.springframework.security.ldap.userdetails.LdapUserDetailsService)4
IOException (java.io.IOException)2
KeyManagementException (java.security.KeyManagementException)2
KeyStoreException (java.security.KeyStoreException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
CertificateException (java.security.cert.CertificateException)2
HashMap (java.util.HashMap)2
SSLContext (javax.net.ssl.SSLContext)2
NoOpLdapAuthoritiesPopulator (org.pentaho.platform.plugin.services.security.userrole.ldap.NoOpLdapAuthoritiesPopulator)2
RolePreprocessingMapper (org.pentaho.platform.plugin.services.security.userrole.ldap.RolePreprocessingMapper)2
AuthenticationException (org.springframework.ldap.AuthenticationException)2
AbstractTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy)2
