Example usage for javax.naming.ldap InitialLdapContext search

List of usage examples for javax.naming.ldap InitialLdapContext search

  1. HOME
  2. Java
  3. javax
  4. javax.naming.ldap.*
  5. InitialLdapContext
  6. search

Introduction

In this page you can find the example usage for javax.naming.ldap InitialLdapContext search.

Prototype

public NamingEnumeration<SearchResult> search(String name, String filterExpr, Object[] filterArgs,
            SearchControls cons) throws NamingException

Source Link

Usage

From source file:org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore.java

/**
 * Get user UID attribute for the given certificate.
 *
 * @param lookupValue value used for credentials lookup
 * @param certificate user certificate// w  ww  . j a v  a 2  s .c  om
 * @param cp credential provider
 * @return user UID
 * @throws NamingException LDAP error obtaining user UID.
 * @throws IOException 
 */
protected String loadUID(String lookupValue, X509Certificate certificate, CredentialProvider cp)
        throws NamingException, IOException {
    String uidValue = null;

    InitialLdapContext ctx = createLdapInitialContext(false);

    StartTlsResponse tls = null;
    if (getEnableStartTls()) {
        tls = startTls(ctx);
    }

    String schemeName = null;
    if (cp instanceof AuthenticationScheme) {
        schemeName = ((AuthenticationScheme) cp).getName();
    }

    String principalLookupAttrName = this.getPrincipalLookupAttributeID();
    if (principalLookupAttrName == null || principalLookupAttrName.trim().equals("")
            || !"strong-authentication".equals(schemeName)) {
        principalLookupAttrName = this.getPrincipalUidAttributeID();
    }

    String principalUidAttrName = this.getPrincipalUidAttributeID();
    String certificateAttrName = this.getUserCertificateAtrributeID();
    String usersCtxDN = this.getUsersCtxDN();

    try {
        // NamingEnumeration answer = ctx.search(usersCtxDN, matchAttrs, principalAttr);
        // This gives more control over search behavior :

        NamingEnumeration answer = ctx.search(usersCtxDN,
                "(&(" + principalLookupAttrName + "={0})(" + certificateAttrName + "={1}))",
                new Object[] { lookupValue, certificate.getEncoded() }, getSearchControls());

        while (answer.hasMore()) {
            SearchResult sr = (SearchResult) answer.next();
            Attributes attrs = sr.getAttributes();
            Attribute uidAttr = attrs.get(principalUidAttrName);

            if (uidAttr == null) {
                logger.warn("Invalid user uid attribute '" + principalUidAttrName + "'");
                continue;
            }

            uidValue = uidAttr.get().toString();

            if (uidValue != null) {
                if (logger.isDebugEnabled())
                    logger.debug("Found user " + principalUidAttrName + "=" + uidValue);
            } else {
                if (logger.isDebugEnabled())
                    logger.debug("User not found for certificate '"
                            + certificate.getSubjectX500Principal().getName() + "'");
            }
        }
    } catch (NamingException e) {
        if (logger.isDebugEnabled())
            logger.debug("Failed to locate user", e);
    } catch (CertificateEncodingException e) {
        if (logger.isDebugEnabled())
            logger.debug("Certificate encoding exception", e);
    } finally {
        // Close the context to release the connection
        if (tls != null) {
            tls.close();
        }
        ctx.close();
    }

    return uidValue;
}