List of usage examples for javax.naming.ldap LdapName LdapName
public LdapName(List<Rdn> rdns)
From source file:org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.java
public boolean doCheckExistingUser(String userName) throws UserStoreException { if (log.isDebugEnabled()) { log.debug("Searching for user " + userName); }//from w w w . ja v a2 s. com boolean bFound = false; String userSearchFilter = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_SEARCH_FILTER); userSearchFilter = userSearchFilter.replace("?", escapeSpecialCharactersForFilter(userName)); try { String searchBase = null; String userDN = null; LdapName ldn = (LdapName) userCache.get(userName); if (ldn == null) { String userDNPattern = realmConfig.getUserStoreProperty(LDAPConstants.USER_DN_PATTERN); if (userDNPattern != null && userDNPattern.trim().length() > 0) { String[] patterns = userDNPattern.split("#"); for (String pattern : patterns) { searchBase = MessageFormat.format(pattern, escapeSpecialCharactersForDN(userName)); userDN = getNameInSpaceForUserName(userName, searchBase, userSearchFilter); if (userDN != null && userDN.length() > 0) { bFound = true; LdapName ldapName = new LdapName(userDN); userCache.put(userName, ldapName); break; } } } } else { userDN = ldn.toString(); searchBase = MessageFormat.format(userDN, escapeSpecialCharactersForDN(userName)); userDN = getNameInSpaceForUserName(userName, searchBase, userSearchFilter); if (userDN != null && userDN.length() > 0) { bFound = true; } else { userCache.remove(userName); } } if (!bFound) { searchBase = realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE); userDN = getNameInSpaceForUserName(userName, searchBase, userSearchFilter); if (userDN != null && userDN.length() > 0) { bFound = true; } } } catch (Exception e) { String errorMessage = "Error occurred while checking existence of user : " + userName; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } if (log.isDebugEnabled()) { log.debug("User: " + userName + " exist: " + bFound); } return bFound; }
From source file:org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.java
/** * {@inheritDoc}//w w w. ja v a 2s . com */ protected String[] getLDAPRoleListOfUser(String userName, String filter, String searchBase, boolean shared) throws UserStoreException { boolean debug = log.isDebugEnabled(); List<String> list = new ArrayList<String>(); /* * do not search REGISTRY_ANONNYMOUS_USERNAME or * REGISTRY_SYSTEM_USERNAME in LDAP because it * causes warn logs printed from embedded-ldap. */ if (readGroupsEnabled && (!UserCoreUtil.isRegistryAnnonymousUser(userName)) && (!UserCoreUtil.isRegistrySystemUser(userName))) { SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); String memberOfProperty = realmConfig.getUserStoreProperty(LDAPConstants.MEMBEROF_ATTRIBUTE); if (memberOfProperty != null && memberOfProperty.length() > 0) { // TODO Handle active directory shared roles logics here String userNameProperty = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE); String userSearchFilter = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_SEARCH_FILTER); String searchFilter = userSearchFilter.replace("?", escapeSpecialCharactersForFilter(userName)); String binaryAttribute = realmConfig.getUserStoreProperty(LDAPConstants.LDAP_ATTRIBUTES_BINARY); String primaryGroupId = realmConfig.getUserStoreProperty(LDAPConstants.PRIMARY_GROUP_ID); String returnedAtts[] = { memberOfProperty }; if (binaryAttribute != null && primaryGroupId != null) { returnedAtts = new String[] { memberOfProperty, binaryAttribute, primaryGroupId }; } searchCtls.setReturningAttributes(returnedAtts); if (debug) { log.debug("Reading roles with the memberOfProperty Property: " + memberOfProperty); } if (binaryAttribute != null && primaryGroupId != null) { list = this.getAttributeListOfOneElementWithPrimarGroup(searchBase, searchFilter, searchCtls, binaryAttribute, primaryGroupId, userNameProperty, memberOfProperty); } else { // use cache LdapName ldn = (LdapName) userCache.get(userName); if (ldn != null) { searchBase = ldn.toString(); } else { // create DN directly but there is no way when multiple DNs are used. Need to improve letter String userDNPattern = realmConfig.getUserStoreProperty(LDAPConstants.USER_DN_PATTERN); if (userDNPattern != null & userDNPattern.trim().length() > 0 && !userDNPattern.contains("#")) { searchBase = MessageFormat.format(userDNPattern, escapeSpecialCharactersForDN(userName)); } } // get DNs of the groups to which this user belongs List<String> groupDNs = this.getListOfNames(searchBase, searchFilter, searchCtls, memberOfProperty, false); List<LdapName> groups = new ArrayList<>(); for (String groupDN : groupDNs) { try { groups.add(new LdapName(groupDN)); } catch (InvalidNameException e) { if (log.isDebugEnabled()) { log.debug("Naming error : ", e); } } } /* * to be compatible with AD as well, we need to do a search * over the groups and * find those groups' attribute value defined for group name * attribute and * return */ list = this.getGroupNameAttributeValuesOfGroups(groups); } } else { // Load normal roles with the user String searchFilter; String roleNameProperty; if (shared) { searchFilter = realmConfig.getUserStoreProperty(LDAPConstants.SHARED_GROUP_NAME_LIST_FILTER); roleNameProperty = realmConfig.getUserStoreProperty(LDAPConstants.SHARED_GROUP_NAME_ATTRIBUTE); } else { searchFilter = realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_LIST_FILTER); roleNameProperty = realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE); } String membershipProperty = realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE); String userDNPattern = realmConfig.getUserStoreProperty(LDAPConstants.USER_DN_PATTERN); String nameInSpace; if (userDNPattern != null && userDNPattern.trim().length() > 0 && !userDNPattern.contains("#")) { nameInSpace = MessageFormat.format(userDNPattern, escapeSpecialCharactersForDN(userName)); } else { nameInSpace = this.getNameInSpaceForUserName(userName); } // read the roles with this membership property if (membershipProperty == null || membershipProperty.length() < 1) { throw new UserStoreException("Please set member of attribute or membership attribute"); } String membershipValue; if (nameInSpace != null) { try { LdapName ldn = new LdapName(nameInSpace); if (MEMBER_UID .equals(realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE))) { // membership value of posixGroup is not DN of the user List rdns = ldn.getRdns(); membershipValue = ((Rdn) rdns.get(rdns.size() - 1)).getValue().toString(); } else { membershipValue = escapeLdapNameForFilter(ldn); } } catch (InvalidNameException e) { throw new UserStoreException("Invalid naming exception for: " + nameInSpace, e); } } else { return new String[0]; } searchFilter = "(&" + searchFilter + "(" + membershipProperty + "=" + membershipValue + "))"; String returnedAtts[] = { roleNameProperty }; searchCtls.setReturningAttributes(returnedAtts); if (debug) { log.debug("Reading roles with the membershipProperty Property: " + membershipProperty); } list = this.getListOfNames(searchBase, searchFilter, searchCtls, roleNameProperty, false); } } else if (UserCoreUtil.isRegistryAnnonymousUser(userName)) { // returning a REGISTRY_ANONNYMOUS_ROLE_NAME for // REGISTRY_ANONNYMOUS_USERNAME list.add(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME); } String[] result = list.toArray(new String[list.size()]); if (result != null) { for (String rolename : result) { log.debug("Found role: " + rolename); } } return result; }
From source file:org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.java
/** * @param userName// w w w .j a v a 2s . c om * @param searchBase * @param searchFilter * @return * @throws UserStoreException */ protected String getNameInSpaceForUserName(String userName, String searchBase, String searchFilter) throws UserStoreException { boolean debug = log.isDebugEnabled(); String userDN = null; DirContext dirContext = this.connectionSource.getContext(); NamingEnumeration<SearchResult> answer = null; try { SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); if (log.isDebugEnabled()) { try { log.debug("Searching for user with SearchFilter: " + searchFilter + " in SearchBase: " + dirContext.getNameInNamespace()); } catch (NamingException e) { log.debug("Error while getting DN of search base", e); } } SearchResult userObj = null; String[] searchBases = searchBase.split("#"); for (String base : searchBases) { answer = dirContext.search(escapeDNForSearch(base), searchFilter, searchCtls); if (answer.hasMore()) { userObj = (SearchResult) answer.next(); if (userObj != null) { //no need to decode since , if decoded the whole string, can't be encoded again //eg CN=Hello\,Ok=test\,test, OU=Industry userDN = userObj.getNameInNamespace(); break; } } } if (userDN != null) { LdapName ldn = new LdapName(userDN); userCache.put(userName, ldn); } if (debug) { log.debug("Name in space for " + userName + " is " + userDN); } } catch (Exception e) { log.debug(e.getMessage(), e); } finally { JNDIUtil.closeNamingEnumeration(answer); JNDIUtil.closeContext(dirContext); } return userDN; }
From source file:org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.java
@Override public boolean doCheckIsUserInRole(String userName, String roleName) throws UserStoreException { boolean debug = log.isDebugEnabled(); SearchControls searchCtls = new SearchControls(); searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); LDAPRoleContext context = (LDAPRoleContext) createRoleContext(roleName); // Get the effective search base String searchBases = this.getEffectiveSearchBase(context.isShared()); String memberOfProperty = realmConfig.getUserStoreProperty(LDAPConstants.MEMBEROF_ATTRIBUTE); if (memberOfProperty != null && memberOfProperty.length() > 0) { List<String> list; String userNameProperty = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE); String userSearchFilter = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_SEARCH_FILTER); String searchFilter = userSearchFilter.replace("?", escapeSpecialCharactersForFilter(userName)); String binaryAttribute = realmConfig.getUserStoreProperty(LDAPConstants.LDAP_ATTRIBUTES_BINARY); String primaryGroupId = realmConfig.getUserStoreProperty(LDAPConstants.PRIMARY_GROUP_ID); String returnedAtts[] = { memberOfProperty }; if (binaryAttribute != null && primaryGroupId != null) { returnedAtts = new String[] { memberOfProperty, binaryAttribute, primaryGroupId }; }//from w ww. j a va 2s .co m searchCtls.setReturningAttributes(returnedAtts); if (debug) { log.debug("Do check whether the user: " + userName + " is in role: " + roleName); log.debug("Search filter: " + searchFilter); for (String retAttrib : returnedAtts) { log.debug("Requesting attribute: " + retAttrib); } } if (binaryAttribute != null && primaryGroupId != null) { list = this.getAttributeListOfOneElementWithPrimarGroup(searchBases, searchFilter, searchCtls, binaryAttribute, primaryGroupId, userNameProperty, memberOfProperty); } else { // use cache LdapName ldn = (LdapName) userCache.get(userName); if (ldn != null) { searchBases = ldn.toString(); } else { // create DN directly but there is no way when multiple DNs are used. Need to improve letter String userDNPattern = realmConfig.getUserStoreProperty(LDAPConstants.USER_DN_PATTERN); if (userDNPattern != null && userDNPattern.trim().length() > 0 && !userDNPattern.contains("#")) { searchBases = MessageFormat.format(userDNPattern, escapeSpecialCharactersForDN(userName)); } } list = this.getAttributeListOfOneElement(searchBases, searchFilter, searchCtls); } if (debug) { if (list != null) { boolean isUserInRole = false; for (String item : list) { log.debug("Result: " + item); if (item.equalsIgnoreCase(roleName)) { isUserInRole = true; } } log.debug("Is user: " + userName + " in role: " + roleName + " ? " + isUserInRole); } else { log.debug("No results found !"); } } // adding roles list in to the cache if (list != null) { addAllRolesToUserRolesCache(userName, list); for (String role : list) { if (role.equalsIgnoreCase(roleName)) { return true; } } } } else { // read the roles with this membership property String searchFilter = realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_LIST_FILTER); String membershipProperty = realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE); if (membershipProperty == null || membershipProperty.length() < 1) { throw new UserStoreException("Please set member of attribute or membership attribute"); } String roleNameProperty = realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE); String userDNPattern = realmConfig.getUserStoreProperty(LDAPConstants.USER_DN_PATTERN); String nameInSpace; if (userDNPattern != null && userDNPattern.trim().length() > 0 && !userDNPattern.contains("#")) { nameInSpace = MessageFormat.format(userDNPattern, escapeSpecialCharactersForDN(userName)); } else { nameInSpace = this.getNameInSpaceForUserName(userName); } String membershipValue; if (nameInSpace != null) { try { LdapName ldn = new LdapName(nameInSpace); membershipValue = escapeLdapNameForFilter(ldn); } catch (InvalidNameException e) { throw new UserStoreException("Invalid naming exception for: " + nameInSpace, e); } } else { return false; } searchFilter = "(&" + searchFilter + "(" + membershipProperty + "=" + membershipValue + "))"; String returnedAtts[] = { roleNameProperty }; searchCtls.setReturningAttributes(returnedAtts); if (debug) { log.debug("Do check whether the user : " + userName + " is in role: " + roleName); log.debug("Search filter : " + searchFilter); for (String retAttrib : returnedAtts) { log.debug("Requesting attribute: " + retAttrib); } } DirContext dirContext = null; NamingEnumeration<SearchResult> answer = null; try { dirContext = connectionSource.getContext(); if (context.getRoleDNPatterns().size() > 0) { for (String pattern : context.getRoleDNPatterns()) { if (debug) { log.debug("Using pattern: " + pattern); } searchBases = MessageFormat.format(pattern.trim(), escapeSpecialCharactersForDN(roleName)); try { answer = dirContext.search(escapeDNForSearch(searchBases), searchFilter, searchCtls); } catch (NamingException e) { if (log.isDebugEnabled()) { log.debug(e); } //ignore } if (answer != null && answer.hasMoreElements()) { if (debug) { log.debug("User: " + userName + " in role: " + roleName); } return true; } if (debug) { log.debug("User: " + userName + " NOT in role: " + roleName); } } } else { if (debug) { log.debug("Do check whether the user: " + userName + " is in role: " + roleName); log.debug("Search filter: " + searchFilter); for (String retAttrib : returnedAtts) { log.debug("Requesting attribute: " + retAttrib); } } searchFilter = "(&" + searchFilter + "(" + membershipProperty + "=" + membershipValue + ") (" + roleNameProperty + "=" + escapeSpecialCharactersForFilter(roleName) + "))"; // handle multiple search bases String[] searchBaseArray = searchBases.split("#"); for (String searchBase : searchBaseArray) { answer = dirContext.search(escapeDNForSearch(searchBase), searchFilter, searchCtls); if (answer.hasMoreElements()) { if (debug) { log.debug("User: " + userName + " in role: " + roleName); } return true; } if (debug) { log.debug("User: " + userName + " NOT in role: " + roleName); } } } } catch (NamingException e) { if (log.isDebugEnabled()) { log.debug(e.getMessage(), e); } } finally { JNDIUtil.closeNamingEnumeration(answer); JNDIUtil.closeContext(dirContext); } } return false; }
From source file:org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.java
/** * @param groupDNs//from www .j a v a2 s . co m * @return * @throws UserStoreException */ private List<String> getGroupNameAttributeValuesOfGroups(List<LdapName> groupDNs) throws UserStoreException { log.debug("GetGroupNameAttributeValuesOfGroups with DN"); boolean debug = log.isDebugEnabled(); // get the DNs of the groups to which user belongs to, as per the search // parameters String groupNameAttribute = realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE); String[] returnedAttributes = { groupNameAttribute }; List<String> groupNameAttributeValues = new ArrayList<String>(); DirContext dirContext = null; try { dirContext = this.connectionSource.getContext(); for (LdapName group : groupDNs) { if (!isInSearchBase(group, new LdapName(groupSearchBase))) { // ignore those groups outside the group search base continue; } if (debug) { log.debug("Using DN: " + group); } Rdn rdn = group.getRdn(group.getRdns().size() - 1); // get the last element of the RDNs. if (rdn.getType().equalsIgnoreCase(groupNameAttribute)) { /* * Checking to see if the required information can be retrieved from the RDN * If so, we can add that value and continue without creating an LDAP context * Connection * */ groupNameAttributeValues.add(rdn.getValue().toString()); continue; } Attributes groupAttributes = dirContext.getAttributes(group, returnedAttributes); if (groupAttributes != null) { Attribute groupAttribute = groupAttributes.get(groupNameAttribute); if (groupAttribute != null) { String groupNameAttributeValue = (String) groupAttribute.get(); if (debug) { log.debug(groupNameAttribute + " : " + groupNameAttributeValue); } groupNameAttributeValues.add(groupNameAttributeValue); } } } } catch (UserStoreException e) { String errorMessage = "Error in getting group name attribute values of groups"; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } catch (NamingException e) { String errorMessage = "Error in getting group name attribute values of groups"; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } finally { JNDIUtil.closeContext(dirContext); } return groupNameAttributeValues; }