List of usage examples for org.apache.shiro.realm.ldap LdapContextFactory getSystemLdapContext
LdapContext getSystemLdapContext() throws NamingException;
From source file:org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.java
License:Apache License
private Set<String> getRoles(PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try {//from w ww . j a va2 s . co m systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(principals, username, systemLdapCtx, ldapContextFactory); } catch (AuthenticationException e) { LOG.failedToGetSystemLdapConnection(e); return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
From source file:org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.java
License:Apache License
boolean isUserMemberOfDynamicGroup(LdapName userLdapDn, String memberUrl, final LdapContextFactory ldapContextFactory) throws NamingException { // ldap://host:port/dn?attributes?scope?filter?extensions boolean member = false; if (memberUrl == null) { return false; }/*from w w w. j a v a 2 s .c om*/ String[] tokens = memberUrl.split("\\?"); if (tokens.length < 4) { return false; } String searchBaseString = tokens[0].substring(tokens[0].lastIndexOf("/") + 1); String searchScope = tokens[2]; String searchFilter = tokens[3]; LdapName searchBaseDn = new LdapName(searchBaseString); // do scope test if (searchScope.equalsIgnoreCase("base")) { return false; } if (!userLdapDn.toString().endsWith(searchBaseDn.toString())) { return false; } if (searchScope.equalsIgnoreCase("one") && (userLdapDn.size() != searchBaseDn.size() - 1)) { return false; } // search for the filter, substituting base with userDn // search for base_dn=userDn, scope=base, filter=filter LdapContext systemLdapCtx = null; systemLdapCtx = ldapContextFactory.getSystemLdapContext(); NamingEnumeration<SearchResult> searchResultEnum = null; try { searchResultEnum = systemLdapCtx.search(userLdapDn, searchFilter, searchScope.equalsIgnoreCase("sub") ? SUBTREE_SCOPE : ONELEVEL_SCOPE); if (searchResultEnum.hasMore()) { return true; } } finally { try { if (searchResultEnum != null) { searchResultEnum.close(); } } finally { LdapUtils.closeContext(systemLdapCtx); } } return member; }
From source file:org.apache.isis.security.shiro.IsisLdapRealm.java
License:Apache License
private Set<String> getRoles(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try {//from w w w . j a v a 2 s.c om systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(username, systemLdapCtx); } catch (AuthenticationException ex) { // principal was not authenticated on LDAP return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
From source file:org.apache.zeppelin.realm.ActiveDirectoryGroupRealm.java
License:Apache License
/** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active * directory LDAP context for the groups that a user is a member of. The groups are then * translated to role names by using the configured {@link #groupRolesMap}. * <p/>//w ww . j a v a2s.c o m * This implementation expects the <tt>principal</tt> argument to be a String username. * <p/> * Subclasses can override this method to determine authorization data (roles, permissions, etc) * in a more complex way. Note that this default implementation does not support permissions, * only roles. * * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); } finally { LdapUtils.closeContext(ldapContext); } return buildAuthorizationInfo(roleNames); }
From source file:org.apache.zeppelin.realm.LdapGroupRealm.java
License:Apache License
public AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames = getRoleNamesForUser(username, ldapContext, getUserDnTemplate()); return new SimpleAuthorizationInfo(roleNames); }
From source file:org.apache.zeppelin.realm.LdapRealm.java
License:Apache License
private Set<String> getRoles(PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try {/*from w ww .j av a2s . co m*/ systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return rolesFor(principals, username, systemLdapCtx, ldapContextFactory, SecurityUtils.getSubject().getSession()); } catch (AuthenticationException ae) { ae.printStackTrace(); return Collections.emptySet(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
From source file:org.apache.zeppelin.realm.LdapRealm.java
License:Apache License
boolean isUserMemberOfDynamicGroup(LdapName userLdapDn, String memberUrl, final LdapContextFactory ldapContextFactory) throws NamingException { // ldap://host:port/dn?attributes?scope?filter?extensions if (memberUrl == null) { return false; }/* www. ja va 2 s.co m*/ String[] tokens = memberUrl.split("\\?"); if (tokens.length < 4) { return false; } String searchBaseString = tokens[0].substring(tokens[0].lastIndexOf("/") + 1); String searchScope = tokens[2]; String searchFilter = tokens[3]; LdapName searchBaseDn = new LdapName(searchBaseString); // do scope test if (searchScope.equalsIgnoreCase("base")) { log.debug("DynamicGroup SearchScope base"); return false; } if (!userLdapDn.toString().endsWith(searchBaseDn.toString())) { return false; } if (searchScope.equalsIgnoreCase("one") && (userLdapDn.size() != searchBaseDn.size() - 1)) { log.debug("DynamicGroup SearchScope one"); return false; } // search for the filter, substituting base with userDn // search for base_dn=userDn, scope=base, filter=filter LdapContext systemLdapCtx = null; systemLdapCtx = ldapContextFactory.getSystemLdapContext(); boolean member = false; NamingEnumeration<SearchResult> searchResultEnum = null; try { searchResultEnum = systemLdapCtx.search(userLdapDn, searchFilter, searchScope.equalsIgnoreCase("sub") ? SUBTREE_SCOPE : ONELEVEL_SCOPE); if (searchResultEnum.hasMore()) { return true; } } finally { try { if (searchResultEnum != null) { searchResultEnum.close(); } } finally { LdapUtils.closeContext(systemLdapCtx); } } return member; }
From source file:org.apache.zeppelin.server.ActiveDirectoryGroupRealm.java
License:Apache License
/** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active * directory LDAP context for the groups that a user is a member of. The groups are then * translated to role names by using the configured {@link #groupRolesMap}. * <p/>//ww w . j a v a 2 s .c o m * This implementation expects the <tt>principal</tt> argument to be a String username. * <p/> * Subclasses can override this method to determine authorization data (roles, permissions, etc) * in a more complex way. Note that this default implementation does not support permissions, * only roles. * * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); } finally { LdapUtils.closeContext(ldapContext); } return buildAuthorizationInfo(roleNames); }
From source file:org.killbill.billing.util.security.shiro.realm.KillBillJndiLdapRealm.java
License:Apache License
private Set<String> findLDAPGroupsForUser(final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try {/*from ww w . j a v a 2 s.c o m*/ systemLdapCtx = ldapContextFactory.getSystemLdapContext(); return findLDAPGroupsForUser(username, systemLdapCtx); } catch (AuthenticationException ex) { log.info("LDAP authentication exception='{}'", ex.getLocalizedMessage()); return ImmutableSet.<String>of(); } finally { LdapUtils.closeContext(systemLdapCtx); } }
From source file:org.obiba.shiro.realm.LdapRealm.java
License:Open Source License
/** * Get groups from LDAP./*from w w w . java 2s .c o m*/ * * @param principals the principals of the Subject whose AuthenticationInfo should be queried from the LDAP server. * @param ldapContextFactory factory used to retrieve LDAP connections. * @return an {@link AuthorizationInfo} instance containing information retrieved from the LDAP server. * @throws NamingException if any LDAP errors occur during the search. */ @Override protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { Set<String> roleNames = new HashSet<String>(); String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration<?> answer = systemLdapCtx.search(searchBase, userGroupAttribute + "=" + username, constraints); while (answer.hasMore()) { queryResult(roleNames, (SearchResult) answer.next()); } } catch (AuthenticationException e) { // do nothing as the principal was not authenticated on LDAP } finally { LdapUtils.closeContext(systemLdapCtx); } logger.debug("Role for {}: {}", username, roleNames); return new SimpleAuthorizationInfo(roleNames); }