List of usage examples for org.apache.shiro.realm.ldap LdapContextFactory getSystemLdapContext
LdapContext getSystemLdapContext() throws NamingException;
From source file:org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm.java
License:Open Source License
@Override protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { AuthorizationInfo authorizationInfo = null; try {// w w w . jav a2 s . c o m final String username = getUsername(principals); final LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); final Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); authorizationInfo = buildAuthorizationInfo(roleNames); } finally { LdapUtils.closeContext(ldapContext); } } catch (ClassCastException e) { LOG.error("Unable to extract a valid user", e); } return authorizationInfo; }
From source file:org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmTest.java
License:Open Source License
@Test public void testQueryForAuthorizationInfoPrincipalCollectionLdapContextFactory() throws NamingException { LdapContext ldapContext = mock(LdapContext.class); // emulates an ldap search and returns the mocked up test class when(ldapContext.search((String) any(), (String) any(), (SearchControls) any())) .thenReturn(new TestNamingEnumeration()); LdapContextFactory ldapContextFactory = mock(LdapContextFactory.class); when(ldapContextFactory.getSystemLdapContext()).thenReturn(ldapContext); AuthorizationInfo authorizationInfo = new ODLJndiLdapRealm() .queryForAuthorizationInfo(new TestPrincipalCollection("testuser"), ldapContextFactory); assertNotNull(authorizationInfo);//from w w w .ja v a2s. co m assertFalse(authorizationInfo.getRoles().isEmpty()); assertTrue(authorizationInfo.getRoles().contains("engineering")); }
From source file:org.ow2.proactive.iam.core.realms.LdapRealm.java
License:Open Source License
/** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active directory LDAP context for the * groups that a user is a member of. The groups are then translated to role names by using the * configured {@link #groupRolesMap}.//from w w w . j a v a2 s. co m * <p/> * This implementation expects the <tt>principal</tt> argument to be a String username. * <p/> * Subclasses can override this method to determine authorization data (roles, permissions, etc) in a more * complex way. Note that this default implementation does not support permissions, only roles. * * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { String username = getAvailablePrincipal(principals).toString(); // Perform context search LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames; try { roleNames = getRoleNamesForUser(username, ldapContext); } finally { LdapUtils.closeContext(ldapContext); } return buildAuthorizationInfo(roleNames); }
From source file:org.sonatype.nexus.ldap.internal.connector.dao.DefaultLdapConnectionTester.java
License:Open Source License
@Override public void testConnection(LdapContextFactory ldapContextFactory) throws NamingException { // get the connection and close it, if this throws an exception, then the config is wrong. LdapContext ctx = null;//from www . j ava 2 s . c om try { ctx = ldapContextFactory.getSystemLdapContext(); ctx.getAttributes(""); } finally { if (ctx != null) { try { ctx.close(); } catch (NamingException e) { // ignore, it might not even be open } } } }
From source file:org.sonatype.nexus.ldap.internal.connector.dao.DefaultLdapConnectionTester.java
License:Open Source License
@Override public SortedSet<LdapUser> testUserAndGroupMapping(LdapContextFactory ldapContextFactory, LdapAuthConfiguration ldapAuthConfiguration, int numberOfResults) throws LdapDAOException, NamingException { LdapContext ctx = ldapContextFactory.getSystemLdapContext(); try {/*from w w w. jav a2 s . co m*/ SortedSet<LdapUser> users = this.ldapUserDao.getUsers(ctx, ldapAuthConfiguration, numberOfResults); if (ldapAuthConfiguration.isLdapGroupsAsRoles() && Strings2.isEmpty(ldapAuthConfiguration.getUserMemberOfAttribute())) { for (LdapUser ldapUser : users) { try { ldapUser.setMembership(this.ldapGroupDAO.getGroupMembership(ldapUser.getUsername(), ctx, ldapAuthConfiguration)); } catch (NoLdapUserRolesFoundException e) { // this is ok, the users has no roles, not a problem if (log.isDebugEnabled()) { this.log.debug("While testing for user mapping user: " + ldapUser.getUsername() + " had no roles."); } } } } return users; } finally { try { ctx.close(); } catch (NamingException e) { // ignore, it might not even be open } } }
From source file:org.sonatype.security.ldap.dao.DefaultLdapConnectionTester.java
License:Open Source License
@Override public SortedSet<LdapUser> testUserAndGroupMapping(LdapContextFactory ldapContextFactory, LdapAuthConfiguration ldapAuthConfiguration, int numberOfResults) throws LdapDAOException, NamingException { LdapContext ctx = ldapContextFactory.getSystemLdapContext(); try {// w ww.j av a2 s .c om SortedSet<LdapUser> users = this.ldapUserDao.getUsers(ctx, ldapAuthConfiguration, numberOfResults); if (ldapAuthConfiguration.isLdapGroupsAsRoles() && StringUtils.isEmpty(ldapAuthConfiguration.getUserMemberOfAttribute())) { for (LdapUser ldapUser : users) { try { ldapUser.setMembership(this.ldapGroupDAO.getGroupMembership(ldapUser.getUsername(), ctx, ldapAuthConfiguration)); } catch (NoLdapUserRolesFoundException e) { // this is ok, the users has no roles, not a problem if (log.isDebugEnabled()) { this.log.debug("While testing for user mapping user: " + ldapUser.getUsername() + " had no roles."); } } } } return users; } finally { try { ctx.close(); } catch (NamingException e) { // ignore, it might not even be open } } }
From source file:org.tolven.shiro.realm.ldap.TolvenJndiLdapRealm.java
License:Open Source License
@Override protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { LdapRealmContext ldapRealmContext = getLdapRealmContext(); String principal = (String) principals.getPrimaryPrincipal(); SearchControls ctls = new SearchControls(); ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); ctls.setReturningAttributes(new String[] { ldapRealmContext.getRoleDNPrefix() }); ctls.setTimeLimit(10000);/*from w ww . j av a 2 s.c o m*/ String shortPrincipalDN = getUserDnPrefix() + "=" + principal; String longPrincipalDN = shortPrincipalDN + "," + getUserDnSuffix(); Object[] filterArgs = { longPrincipalDN }; /* * TODO This can't be the right place to do this, because getSystemLdapContext() does not authenticate this context for a search. * The problem is that the ldapContextFactory, instead of the ldapContext is passed to this method, where the former ensures authentication upstream * using the password which is not supplied here. * However, this method is for authorization and not authentication, which might explain it. */ LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); NamingEnumeration<SearchResult> namingEnum = ldapContext.search(ldapRealmContext.getBaseRolesName(), "(uniqueMember={0})", filterArgs, ctls); String roleName = null; Set<String> roles = new HashSet<String>(); StringBuffer buff = new StringBuffer(); buff.append("["); while (namingEnum.hasMore()) { SearchResult rslt = namingEnum.next(); Attributes attrs = rslt.getAttributes(); Attribute rolesAttr = attrs.get(ldapRealmContext.getRoleDNPrefix()); for (int i = 0; i < rolesAttr.size(); i++) { roleName = (String) rolesAttr.get(i); roles.add(roleName); buff.append(roleName); if (i < rolesAttr.size() - 1) { buff.append(","); } } } buff.append("]"); if (logger.isDebugEnabled()) { logger.debug(longPrincipalDN + "has roles: " + buff.toString()); } return new SimpleAuthorizationInfo(roles); }