List of usage examples for org.springframework.security.ldap.authentication BindAuthenticator setUserSearch
public void setUserSearch(LdapUserSearch userSearch)
From source file:de.interseroh.report.test.security.LdapServerTest.java
@Test public void testJndiSpring() throws Exception { DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource( "ldap://ldap.xxx:389/OU=xxx"); ctxSrc.setUserDn(USER_LDAP);// w ww .j a va 2 s . c o m ctxSrc.setPassword(PASSWORD_LDAP); ctxSrc.afterPropertiesSet(); logger.info("Base LDAP Path: " + ctxSrc.getBaseLdapPath()); logger.info("Principal: " + ctxSrc.getAuthenticationSource().getPrincipal().toString()); logger.info("Credentials: " + ctxSrc.getAuthenticationSource().getCredentials()); Authentication bob = new UsernamePasswordAuthenticationToken("bob", "bob"); BindAuthenticator authenticator = new BindAuthenticator(ctxSrc); authenticator.setUserSearch( new FilterBasedLdapUserSearch("", "(&(objectCategory=Person)(sAMAccountName={0}))", ctxSrc)); authenticator.afterPropertiesSet(); authenticator.authenticate(bob); DirContextOperations user = authenticator.authenticate(bob); logger.info("User: {}", user); }
From source file:com.evolveum.midpoint.web.boot.LdapSecurityConfig.java
@Bean public BindAuthenticator bindAuthenticator() { BindAuthenticator auth = new BindAuthenticator(contextSource()); if (StringUtils.isNotEmpty(ldapDnPattern)) { auth.setUserDnPatterns(new String[] { ldapDnPattern }); }//from w ww .j a va 2 s. c o m if (StringUtils.isNotEmpty(ldapSearchPattern)) { auth.setUserSearch(userSearch()); } return auth; }
From source file:org.apache.atlas.web.security.AtlasADAuthenticationProvider.java
private Authentication getADBindAuthentication(Authentication authentication) { try {/* w ww . j a v a2 s . c o m*/ String userName = authentication.getName(); String userPassword = ""; if (authentication.getCredentials() != null) { userPassword = authentication.getCredentials().toString(); } LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(adURL); ldapContextSource.setUserDn(adBindDN); ldapContextSource.setPassword(adBindPassword); ldapContextSource.setReferral(adReferral); ldapContextSource.setCacheEnvironmentProperties(true); ldapContextSource.setAnonymousReadOnly(false); ldapContextSource.setPooled(true); ldapContextSource.afterPropertiesSet(); if (adUserSearchFilter == null || adUserSearchFilter.trim().isEmpty()) { adUserSearchFilter = "(sAMAccountName={0})"; } FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(adBase, adUserSearchFilter, ldapContextSource); userSearch.setSearchSubtree(true); BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource); bindAuthenticator.setUserSearch(userSearch); bindAuthenticator.afterPropertiesSet(); LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider( bindAuthenticator); if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) { final List<GrantedAuthority> grantedAuths = getAuthorities(userName); final UserDetails principal = new User(userName, userPassword, grantedAuths); final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths); authentication = ldapAuthenticationProvider.authenticate(finalAuthentication); if (groupsFromUGI) { authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication); } return authentication; } else { LOG.error("AD Authentication Failed userName or userPassword is null or empty"); return null; } } catch (Exception e) { LOG.error("AD Authentication Failed:", e); return null; } }
From source file:org.apache.atlas.web.security.AtlasLdapAuthenticationProvider.java
private BindAuthenticator getBindAuthenticator(FilterBasedLdapUserSearch userSearch, LdapContextSource ldapContextSource) throws Exception { BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource); bindAuthenticator.setUserSearch(userSearch); String[] userDnPatterns = new String[] { ldapUserDNPattern }; bindAuthenticator.setUserDnPatterns(userDnPatterns); bindAuthenticator.afterPropertiesSet(); return bindAuthenticator; }
From source file:org.apache.nifi.ldap.LdapProvider.java
@Override public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException { final String rawExpiration = configurationContext.getProperty("Authentication Expiration"); if (StringUtils.isBlank(rawExpiration)) { throw new ProviderCreationException("The Authentication Expiration must be specified."); }/*from w w w .j a v a 2 s . c o m*/ try { expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException( String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration)); } final LdapContextSource context = new LdapContextSource(); final Map<String, Object> baseEnvironment = new HashMap<>(); // connect/read time out setTimeout(configurationContext, baseEnvironment, "Connect Timeout", "com.sun.jndi.ldap.connect.timeout"); setTimeout(configurationContext, baseEnvironment, "Read Timeout", "com.sun.jndi.ldap.read.timeout"); // authentication strategy final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy"); final LdapAuthenticationStrategy authenticationStrategy; try { authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException(String.format( "Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", "))); } switch (authenticationStrategy) { case ANONYMOUS: context.setAnonymousReadOnly(true); break; default: final String userDn = configurationContext.getProperty("Manager DN"); final String password = configurationContext.getProperty("Manager Password"); context.setUserDn(userDn); context.setPassword(password); switch (authenticationStrategy) { case SIMPLE: context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy()); break; case LDAPS: context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy()); // indicate a secure connection baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl"); // get the configured ssl context final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext); if (ldapsSslContext != null) { // initialize the ldaps socket factory prior to use LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory()); baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName()); } break; case START_TLS: final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy(); // shutdown gracefully final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully"); if (StringUtils.isNotBlank(rawShutdownGracefully)) { final boolean shutdownGracefully = Boolean.TRUE.toString() .equalsIgnoreCase(rawShutdownGracefully); tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully); } // get the configured ssl context final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext); if (startTlsSslContext != null) { tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory()); } // set the authentication strategy context.setAuthenticationStrategy(tlsAuthenticationStrategy); break; } break; } // referrals final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy"); final ReferralStrategy referralStrategy; try { referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException( String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", "))); } // using the value as this needs to be the lowercase version while the value is configured with the enum constant context.setReferral(referralStrategy.getValue()); // url final String urls = configurationContext.getProperty("Url"); if (StringUtils.isBlank(urls)) { throw new ProviderCreationException("LDAP identity provider 'Url' must be specified."); } // connection context.setUrls(StringUtils.split(urls)); // search criteria final String userSearchBase = configurationContext.getProperty("User Search Base"); final String userSearchFilter = configurationContext.getProperty("User Search Filter"); if (StringUtils.isBlank(userSearchBase) || StringUtils.isBlank(userSearchFilter)) { throw new ProviderCreationException( "LDAP identity provider 'User Search Base' and 'User Search Filter' must be specified."); } final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context); // bind final BindAuthenticator authenticator = new BindAuthenticator(context); authenticator.setUserSearch(userSearch); // identity strategy final String rawIdentityStrategy = configurationContext.getProperty("Identity Strategy"); if (StringUtils.isBlank(rawIdentityStrategy)) { logger.info(String.format("Identity Strategy is not configured, defaulting strategy to %s.", IdentityStrategy.USE_DN)); // if this value is not configured, default to use dn which was the previous implementation identityStrategy = IdentityStrategy.USE_DN; } else { try { // attempt to get the configured identity strategy identityStrategy = IdentityStrategy.valueOf(rawIdentityStrategy); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException( String.format("Unrecognized identity strategy '%s'. Possible values are [%s]", rawIdentityStrategy, StringUtils.join(IdentityStrategy.values(), ", "))); } } // set the base environment is necessary if (!baseEnvironment.isEmpty()) { context.setBaseEnvironmentProperties(baseEnvironment); } try { // handling initializing beans context.afterPropertiesSet(); authenticator.afterPropertiesSet(); } catch (final Exception e) { throw new ProviderCreationException(e.getMessage(), e); } // create the underlying provider provider = new LdapAuthenticationProvider(authenticator); }
From source file:org.apache.nifi.registry.security.ldap.LdapIdentityProvider.java
@Override public final void onConfigured(final IdentityProviderConfigurationContext configurationContext) throws SecurityProviderCreationException { final String rawExpiration = configurationContext.getProperty("Authentication Expiration"); if (StringUtils.isBlank(rawExpiration)) { throw new SecurityProviderCreationException("The Authentication Expiration must be specified."); }/*from w w w .java 2 s. c om*/ try { expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS); } catch (final IllegalArgumentException iae) { throw new SecurityProviderCreationException( String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration)); } final LdapContextSource context = new LdapContextSource(); final Map<String, Object> baseEnvironment = new HashMap<>(); // connect/read time out setTimeout(configurationContext, baseEnvironment, "Connect Timeout", "com.sun.jndi.ldap.connect.timeout"); setTimeout(configurationContext, baseEnvironment, "Read Timeout", "com.sun.jndi.ldap.read.timeout"); // authentication strategy final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy"); final LdapAuthenticationStrategy authenticationStrategy; try { authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy); } catch (final IllegalArgumentException iae) { throw new SecurityProviderCreationException(String.format( "Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", "))); } switch (authenticationStrategy) { case ANONYMOUS: context.setAnonymousReadOnly(true); break; default: final String userDn = configurationContext.getProperty("Manager DN"); final String password = configurationContext.getProperty("Manager Password"); context.setUserDn(userDn); context.setPassword(password); switch (authenticationStrategy) { case SIMPLE: context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy()); break; case LDAPS: context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy()); // indicate a secure connection baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl"); // get the configured ssl context final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext); if (ldapsSslContext != null) { // initialize the ldaps socket factory prior to use LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory()); baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName()); } break; case START_TLS: final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy(); // shutdown gracefully final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully"); if (StringUtils.isNotBlank(rawShutdownGracefully)) { final boolean shutdownGracefully = Boolean.TRUE.toString() .equalsIgnoreCase(rawShutdownGracefully); tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully); } // get the configured ssl context final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext); if (startTlsSslContext != null) { tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory()); } // set the authentication strategy context.setAuthenticationStrategy(tlsAuthenticationStrategy); break; } break; } // referrals final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy"); final ReferralStrategy referralStrategy; try { referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy); } catch (final IllegalArgumentException iae) { throw new SecurityProviderCreationException( String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", "))); } // using the value as this needs to be the lowercase version while the value is configured with the enum constant context.setReferral(referralStrategy.getValue()); // url final String urls = configurationContext.getProperty("Url"); if (StringUtils.isBlank(urls)) { throw new SecurityProviderCreationException("LDAP identity provider 'Url' must be specified."); } // connection context.setUrls(StringUtils.split(urls)); // search criteria final String userSearchBase = configurationContext.getProperty("User Search Base"); final String userSearchFilter = configurationContext.getProperty("User Search Filter"); if (StringUtils.isBlank(userSearchBase) || StringUtils.isBlank(userSearchFilter)) { throw new SecurityProviderCreationException( "LDAP identity provider 'User Search Base' and 'User Search Filter' must be specified."); } final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context); // bind final BindAuthenticator authenticator = new BindAuthenticator(context); authenticator.setUserSearch(userSearch); // identity strategy final String rawIdentityStrategy = configurationContext.getProperty("Identity Strategy"); if (StringUtils.isBlank(rawIdentityStrategy)) { logger.info(String.format("Identity Strategy is not configured, defaulting strategy to %s.", IdentityStrategy.USE_DN)); // if this value is not configured, default to use dn which was the previous implementation identityStrategy = IdentityStrategy.USE_DN; } else { try { // attempt to get the configured identity strategy identityStrategy = IdentityStrategy.valueOf(rawIdentityStrategy); } catch (final IllegalArgumentException iae) { throw new SecurityProviderCreationException( String.format("Unrecognized identity strategy '%s'. Possible values are [%s]", rawIdentityStrategy, StringUtils.join(IdentityStrategy.values(), ", "))); } } // set the base environment is necessary if (!baseEnvironment.isEmpty()) { context.setBaseEnvironmentProperties(baseEnvironment); } try { // handling initializing beans context.afterPropertiesSet(); authenticator.afterPropertiesSet(); } catch (final Exception e) { throw new SecurityProviderCreationException(e.getMessage(), e); } // create the underlying provider ldapAuthenticationProvider = new LdapAuthenticationProvider(authenticator); }