Example usage for org.springframework.security.ldap LdapUtils getFullDn

List of usage examples for org.springframework.security.ldap LdapUtils getFullDn

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.ldap.*
  5. LdapUtils
  6. getFullDn

Introduction

In this page you can find the example usage for org.springframework.security.ldap LdapUtils getFullDn.

Prototype

public static DistinguishedName getFullDn(DistinguishedName dn, Context baseCtx) throws NamingException

Source Link

Document

Gets the full dn of a name by prepending the name of the context it is relative to.

Usage

From source file:org.fao.geonet.kernel.security.ldap.LdapUserDetailsManager.java

private DirContextAdapter loadUserAsContext(final DistinguishedName dn, final String username) {
    return (DirContextAdapter) template.executeReadOnly(new ContextExecutor() {
        public Object executeWithContext(DirContext ctx) throws NamingException {
            try {
                Attributes attrs = ctx.getAttributes(dn, attributesToRetrieve);
                return new DirContextAdapter(attrs, LdapUtils.getFullDn(dn, ctx));
            } catch (NameNotFoundException notFound) {
                throw new UsernameNotFoundException("User " + username + " not found", notFound);
            }/*from  w w w .j  av a  2s .  co m*/
        }
    });
}

From source file:org.fao.geonet.kernel.security.ldap.LdapUserDetailsManager.java

/**
 * Changes the password for the current user. The username is obtained from the security
 * context. <p> If the old password is supplied, the update will be made by rebinding as the
 * user, thus modifying the password using the user's permissions. If <code>oldPassword</code>
 * is null, the update will be attempted using a standard read/write context supplied by the
 * context source. </p>//from  ww w  .java2  s . co m
 *
 * @param oldPassword the old password
 * @param newPassword the new value of the password.
 */
public void changePassword(final String oldPassword, final String newPassword) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    Assert.notNull(authentication,
            "No authentication object found in security context. Can't change current user's password!");

    String username = authentication.getName();

    logger.debug("Changing password for user '" + username);

    final DistinguishedName dn = usernameMapper.buildDn(username);
    final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(
            DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) };

    if (oldPassword == null) {
        template.modifyAttributes(dn, passwordChange);
        return;
    }

    template.executeReadWrite(new ContextExecutor() {

        public Object executeWithContext(DirContext dirCtx) throws NamingException {
            LdapContext ctx = (LdapContext) dirCtx;
            ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(dn, ctx).toString());
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword);
            // TODO: reconnect doesn't appear to actually change the
            // credentials
            try {
                ctx.reconnect(null);
            } catch (javax.naming.AuthenticationException e) {
                throw new BadCredentialsException("Authentication for password change failed.");
            }

            ctx.modifyAttributes(dn, passwordChange);

            return null;
        }
    });
}

From source file:org.fao.geonet.kernel.security.ldap.LdapUserDetailsManager.java

/**
 * @param dn       the distinguished name of the entry - may be either relative to the base
 *                 context or a complete DN including the name of the context (either is
 *                 supported)./*from www. j  a v  a 2s .  com*/
 * @param username the user whose roles are required.
 * @return the granted authorities returned by the group search
 */
@SuppressWarnings("unchecked")
List<GrantedAuthority> getUserAuthorities(final DistinguishedName dn, final String username) {
    SearchExecutor se = new SearchExecutor() {
        public NamingEnumeration<SearchResult> executeSearch(DirContext ctx) throws NamingException {
            DistinguishedName fullDn = LdapUtils.getFullDn(dn, ctx);
            SearchControls ctrls = new SearchControls();
            ctrls.setReturningAttributes(new String[] { groupRoleAttributeName });

            return ctx.search(groupSearchBase, groupSearchFilter, new String[] { fullDn.toUrl(), username },
                    ctrls);
        }
    };

    AttributesMapperCallbackHandler roleCollector = new AttributesMapperCallbackHandler(roleMapper);

    template.search(se, roleCollector);
    return roleCollector.getList();
}

From source file:org.fao.geonet.kernel.security.ldap.LdapUserDetailsManager.java

private void modifyAuthorities(final DistinguishedName userDn,
        final Collection<? extends GrantedAuthority> authorities, final int modType) {
    template.executeReadWrite(new ContextExecutor() {
        public Object executeWithContext(DirContext ctx) throws NamingException {
            for (GrantedAuthority authority : authorities) {
                String group = convertAuthorityToGroup(authority);
                DistinguishedName fullDn = LdapUtils.getFullDn(userDn, ctx);
                ModificationItem addGroup = new ModificationItem(modType,
                        new BasicAttribute(groupMemberAttributeName, fullDn.toUrl()));

                ctx.modifyAttributes(buildGroupDn(group), new ModificationItem[] { addGroup });
            }/*from w w w .  j  a v a 2s . c  o m*/
            return null;
        }
    });
}

From source file:org.springframework.security.ldap.userdetails.LdapUserDetailsManager.java

private void changePasswordUsingAttributeModification(DistinguishedName userDn, String oldPassword,
        String newPassword) {/*from  www. j  a  v a2s.c  o m*/

    final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(
            DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) };

    if (oldPassword == null) {
        template.modifyAttributes(userDn, passwordChange);
        return;
    }

    template.executeReadWrite(dirCtx -> {
        LdapContext ctx = (LdapContext) dirCtx;
        ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
        ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(userDn, ctx).toString());
        ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword);
        // TODO: reconnect doesn't appear to actually change the credentials
        try {
            ctx.reconnect(null);
        } catch (javax.naming.AuthenticationException e) {
            throw new BadCredentialsException("Authentication for password change failed.");
        }

        ctx.modifyAttributes(userDn, passwordChange);

        return null;
    });

}

From source file:org.springframework.security.ldap.userdetails.LdapUserDetailsManager.java

private void changePasswordUsingExtensionOperation(DistinguishedName userDn, String oldPassword,
        String newPassword) {//from  w  w  w .  j a va2 s .  c  om

    template.executeReadWrite(dirCtx -> {
        LdapContext ctx = (LdapContext) dirCtx;

        String userIdentity = LdapUtils.getFullDn(userDn, ctx).encode();
        PasswordModifyRequest request = new PasswordModifyRequest(userIdentity, oldPassword, newPassword);

        try {
            return ctx.extendedOperation(request);
        } catch (javax.naming.AuthenticationException e) {
            throw new BadCredentialsException("Authentication for password change failed.");
        }
    });
}