List of usage examples for org.springframework.security.ldap.search FilterBasedLdapUserSearch FilterBasedLdapUserSearch
public FilterBasedLdapUserSearch(String searchBase, String searchFilter,
BaseLdapPathContextSource contextSource)
From source file:org.apache.nifi.ldap.LdapProvider.java
@Override public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException { final String rawExpiration = configurationContext.getProperty("Authentication Expiration"); if (StringUtils.isBlank(rawExpiration)) { throw new ProviderCreationException("The Authentication Expiration must be specified."); }/* w ww . j a v a 2s. c om*/ try { expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException( String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration)); } final LdapContextSource context = new LdapContextSource(); final Map<String, Object> baseEnvironment = new HashMap<>(); // connect/read time out setTimeout(configurationContext, baseEnvironment, "Connect Timeout", "com.sun.jndi.ldap.connect.timeout"); setTimeout(configurationContext, baseEnvironment, "Read Timeout", "com.sun.jndi.ldap.read.timeout"); // authentication strategy final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy"); final LdapAuthenticationStrategy authenticationStrategy; try { authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException(String.format( "Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", "))); } switch (authenticationStrategy) { case ANONYMOUS: context.setAnonymousReadOnly(true); break; default: final String userDn = configurationContext.getProperty("Manager DN"); final String password = configurationContext.getProperty("Manager Password"); context.setUserDn(userDn); context.setPassword(password); switch (authenticationStrategy) { case SIMPLE: context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy()); break; case LDAPS: context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy()); // indicate a secure connection baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl"); // get the configured ssl context final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext); if (ldapsSslContext != null) { // initialize the ldaps socket factory prior to use LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory()); baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName()); } break; case START_TLS: final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy(); // shutdown gracefully final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully"); if (StringUtils.isNotBlank(rawShutdownGracefully)) { final boolean shutdownGracefully = Boolean.TRUE.toString() .equalsIgnoreCase(rawShutdownGracefully); tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully); } // get the configured ssl context final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext); if (startTlsSslContext != null) { tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory()); } // set the authentication strategy context.setAuthenticationStrategy(tlsAuthenticationStrategy); break; } break; } // referrals final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy"); final ReferralStrategy referralStrategy; try { referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException( String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", "))); } // using the value as this needs to be the lowercase version while the value is configured with the enum constant context.setReferral(referralStrategy.getValue()); // url final String urls = configurationContext.getProperty("Url"); if (StringUtils.isBlank(urls)) { throw new ProviderCreationException("LDAP identity provider 'Url' must be specified."); } // connection context.setUrls(StringUtils.split(urls)); // search criteria final String userSearchBase = configurationContext.getProperty("User Search Base"); final String userSearchFilter = configurationContext.getProperty("User Search Filter"); if (StringUtils.isBlank(userSearchBase) || StringUtils.isBlank(userSearchFilter)) { throw new ProviderCreationException( "LDAP identity provider 'User Search Base' and 'User Search Filter' must be specified."); } final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context); // bind final BindAuthenticator authenticator = new BindAuthenticator(context); authenticator.setUserSearch(userSearch); // identity strategy final String rawIdentityStrategy = configurationContext.getProperty("Identity Strategy"); if (StringUtils.isBlank(rawIdentityStrategy)) { logger.info(String.format("Identity Strategy is not configured, defaulting strategy to %s.", IdentityStrategy.USE_DN)); // if this value is not configured, default to use dn which was the previous implementation identityStrategy = IdentityStrategy.USE_DN; } else { try { // attempt to get the configured identity strategy identityStrategy = IdentityStrategy.valueOf(rawIdentityStrategy); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException( String.format("Unrecognized identity strategy '%s'. Possible values are [%s]", rawIdentityStrategy, StringUtils.join(IdentityStrategy.values(), ", "))); } } // set the base environment is necessary if (!baseEnvironment.isEmpty()) { context.setBaseEnvironmentProperties(baseEnvironment); } try { // handling initializing beans context.afterPropertiesSet(); authenticator.afterPropertiesSet(); } catch (final Exception e) { throw new ProviderCreationException(e.getMessage(), e); } // create the underlying provider provider = new LdapAuthenticationProvider(authenticator); }
From source file:org.apache.nifi.registry.security.ldap.LdapIdentityProvider.java
@Override public final void onConfigured(final IdentityProviderConfigurationContext configurationContext) throws SecurityProviderCreationException { final String rawExpiration = configurationContext.getProperty("Authentication Expiration"); if (StringUtils.isBlank(rawExpiration)) { throw new SecurityProviderCreationException("The Authentication Expiration must be specified."); }/* ww w . j a v a 2s. com*/ try { expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS); } catch (final IllegalArgumentException iae) { throw new SecurityProviderCreationException( String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration)); } final LdapContextSource context = new LdapContextSource(); final Map<String, Object> baseEnvironment = new HashMap<>(); // connect/read time out setTimeout(configurationContext, baseEnvironment, "Connect Timeout", "com.sun.jndi.ldap.connect.timeout"); setTimeout(configurationContext, baseEnvironment, "Read Timeout", "com.sun.jndi.ldap.read.timeout"); // authentication strategy final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy"); final LdapAuthenticationStrategy authenticationStrategy; try { authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy); } catch (final IllegalArgumentException iae) { throw new SecurityProviderCreationException(String.format( "Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", "))); } switch (authenticationStrategy) { case ANONYMOUS: context.setAnonymousReadOnly(true); break; default: final String userDn = configurationContext.getProperty("Manager DN"); final String password = configurationContext.getProperty("Manager Password"); context.setUserDn(userDn); context.setPassword(password); switch (authenticationStrategy) { case SIMPLE: context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy()); break; case LDAPS: context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy()); // indicate a secure connection baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl"); // get the configured ssl context final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext); if (ldapsSslContext != null) { // initialize the ldaps socket factory prior to use LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory()); baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName()); } break; case START_TLS: final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy(); // shutdown gracefully final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully"); if (StringUtils.isNotBlank(rawShutdownGracefully)) { final boolean shutdownGracefully = Boolean.TRUE.toString() .equalsIgnoreCase(rawShutdownGracefully); tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully); } // get the configured ssl context final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext); if (startTlsSslContext != null) { tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory()); } // set the authentication strategy context.setAuthenticationStrategy(tlsAuthenticationStrategy); break; } break; } // referrals final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy"); final ReferralStrategy referralStrategy; try { referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy); } catch (final IllegalArgumentException iae) { throw new SecurityProviderCreationException( String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", "))); } // using the value as this needs to be the lowercase version while the value is configured with the enum constant context.setReferral(referralStrategy.getValue()); // url final String urls = configurationContext.getProperty("Url"); if (StringUtils.isBlank(urls)) { throw new SecurityProviderCreationException("LDAP identity provider 'Url' must be specified."); } // connection context.setUrls(StringUtils.split(urls)); // search criteria final String userSearchBase = configurationContext.getProperty("User Search Base"); final String userSearchFilter = configurationContext.getProperty("User Search Filter"); if (StringUtils.isBlank(userSearchBase) || StringUtils.isBlank(userSearchFilter)) { throw new SecurityProviderCreationException( "LDAP identity provider 'User Search Base' and 'User Search Filter' must be specified."); } final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context); // bind final BindAuthenticator authenticator = new BindAuthenticator(context); authenticator.setUserSearch(userSearch); // identity strategy final String rawIdentityStrategy = configurationContext.getProperty("Identity Strategy"); if (StringUtils.isBlank(rawIdentityStrategy)) { logger.info(String.format("Identity Strategy is not configured, defaulting strategy to %s.", IdentityStrategy.USE_DN)); // if this value is not configured, default to use dn which was the previous implementation identityStrategy = IdentityStrategy.USE_DN; } else { try { // attempt to get the configured identity strategy identityStrategy = IdentityStrategy.valueOf(rawIdentityStrategy); } catch (final IllegalArgumentException iae) { throw new SecurityProviderCreationException( String.format("Unrecognized identity strategy '%s'. Possible values are [%s]", rawIdentityStrategy, StringUtils.join(IdentityStrategy.values(), ", "))); } } // set the base environment is necessary if (!baseEnvironment.isEmpty()) { context.setBaseEnvironmentProperties(baseEnvironment); } try { // handling initializing beans context.afterPropertiesSet(); authenticator.afterPropertiesSet(); } catch (final Exception e) { throw new SecurityProviderCreationException(e.getMessage(), e); } // create the underlying provider ldapAuthenticationProvider = new LdapAuthenticationProvider(authenticator); }
From source file:org.madsonic.ldap.MadsonicLdapBindAuthenticator.java
/** * Creates the delegate {@link BindAuthenticator}. *///from w ww .j av a 2 s . c o m private synchronized void createDelegate() { // Only create it if necessary. if (delegateAuthenticator == null || authenticatorTimestamp < settingsService.getSettingsChanged()) { LdapContextSource contextSource = new LdapContextSource(); contextSource.setReferral("follow"); contextSource.setUrl(settingsService.getLdapUrl()); String managerDn = settingsService.getLdapManagerDn(); String managerPassword = settingsService.getLdapManagerPassword(); if (StringUtils.isNotEmpty(managerDn) && StringUtils.isNotEmpty(managerPassword)) { contextSource.setUserDn(managerDn); contextSource.setPassword(managerPassword); } FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("", settingsService.getLdapSearchFilter(), contextSource); userSearch.setSearchSubtree(true); userSearch.setDerefLinkFlag(true); delegateAuthenticator = new BindAuthenticator(contextSource); delegateAuthenticator.setUserSearch(userSearch); authenticatorTimestamp = settingsService.getSettingsChanged(); } }
From source file:org.opencastproject.userdirectory.ldap.LdapUserProviderInstance.java
/** * Constructs an ldap user provider with the needed settings. * //from w w w .j av a2s. co m * @param pid * the pid of this service * @param organization * the organization * @param searchBase * the ldap search base * @param searchFilter * the ldap search filter * @param url * the url of the ldap server * @param userDn * the user to authenticate as * @param password * the user credentials * @param roleAttributesGlob * the comma separate list of ldap attributes to treat as roles * @param cacheSize * the number of users to cache * @param cacheExpiration * the number of minutes to cache users */ // CHECKSTYLE:OFF LdapUserProviderInstance(String pid, String organization, String searchBase, String searchFilter, String url, String userDn, String password, String roleAttributesGlob, int cacheSize, int cacheExpiration) { // CHECKSTYLE:ON this.organization = organization; logger.debug("Creating LdapUserProvider instance with pid=" + pid + ", and organization=" + organization + ", to LDAP server at url: " + url); DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(url); if (StringUtils.isNotBlank(userDn)) { contextSource.setPassword(password); contextSource.setUserDn(userDn); // Required so that authentication will actually be used contextSource.setAnonymousReadOnly(false); } else { // No password set so try to connect anonymously. contextSource.setAnonymousReadOnly(true); } try { contextSource.afterPropertiesSet(); } catch (Exception e) { throw new org.opencastproject.util.ConfigurationException("Unable to create a spring context source", e); } FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(searchBase, searchFilter, contextSource); userSearch.setReturningAttributes(roleAttributesGlob.split(",")); this.delegate = new LdapUserDetailsService(userSearch); if (StringUtils.isNotBlank(roleAttributesGlob)) { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); mapper.setRoleAttributes(roleAttributesGlob.split(",")); this.delegate.setUserDetailsMapper(mapper); } // Setup the caches cache = new MapMaker().maximumSize(cacheSize).expireAfterWrite(cacheExpiration, TimeUnit.MINUTES) .makeComputingMap(new Function<String, Object>() { public Object apply(String id) { User user = loadUserFromLdap(id); return user == null ? nullToken : user; } }); registerMBean(pid); }
From source file:org.pentaho.test.platform.plugin.services.security.userrole.ldap.DefaultLdapUserRoleListServiceTest.java
private LdapUserSearch getUserSearch(final String searchBase, final String searchFilter) { return new FilterBasedLdapUserSearch(searchBase, searchFilter, getContextSource()); }