org.springframework.ldap.core.DirContextOperations Java Examples

The following examples show how to use org.springframework.ldap.core.DirContextOperations. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: LdapUserGroupProvider.java    From nifi with Apache License 2.0 6 votes vote down vote up
private String getReferencedGroupValue(final DirContextOperations ctx) {
    final String referencedGroupValue;

    if (StringUtils.isBlank(userGroupReferencedGroupAttribute)) {
        referencedGroupValue = ctx.getDn().toString();
    } else {
        final Attribute attributeName = ctx.getAttributes().get(userGroupReferencedGroupAttribute);
        if (attributeName == null) {
            throw new AuthorizationAccessException("Referenced group value attribute [" + userGroupReferencedGroupAttribute + "] does not exist.");
        }

        try {
            referencedGroupValue = (String) attributeName.get();
        } catch (NamingException e) {
            throw new AuthorizationAccessException("Error while retrieving referenced group value attribute [" + userGroupReferencedGroupAttribute + "].");
        }
    }

    return groupMembershipEnforceCaseSensitivity ? referencedGroupValue : referencedGroupValue.toLowerCase();
}
 
Example #2
Source File: LdapUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static Name getDnOfEntry(LdapTemplate ldapTemplate, String baseDN,
    String objectClass, String filterAttributeName, String filterAttributeValue) {

    ContextMapper<Name> mapper =
        new AbstractContextMapper<Name>() {
            public Name doMapFromContext(DirContextOperations ctx) {
                return ctx.getDn();
            }
        };

    AndFilter filter = new AndFilter();
    filter.and(
        new EqualsFilter("objectclass", objectClass)).and(
            new EqualsFilter(filterAttributeName, filterAttributeValue));

    List<Name> result = ldapTemplate.search((baseDN == null) ? "" : baseDN, filter.toString(),
        SearchControls.SUBTREE_SCOPE, mapper);

    if (result != null && !result.isEmpty()) {
        //not only the first one....
        return result.get(0);
    }
    return null;
}
 
Example #3
Source File: LdapAuthRepositoryCustomImpl.java    From Spring-5.0-Projects with MIT License 6 votes vote down vote up
@Override
public void createByBindOperation(LdapAuthUser ldapAuthUser) {
	
	DirContextOperations ctx = new DirContextAdapter();
	ctx.setAttributeValues("objectclass", new String[] {"top", "person", "organizationalPerson","inetOrgPerson"});
	ctx.setAttributeValue("cn", ldapAuthUser.getFirstName());
	ctx.setAttributeValue("sn", ldapAuthUser.getSurName());
	ctx.setAttributeValue("uid", ldapAuthUser.getUserName());
	ctx.setAttributeValue("userPassword", ldapAuthUser.getPassword());
	
	Name dn = LdapNameBuilder.newInstance()
		      .add("ou=users")
		      .add("uid=bpatel")
		      .build();
	
	ctx.setDn(dn);
	ldapTemplate.bind(ctx);
	
}
 
Example #4
Source File: LdapUserDetailsContextMapperTest.java    From attic-rave with Apache License 2.0 6 votes vote down vote up
@Test
public void testMapUserFromContext_new_no_displayname() throws Exception {
    DirContextOperations ctx = createMock(DirContextOperations.class);

    final String username = "johnldap";
    User user = new UserImpl("123", username);

    expect(userService.getUserByUsername(username)).andReturn(null).once();
    expect(ctx.attributeExists(MAIL_ATTRIBUTE_NAME)).andReturn(true);
    expect(ctx.getStringAttribute(MAIL_ATTRIBUTE_NAME)).andReturn("[email protected]").times(2);
    expect(ctx.attributeExists(DISPLAY_NAME_ATTRIBUTE_NAME)).andReturn(false);
    expect(userService.getUserByUsername(username)).andReturn(user).once();
    expectLastCall();

    replay(userService, ctx);

    final UserDetails userDetails =
            contextMapper.mapUserFromContext(ctx, username, Collections.<GrantedAuthority>emptyList());

    verify(userService, ctx);
    assertEquals(user, userDetails);
}
 
Example #5
Source File: EntityEmploymentMapper.java    From rice with Educational Community License v2.0 6 votes vote down vote up
EntityEmployment.Builder mapBuilderFromContext(DirContextOperations context) {
    final String departmentCode = context.getStringAttribute(getConstants().getDepartmentLdapProperty());
    
    if (departmentCode == null) {
        return null;
    }

    final EntityEmployment.Builder employee = EntityEmployment.Builder.create();
    employee.setId(context.getStringAttribute(getConstants().getEmployeeIdProperty()));
    employee.setEmployeeStatus(
            CodedAttribute.Builder.create(context.getStringAttribute(getConstants().getEmployeeStatusProperty())));
    //employee.setEmployeeTypeCode(context.getStringAttribute(getConstants().getEmployeeTypeProperty()));
    employee.setEmployeeType(CodedAttribute.Builder.create("P"));
    employee.setBaseSalaryAmount(KualiDecimal.ZERO);
    
    employee.setActive(true);
    return employee;
}
 
Example #6
Source File: HeimdallLdapAuthoritiesPopulator.java    From heimdall with Apache License 2.0 6 votes vote down vote up
/**
 * If it can not find the user it creates one from the {@link DirContextOperations} provided.<br>
 * <br>
 * {@inheritDoc}
 */
@Transactional
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {

     User user = repository.findByUserNameAndType(username, TypeUser.LDAP);

     if (user == null) {
          User addUser = new User();
          addUser.setEmail(userData.getStringAttribute("mail"));
          addUser.setFirstName(userData.getStringAttribute("givenName"));
          addUser.setLastName(userData.getStringAttribute("sn"));
          addUser.setType(TypeUser.LDAP);
          addUser.setPassword(UUID.randomUUID().toString());
          addUser.setUserName(username);
          
          Set<Role> roles = roleRepository.findByName(Role.DEFAULT);
          addUser.setRoles(roles);
          
          repository.save(addUser);
          user = addUser;
     }

     return getAuthorities(user.getRoles());
}
 
Example #7
Source File: LdapUserDetailsContextMapperTest.java    From attic-rave with Apache License 2.0 6 votes vote down vote up
@Test(expected = RuntimeException.class)
public void testMapUserFromContext_empty_mail() throws Exception {
    DirContextOperations ctx = createMock(DirContextOperations.class);

    final String username = "johnldap";

    expect(userService.getUserByUsername(username)).andReturn(null).once();
    expect(ctx.attributeExists(MAIL_ATTRIBUTE_NAME)).andReturn(true);
    expect(ctx.getStringAttribute(MAIL_ATTRIBUTE_NAME)).andReturn("").times(1);

    replay(userService, ctx);

    contextMapper.mapUserFromContext(ctx, username, Collections.<GrantedAuthority>emptyList());

    verify(userService, ctx);
    assertFalse("Exception thrown", true);
}
 
Example #8
Source File: LdapUserGroupProvider.java    From nifi with Apache License 2.0 6 votes vote down vote up
private String getGroupName(final DirContextOperations ctx) {
    final String name;

    if (useDnForGroupName) {
        name = ctx.getDn().toString();
    } else {
        final Attribute attributeName = ctx.getAttributes().get(groupNameAttribute);
        if (attributeName == null) {
            throw new AuthorizationAccessException("Group identity attribute [" + groupNameAttribute + "] does not exist.");
        }

        try {
            name = (String) attributeName.get();
        } catch (NamingException e) {
            throw new AuthorizationAccessException("Error while retrieving group name attribute [" + groupNameAttribute + "].");
        }
    }

    return IdentityMappingUtil.mapIdentity(name, groupMappings);
}
 
Example #9
Source File: LdapUserGroupProvider.java    From nifi with Apache License 2.0 6 votes vote down vote up
private String getReferencedUserValue(final DirContextOperations ctx) {
    final String referencedUserValue;

    if (StringUtils.isBlank(groupMemberReferencedUserAttribute)) {
        referencedUserValue = ctx.getDn().toString();
    } else {
        final Attribute attributeName = ctx.getAttributes().get(groupMemberReferencedUserAttribute);
        if (attributeName == null) {
            throw new AuthorizationAccessException("Referenced user value attribute [" + groupMemberReferencedUserAttribute + "] does not exist.");
        }

        try {
            referencedUserValue = (String) attributeName.get();
        } catch (NamingException e) {
            throw new AuthorizationAccessException("Error while retrieving reference user value attribute [" + groupMemberReferencedUserAttribute + "].");
        }
    }

    return groupMembershipEnforceCaseSensitivity ? referencedUserValue : referencedUserValue.toLowerCase();
}
 
Example #10
Source File: LdapUserGroupProvider.java    From nifi-registry with Apache License 2.0 6 votes vote down vote up
private String getGroupName(final DirContextOperations ctx) {
    final String name;

    if (useDnForGroupName) {
        name = ctx.getDn().toString();
    } else {
        final Attribute attributeName = ctx.getAttributes().get(groupNameAttribute);
        if (attributeName == null) {
            throw new AuthorizationAccessException("Group identity attribute [" + groupNameAttribute + "] does not exist.");
        }

        try {
            name = (String) attributeName.get();
        } catch (NamingException e) {
            throw new AuthorizationAccessException("Error while retrieving group name attribute [" + groupNameAttribute + "].");
        }
    }

    return IdentityMappingUtil.mapIdentity(name, groupMappings);
}
 
Example #11
Source File: LdapUtil.java    From zstack with Apache License 2.0 6 votes vote down vote up
public boolean validateDnExist(LdapTemplateContextSource ldapTemplateContextSource, String fullDn){
    try {
        String dn = fullDn.replace("," + ldapTemplateContextSource.getLdapContextSource().getBaseLdapPathAsString(), "");
        Object result = ldapTemplateContextSource.getLdapTemplate().lookup(dn, new AbstractContextMapper<Object>() {
            @Override
            protected Object doMapFromContext(DirContextOperations ctx) {
                Attributes group = ctx.getAttributes();
                return group;
            }
        });
        return result != null;
    }catch (Exception e){
        logger.warn(String.format("validateDnExist[%s] fail", fullDn), e);
        return false;
    }
}
 
Example #12
Source File: LdapUserGroupProvider.java    From nifi-registry with Apache License 2.0 6 votes vote down vote up
private String getUserIdentity(final DirContextOperations ctx) {
    final String identity;

    if (useDnForUserIdentity) {
        identity = ctx.getDn().toString();
    } else {
        final Attribute attributeName = ctx.getAttributes().get(userIdentityAttribute);
        if (attributeName == null) {
            throw new AuthorizationAccessException("User identity attribute [" + userIdentityAttribute + "] does not exist.");
        }

        try {
            identity = (String) attributeName.get();
        } catch (NamingException e) {
            throw new AuthorizationAccessException("Error while retrieving user name attribute [" + userIdentityAttribute + "].");
        }
    }

    return IdentityMappingUtil.mapIdentity(identity, identityMappings);
}
 
Example #13
Source File: UserDetailsContextMapperImplTest.java    From mojito with Apache License 2.0 6 votes vote down vote up
@Test
public void testMapUserFromContextWhenUserNameIsNotFound() throws Exception {
    when(userRepository.findByUsername(anyString())).thenReturn(null);

    when(userService.createOrUpdateBasicUser(anyObject(), anyString(), anyString(), anyString(),
            anyString())).thenReturn(mock(User.class));

    DirContextOperations dirContextOperations = mock(DirContextOperations.class);
    when(dirContextOperations.getStringAttribute("givenname")).thenReturn("givename");
    when(dirContextOperations.getStringAttribute("sn")).thenReturn("sn");
    when(dirContextOperations.getStringAttribute("cn")).thenReturn("cn");

    UserDetails userDetails = userDetailsContextMapper.mapUserFromContext(dirContextOperations, "testUsername", null);

    Assert.notNull(userDetails);
    verify(dirContextOperations, times(3)).getStringAttribute(anyString());
}
 
Example #14
Source File: EntityPrivacyPreferencesMapper.java    From rice with Educational Community License v2.0 5 votes vote down vote up
EntityPrivacyPreferences.Builder mapBuilderFromContext(DirContextOperations context) {
    final String entityId      = context.getStringAttribute(getConstants().getKimLdapIdProperty());
    final EntityPrivacyPreferences.Builder person = EntityPrivacyPreferences.Builder.create(entityId);
    person.setSuppressName(false);
    person.setSuppressEmail(false);
    person.setSuppressPhone(false);
    person.setSuppressAddress(false);
    person.setSuppressPersonal(true);
    return person;
}
 
Example #15
Source File: LdapTemplateSearchResultITest.java    From spring-ldap with Apache License 2.0 5 votes vote down vote up
@Test(expected = EmptyResultDataAccessException.class)
public void testSearchForObjectNoHits() {
	tested.searchForObject(BASE_STRING, "(&(objectclass=person)(sn=Person does not exist))", new AbstractContextMapper() {
		@Override
		protected Object doMapFromContext(DirContextOperations ctx) {
			return ctx;
		}
	});
}
 
Example #16
Source File: ActiveDirectoryLdapAuthoritiesPopulator.java    From maven-framework-project with MIT License 5 votes vote down vote up
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
    String[] groups = userData.getStringAttributes("memberOf");
    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

    for (String group : groups) {
        LdapRdn authority = new DistinguishedName(group).removeLast();
        authorities.add(new SimpleGrantedAuthority(authority.getValue()));
    }
    return authorities;
}
 
Example #17
Source File: LdapTemplateModifyITest.java    From spring-ldap with Apache License 2.0 5 votes vote down vote up
@Test
public void testModifyAttributes_AddAttributeValueWithExistingValue() {
	DirContextOperations ctx = tested.lookupContext("cn=ROLE_USER,ou=groups");
	ctx.addAttributeValue("uniqueMember", "cn=Some Person,ou=company1,ou=Norway," + base);
	tested.modifyAttributes(ctx);
	assertThat(true).isTrue();
}
 
Example #18
Source File: DefaultController.java    From spring-ldap with Apache License 2.0 5 votes vote down vote up
@Override
protected String getLinkForNode(DirContextOperations node) {
	String[] objectClassValues = node.getStringAttributes("objectClass");
	if (containsValue(objectClassValues, "person")) {
		Name dn = node.getDn();
		String country = encodeValue(LdapUtils.getStringValue(dn, "c"));
		String company = encodeValue(LdapUtils.getStringValue(dn, "ou"));
		String fullName = encodeValue(LdapUtils.getStringValue(dn, "cn"));

		return "showPerson.do?country=" + country + "&company=" + company + "&fullName=" + fullName;
	}
	else {
		return super.getLinkForNode(node);
	}
}
 
Example #19
Source File: OsiamLdapAuthenticationProvider.java    From osiam with MIT License 5 votes vote down vote up
private User synchronizeLdapData(DirContextOperations ldapUserData, User user) {
    if (user == null) {
        return userProvisioning.create(osiamLdapUserContextMapper.mapUser(ldapUserData));
    } else if (syncUserData) {
        return userProvisioning.update(
                user.getId(), osiamLdapUserContextMapper.mapUpdateUser(user, ldapUserData)
                        .getScimConformUpdateUser());
    }

    return user;
}
 
Example #20
Source File: LdapUpgradeExtension.java    From zstack with Apache License 2.0 5 votes vote down vote up
private void update(LdapTemplate ldapTemplate, LdapAccountRefVO ref){
    String uid = ref.getLdapUid();

    AndFilter filter = new AndFilter();
    filter.and(new EqualsFilter("uid", ref.getLdapUid()));

    List<Object> result = ldapTemplate.search("", filter.toString(), new AbstractContextMapper<Object>() {
        @Override
        protected Object doMapFromContext(DirContextOperations ctx) {
            return ctx.getNameInNamespace();
        }
    });

    if(result.size() == 0){
        logger.error(String.format("Can not find ldapUid[%s] dn", uid));
        return;
    }

    if(result.size() > 1){
        logger.error(String.format("ldapUid[%s] More than one dn result", uid));
        return;
    }

    String dn = result.get(0).toString();
    ref.setLdapUid(dn);
    dbf.update(ref);
    logger.info(String.format("update ldapUid[%s] to ldapDn[%s] success", uid, dn));
}
 
Example #21
Source File: EntityEmailMapper.java    From rice with Educational Community License v2.0 5 votes vote down vote up
EntityEmail.Builder mapBuilderFromContext(DirContextOperations context, boolean isdefault) {        
    final EntityEmail.Builder retval = EntityEmail.Builder.create();
    final String emailAddress = context.getStringAttribute(getConstants().getEmployeeMailLdapProperty());
    retval.setEmailAddress(emailAddress);
    retval.setEmailType(CodedAttribute.Builder.create("WORK"));
    retval.setDefaultValue(isdefault);
    retval.setActive(true);
    return retval;
}
 
Example #22
Source File: LdapTemplateLookup30ITest.java    From spring-ldap with Apache License 2.0 5 votes vote down vote up
/**
 * This method depends on a DirObjectFactory (
 * {@link org.springframework.ldap.core.support.DefaultDirObjectFactory})
 * being set in the ContextSource.
 */
   @Test
public void testThatPlainLookupWorksWithSpring30() {
	DirContextOperations result = tested.lookupContext("cn=Some Person2, ou=company1,c=Sweden");

	assertThat(result.getStringAttribute("cn")).isEqualTo("Some Person2");
	assertThat(result.getStringAttribute("sn")).isEqualTo("Person2");
	assertThat(result.getStringAttribute("description")).isEqualTo("Sweden, Company1, Some Person2");
}
 
Example #23
Source File: LDAPAuthenticator.java    From para with Apache License 2.0 5 votes vote down vote up
@Override
public DirContextOperations authenticate(Authentication authentication) {
	try {
		if (authenticator != null) {
			return authenticator.authenticate(authentication);
		}
	} catch (Exception e) {
		logger.warn("Failed to authenticate user with LDAP server: {}", e.getMessage());
	}
	throw new AuthenticationServiceException("LDAP user not found.");
}
 
Example #24
Source File: LdapUtil.java    From zstack with Apache License 2.0 5 votes vote down vote up
private String getFullUserDn(LdapTemplate ldapTemplate, String filter) {
    String dn;
    try {
        List<Object> result = ldapTemplate.search("", filter, new AbstractContextMapper<Object>() {
            @Override
            protected Object doMapFromContext(DirContextOperations ctx) {
                return ctx.getNameInNamespace();
            }
        });
        if (result.size() == 1) {
            dn = result.get(0).toString();
        } else if (result.size() > 1) {
            throw new OperationFailureException(err(
                    LdapErrors.UNABLE_TO_GET_SPECIFIED_LDAP_UID, "More than one ldap search result"));
        } else {
            return "";
        }
        logger.info(String.format("getDn success filter:%s, dn:%s", filter, dn));
    } catch (NamingException e) {
        LdapServerVO ldapServerVO = getLdapServer();
        throw new OperationFailureException(err(
                LdapErrors.UNABLE_TO_GET_SPECIFIED_LDAP_UID, "You'd better check the LDAP/AD server[url:%s, baseDN:%s, encryption:%s, username:%s, password:******]" +
                        " configuration and test connection first.getDn error filter:%s",
                ldapServerVO.getUrl(), ldapServerVO.getBase(),
                ldapServerVO.getEncryption(), ldapServerVO.getUsername(), filter));
    }
    return dn;
}
 
Example #25
Source File: OsiamLdapUserContextMapper.java    From osiam with MIT License 5 votes vote down vote up
private void updateAddress(UpdateUser.Builder updateBuilder, List<Address> addresses,
        DirContextOperations ldapUserData) {
    for (Address address : addresses) {
        if (address.getType() != null && address.getType().toString().equals(LdapAuthentication.LDAP_PROVIDER)) {
            updateBuilder.deleteAddress(address);
        }
    }

    List<Address> newAddresses = getAddresses(ldapUserData);
    if (!newAddresses.isEmpty()) {
        updateBuilder.addAddress(newAddresses.get(0));
    }
}
 
Example #26
Source File: LdapTemplateAuthenticationITest.java    From spring-ldap with Apache License 2.0 5 votes vote down vote up
@Test(expected = AuthenticationException.class)
@Category(NoAdTest.class)
public void testAuthenticateWithLdapQueryAndMapperAndInvalidPassword() {
    DirContextOperations ctx = tested.authenticate(query()
            .where("objectclass").is("person")
            .and("uid").is("some.person3"),
            "invalidpassword",
            new LookupAttemptingCallback());
}
 
Example #27
Source File: LdapTemplateLookup20ITest.java    From spring-ldap with Apache License 2.0 5 votes vote down vote up
/**
 * This method depends on a DirObjectFactory (
 * {@link org.springframework.ldap.core.support.DefaultDirObjectFactory})
 * being set in the ContextSource.
 */
public void testThatPlainLookupWorksWithSpring20() {
	DirContextOperations result = tested.lookupContext("cn=Some Person2, ou=company1,c=Sweden");

	assertThat(result.getStringAttribute("cn")).isEqualTo("Some Person2");
	assertThat(result.getStringAttribute("sn")).isEqualTo("Person2");
	assertThat(result.getStringAttribute("description")).isEqualTo("Sweden, Company1, Some Person2");
}
 
Example #28
Source File: UserDetailsContextPropertiesMapper.java    From gravitee-management-rest-api with Apache License 2.0 5 votes vote down vote up
@Override
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
	List<GrantedAuthority> mappedAuthorities = new ArrayList<>();
	try {
		for (GrantedAuthority granted : authorities) {
			String mappedAuthority = environment.getProperty("authentication.group.role.mapper."+granted.getAuthority());
			if (mappedAuthority != null && !mappedAuthority.isEmpty()) {
				mappedAuthorities.add(new SimpleGrantedAuthority(mappedAuthority));
			}
		}
	} catch (Exception e){
		LOGGER.error("Failed to load mapped authorities", e);
	}

	io.gravitee.rest.api.idp.api.authentication.UserDetails userDetails =
			new io.gravitee.rest.api.idp.api.authentication.UserDetails(
					ctx.getStringAttribute(identifierAttribute), "", mappedAuthorities);

	String userPhotoAttribute = environment.getProperty("authentication.user.photo-attribute");
       if(userPhotoAttribute == null) {
           userPhotoAttribute = "jpegPhoto";
       }

	userDetails.setFirstname(ctx.getStringAttribute(LDAP_ATTRIBUTE_FIRSTNAME));
	userDetails.setLastname(ctx.getStringAttribute(LDAP_ATTRIBUTE_LASTNAME));
	userDetails.setEmail(ctx.getStringAttribute(LDAP_ATTRIBUTE_MAIL));
	userDetails.setSource(LdapIdentityProvider.PROVIDER_TYPE);
	userDetails.setSourceId(ctx.getNameInNamespace());
	userDetails.setPicture((byte [])ctx.getObjectAttribute(userPhotoAttribute));

	return userDetails;
}
 
Example #29
Source File: LdapAuthenticationProvider.java    From hesperides with GNU General Public License v3.0 5 votes vote down vote up
@Override
@Cacheable(cacheNames = USERS_AUTHENTICATION_CACHE_NAME)
// Note: en cas d'exception levée dans cette méthode, rien ne sera mis en cache
public DirContextOperations searchCN(String username, String password) {
    LdapSearchContext ldapSearchContext = createLdapSearchContext(username, password);
    try {
        return ldapSearchContext.searchUserCNWithRetry(username);
    } finally {
        ldapSearchContext.closeContext();
    }
}
 
Example #30
Source File: LdapAuthenticationProvider.java    From hesperides with GNU General Public License v3.0 5 votes vote down vote up
@Override
protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth) {
    String username = auth.getName();
    String password = (String) auth.getCredentials();
    // L'objet retourné est directement passé à loadUserAuthorities par la classe parente :
    return self.searchCN(username, password);
}