Java Code Examples for javax.naming.ldap.LdapContext#close()

The following examples show how to use javax.naming.ldap.LdapContext#close() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: GUISSOLdapClient.java    From uavstack with Apache License 2.0 6 votes vote down vote up
private void clearLdapContext(String action) {

        try {
            loggerInfo("LDAPContext", "清空", "开始", action);

            if (ldapContexts.containsKey(action)) {
                LdapContext context = ldapContexts.get(action);
                context.close();
                context = null;
                ldapContexts.remove(action);
            }

            loggerInfo("LDAPContext", "清空", "完成", action);
        }
        catch (Exception e) {
            loggerError("LDAPContext清空", action, e);
        }

    }
 
Example 2
Source File: ReadOnlyLDAPUser.java    From james-project with Apache License 2.0 6 votes vote down vote up
/**
 * Verifies that the password supplied is actually the user's password, by
 * attempting to rebind to a copy of the LDAP server context using the user's 
 * username and the supplied password.
 * 
 * @param password
 *            The password to validate.
 * @return <code>True</code> if a connection can successfully be established
 *         to the LDAP host using the user's id and the supplied password,
 *         and <code>False</code> otherwise.
 */
@Override
public boolean verifyPassword(String password) {
    boolean result = false;
    LdapContext ldapContext = null;
    try {
        ldapContext = this.ldapContext.newInstance(null);
        ldapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION,
                LdapConstants.SECURITY_AUTHENTICATION_SIMPLE);
        ldapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
        ldapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
        ldapContext.reconnect(null);
        result = true;
    } catch (NamingException exception) {
        // no-op
    } finally {
        if (null != ldapContext) {
            try {
                ldapContext.close();
            } catch (NamingException ex) {
                // no-op
            }
        }
    }
    return result;
}
 
Example 3
Source File: UserServiceImpl.java    From seppb with MIT License 5 votes vote down vote up
private void ldapClose(LdapContext ctx) {
	if (null != ctx) {
		try {
			ctx.close();
		} catch (NamingException e) {
			log.error("认证服务关闭异常", e.getMessage());
		}
	}
}
 
Example 4
Source File: LdapUserService.java    From pmq with Apache License 2.0 5 votes vote down vote up
private void doInitUser(Map<String, UserInfo> userInfos, Map<String, Organization> orgMap, String serverPath)
		throws NamingException {
	Properties env = new Properties();
	env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
	env.put(Context.SECURITY_AUTHENTICATION, "simple");
	env.put(Context.SECURITY_PRINCIPAL, "corp\\" + soaConfig.getMqLdapUser());
	env.put(Context.SECURITY_CREDENTIALS, soaConfig.getMqLdapPass());
	env.put(Context.PROVIDER_URL, adServer.get());

	LdapContext ctx = new InitialLdapContext(env, null);
	SearchControls searchCtls = new SearchControls();
	searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

	String searchFilter = String
			.format("(&(objectClass=top)(objectClass=user)(objectClass=person)(objectClass=organizationalPerson))");

	String returnedAtts[] = { "memberOf", "sAMAccountName", "cn", "distinguishedName", "mail" };
	searchCtls.setReturningAttributes(returnedAtts);
	NamingEnumeration<SearchResult> answer = ctx.search(serverPath, searchFilter, searchCtls);
	while (answer.hasMoreElements()) {
		SearchResult sr = (SearchResult) answer.next();
		Attributes at = sr.getAttributes();
		UserInfo userInfo = new UserInfo();
		userInfo.setDepartment(getDValue(at.get("distinguishedName")));
		userInfo.setEmail(getValue(at.get("mail")));
		userInfo.setUserId(getValue(at.get("sAMAccountName")));
		userInfo.setName(getValue(at.get("cn")));
		userInfo.setAdmin(roleService.isAdmin(userInfo.getUserId()));
		userInfos.put(userInfo.getUserId(), userInfo);
		if (!StringUtils.isEmpty(userInfo.getDepartment())) {
			Organization organization = new Organization();
			organization.setOrgId(userInfo.getDepartment());
			orgMap.put(userInfo.getDepartment(), organization);
		}
	}
	ctx.close();
}
 
Example 5
Source File: LdapManagerImpl.java    From cosmic with Apache License 2.0 5 votes vote down vote up
private void closeContext(final LdapContext context) {
    try {
        if (context != null) {
            context.close();
        }
    } catch (final NamingException e) {
        s_logger.warn(e.getMessage(), e);
    }
}
 
Example 6
Source File: LdapGroupProvider.java    From Openfire with Apache License 2.0 5 votes vote down vote up
/**
 * Reads the group with the given DN
 *
 * @param groupDN         the absolute DN of the group
 * @param membersToIgnore A mutable set of DNs and/or UIDs (for Posix mode) to ignore. This set will be
 *                        filled with visited DNs. If flatten of hierarchies of groups is active
 *                        ({@link LdapManager#isFlattenNestedGroups()}, this will prevent endless loops
 *                        for cyclic hierarchies.
 * @return A group (never null)
 * @throws NamingException When a group can't be read from LDAP.
 */
private Group getGroupByDN(LdapName groupDN, Set<String> membersToIgnore) throws NamingException {
    LdapContext ctx = null;
    try {
        LdapName baseDN;
        Name relativeDN;
        if (manager.getAlternateBaseDN() != null
            && groupDN.startsWith(manager.getAlternateBaseDN())) {
            baseDN = manager.getAlternateBaseDN();
        } else if (groupDN.startsWith(manager.getBaseDN())) {
            baseDN = manager.getBaseDN();
        }
        else {
            throw new IllegalArgumentException("GroupDN does not match any baseDN");
        }
        relativeDN = groupDN.getSuffix(baseDN.size());
        membersToIgnore.add(groupDN.toString());
        // Load record.
        ctx = manager.getContext(baseDN);
        Attributes attrs = ctx.getAttributes(relativeDN, standardAttributes);

        return processGroup(ctx, attrs, membersToIgnore);
    }
    finally {
        try {
            if (ctx != null) {
                ctx.setRequestControls(null);
                ctx.close();
            }
        }
        catch (Exception ex) {
            Log.debug( "An exception was ignored while trying to close the Ldap context after trying to get a group.", ex );
        }
    }
}
 
Example 7
Source File: LdapManagerImpl.java    From cloudstack with Apache License 2.0 5 votes vote down vote up
private void closeContext(final LdapContext context) {
    try {
        if (context != null) {
            context.close();
        }
    } catch (final NamingException e) {
        LOGGER.warn(e.getMessage(), e);
    }
}
 
Example 8
Source File: LdapUserService.java    From radar with Apache License 2.0 4 votes vote down vote up
private void doInitUser(Map<String, UserBo> userInfos, Map<String, OrganizationBo> orgMap, String serverPath)
        throws NamingException {
    Properties env = new Properties();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, soaConfig.getRadarLdapUser());
    env.put(Context.SECURITY_CREDENTIALS, soaConfig.getRadarLdapPass());
    env.put(Context.PROVIDER_URL, adServer.get());

    LdapContext ctx = new InitialLdapContext(env, null);
    SearchControls searchCtls = new SearchControls();
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

    String searchFilter = String
            .format("(&(objectClass=top)(objectClass=user)(objectClass=person)(objectClass=organizationalPerson))");

    String returnedAtts[] = { "memberOf", "sAMAccountName", "cn", "distinguishedName", "mail" };
    searchCtls.setReturningAttributes(returnedAtts);
    NamingEnumeration<SearchResult> answer = ctx.search(serverPath, searchFilter, searchCtls);
    while (answer.hasMoreElements()) {
        SearchResult sr = (SearchResult) answer.next();
        Attributes at = sr.getAttributes();
        UserBo userBo = new UserBo();
        userBo.setDepartment(getDValue(at.get("distinguishedName")));
        userBo.setEmail(getValue(at.get("mail")));
        userBo.setUserId(getValue(at.get("sAMAccountName")));
        userBo.setName(getValue(at.get("cn")));
        userBo.setAdmin(false);
        if ((","+soaConfig.getAdminUsers()+",").indexOf(","+userBo.getUserId()+",") != -1) {
            userBo.setAdmin(true);
        }
        userInfos.put(userBo.getUserId(), userBo);
        if (!StringUtils.isEmpty(userBo.getDepartment())) {
            OrganizationBo organization = new OrganizationBo();
            organization.setOrgId(userBo.getDepartment());
            organization.setOrgName(userBo.getDepartment());
            orgMap.put(userBo.getDepartment(), organization);
        }
    }
    ctx.close();
}
 
Example 9
Source File: LdapAccessControl.java    From light-oauth2 with Apache License 2.0 4 votes vote down vote up
@Override
public boolean hasRole(final String username, final String attribute) {
    final String key = username + "_attr_" + attribute;
    final long now = System.currentTimeMillis();

    try {
        if (!matchedExpired(key, now)) {
            return true;
        }

        if (!unMatchedExpired(key, now)) {
            return false;
        }

        // query AD to update both MapS and expiration time
        LOGGER.fine("username: " + username + "; role: " + attribute);

        this.writeLock.lock();
        try {
            // remove from cache if exists
            this.matchedList.remove(key);
            this.unMatchedList.remove(key);

            int count = 0;
            final LdapContext context = new InitialLdapContext(environment, null);
            for (String filter : this.policy) {
                // perform AD lookup add to cache 
                final NamingEnumeration<SearchResult> results =
                        context.search(this.deecee
                                , String.format(filter, username, attribute)
                                , this.srchCntrls);

                final boolean found = results.hasMoreElements();
                results.close();

                // add to cache
                if (found) {
                    count++;
                    //LOGGER.info("add attribute to matchedList: " + attribute);
                    this.matchedList.put(key, System.currentTimeMillis());
                    if (!this.uniqueOnly) {
                        break;
                    }
                }

                // check if we have a duplicate attribute
                if (count > 1 && this.uniqueOnly) {
                    this.matchedList.remove(key);
                    throw new IllegalArgumentException("Uniqueness property violated. "
                            + "Found duplicate role/attribute:" + attribute
                            + ". This MAY be caused by an improper policy definition"
                            + "; filter=" + filter
                            + "; policy=" + this.policy);
                }
            }
            context.close();

            if (0 == count) {
                //LOGGER.info("add attribute to unMatchedList: " + attribute);
                this.unMatchedList.put(key, System.currentTimeMillis());
            } else {
                cacheUserInfo(username);
            }

        } finally {
            this.writeLock.unlock();
        }
    } catch (NamingException lex) {
        LOGGER.severe(lex.getMessage());
        throw new RuntimeException(lex);
    }

    return hasRole(username, attribute);
}
 
Example 10
Source File: LdapManager.java    From Openfire with Apache License 2.0 4 votes vote down vote up
/**
 * Generic routine for retrieving a single element from the LDAP server.  It's meant to be very
 * flexible so that just about any query for a single results can make use of it without having
 * to reimplement their own calls to LDAP.
 * <p>
 * The passed in filter string needs to be pre-prepared!  In other words, nothing will be changed
 * in the string before it is used as a string.
 *
 * @param attribute             LDAP attribute to be pulled from each result and placed in the return results.
 *                              Typically pulled from this manager. Null means the the absolute DN is returned.
 * @param searchFilter          Filter to use to perform the search.  Typically pulled from this manager.
 * @param failOnMultipleResults It true, an {@link IllegalStateException} will be thrown, if the
 *                              search result is not unique. If false, just the first result will be returned.
 * @param baseDN                DN where to start the search. Typically {@link #getBaseDN()} or {@link #getAlternateBaseDN()}.
 * @return A single string.
 */
public String retrieveSingle(String attribute, String searchFilter, boolean failOnMultipleResults, LdapName baseDN) {
    LdapContext ctx = null;
    try {
        ctx = getContext(baseDN);

        SearchControls searchControls = new SearchControls();
        // See if recursive searching is enabled. Otherwise, only search one level.
        if (isSubTreeSearch()) {
            searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        }
        else {
            searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
        }
        searchControls.setReturningAttributes(attribute == null ? new String[0] : new String[]{attribute});

        NamingEnumeration<SearchResult> answer = ctx.search("", searchFilter, searchControls);
        if (answer == null || !answer.hasMoreElements()) {
            return null;
        }
        SearchResult searchResult = answer.next();
        String result = attribute == null
            ? new LdapName(searchResult.getName()).addAll(0, baseDN).toString() :
            (String) searchResult.getAttributes().get(attribute).get();
        if (answer.hasMoreElements()) {
            Log.debug("Search result for '{}' is not unique.", searchFilter);
            if (failOnMultipleResults)
                throw new IllegalStateException("Search result for " + searchFilter + " is not unique.");
        }
        answer.close();
        return result;
    }
    catch (Exception e) {
        Log.error("Error while searching for single result of: {}", searchFilter, e);
        return null;
    }
    finally {
        try {
            if (ctx != null) {
                ctx.close();
            }
        } catch (Exception ex) {
            Log.debug("An exception occurred while trying to close a LDAP context after trying to retrieve a single attribute element for {}.", attribute, ex);
        }
    }
}