Java Code Examples for org.apache.directory.server.core.api.CoreSession

The following examples show how to use org.apache.directory.server.core.api.CoreSession. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: quarkus-http   Source File: KerberosKDCUtil.java    License: Apache License 2.0 7 votes vote down vote up
private static void startLdapServer() throws Exception {
    createWorkingDir();
    DirectoryServiceFactory dsf = new DefaultDirectoryServiceFactory();
    dsf.init(DIRECTORY_NAME);
    directoryService = dsf.getDirectoryService();
    directoryService.addLast(new KeyDerivationInterceptor()); // Derives the Kerberos keys for new entries.
    directoryService.getChangeLog().setEnabled(false);
    SchemaManager schemaManager = directoryService.getSchemaManager();

    createPartition(dsf, schemaManager, "users", "ou=users,dc=undertow,dc=io");

    CoreSession adminSession = directoryService.getAdminSession();
    Map<String, String> mappings = Collections.singletonMap("hostname", DefaultServer.getDefaultServerAddress().getHostString());
    processLdif(schemaManager, adminSession, "partition.ldif", mappings);
    processLdif(schemaManager, adminSession, "krbtgt.ldif", mappings);
    processLdif(schemaManager, adminSession, "user.ldif", mappings);
    processLdif(schemaManager, adminSession, "server.ldif", mappings);

    ldapServer = new LdapServer();
    ldapServer.setServiceName("DefaultLDAP");
    Transport ldap = new TcpTransport( "0.0.0.0", LDAP_PORT, 3, 5 );
    ldapServer.addTransports(ldap);
    ldapServer.setDirectoryService(directoryService);
    ldapServer.start();
}
 
Example 2
private Entry getOriginalEntry( OperationContext opContext ) throws LdapException
{
    // We have to use the admin session here, otherwise we may have
    // trouble reading the entry due to insufficient access rights
    CoreSession adminSession = opContext.getSession().getDirectoryService().getAdminSession();

    Entry foundEntry = adminSession.lookup( opContext.getDn(), SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES,
        SchemaConstants.ALL_USER_ATTRIBUTES );

    if ( foundEntry != null )
    {
        return foundEntry;
    }
    else
    {
        // This is an error : we *must* have an entry if we want to be able to rename.
        LdapNoSuchObjectException ldnfe = new LdapNoSuchObjectException( I18n.err( I18n.ERR_256_NO_SUCH_OBJECT,
            opContext.getDn() ) );

        throw ldnfe;
    }
}
 
Example 3
private Entry getOriginalEntry( OperationContext opContext ) throws LdapException
{
    // We have to use the admin session here, otherwise we may have
    // trouble reading the entry due to insufficient access rights
    CoreSession adminSession = opContext.getSession().getDirectoryService().getAdminSession();

    Entry foundEntry = adminSession.lookup( opContext.getDn(), SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES,
        SchemaConstants.ALL_USER_ATTRIBUTES );

    if ( foundEntry != null )
    {
        return foundEntry;
    }
    else
    {
        // This is an error : we *must* have an entry if we want to be able to rename.
        LdapNoSuchObjectException ldnfe = new LdapNoSuchObjectException( I18n.err( I18n.ERR_256_NO_SUCH_OBJECT,
            opContext.getDn() ) );

        throw ldnfe;
    }
}
 
Example 4
/**
 * Import all of the entries from the provided LDIF stream.
 *
 * Note: The whole stream is read
 *
 * @param ldif - Stream containing the LDIF.
 * @return This Builder for subsequent changes.
 */
public Builder importLdif(final InputStream ldif) throws Exception {
    assertNotStarted();
    if (directoryService == null) {
        throw new IllegalStateException("The Directory service has not been created.");
    }
    CoreSession adminSession = directoryService.getAdminSession();
    SchemaManager schemaManager = directoryService.getSchemaManager();

    LdifReader ldifReader = new LdifReader(ldif);
    for (LdifEntry ldifEntry : ldifReader) {
        adminSession.add(new DefaultEntry(schemaManager, ldifEntry.getEntry()));
    }
    ldifReader.close();
    ldif.close();

    return this;
}
 
Example 5
private static void startMasterLdapServer() throws Exception {
    masterWorkingDir = createWorkingDir(masterWorkingDir, "master");
    DirectoryServiceFactory dsf = new InMemoryDirectoryServiceFactory();
    dsf.init(MASTER_DIRECTORY_NAME);
    masterDirectoryService = dsf.getDirectoryService();
    masterDirectoryService.getChangeLog().setEnabled(false);
    SchemaManager schemaManager = masterDirectoryService.getSchemaManager();

    createPartition(dsf, schemaManager, "simple", "dc=simple,dc=wildfly,dc=org", masterDirectoryService, masterWorkingDir);
    createPartition(dsf, schemaManager, "group-to-principal", "dc=group-to-principal,dc=wildfly,dc=org", masterDirectoryService, masterWorkingDir);
    createPartition(dsf, schemaManager, "principal-to-group", "dc=principal-to-group,dc=wildfly,dc=org", masterDirectoryService, masterWorkingDir);

    CoreSession adminSession = masterDirectoryService.getAdminSession();
    processLdif(schemaManager, adminSession, "memberOf-schema.ldif");
    processLdif(schemaManager, adminSession, "simple-partition.ldif");
    processLdif(schemaManager, adminSession, "group-to-principal.ldif");
    processLdif(schemaManager, adminSession, "principal-to-group.ldif");

    masterLdapServer = new LdapServer();
    masterLdapServer.setServiceName("DefaultLDAP");
    Transport ldap = new TcpTransport( "0.0.0.0", MASTER_LDAP_PORT, 3, 5 );
    masterLdapServer.addTransports(ldap);
    masterLdapServer.setDirectoryService(masterDirectoryService);
    masterLdapServer.start();
}
 
Example 6
private static void startSlaveLdapServer() throws Exception {
    slaveWorkingDir = createWorkingDir(slaveWorkingDir, "slave");
    DirectoryServiceFactory dsf = new InMemoryDirectoryServiceFactory();
    dsf.init(SLAVE_DIRECTORY_NAME);
    slaveDirectoryService = dsf.getDirectoryService();
    slaveDirectoryService.getChangeLog().setEnabled(false);
    SchemaManager schemaManager = slaveDirectoryService.getSchemaManager();

    createPartition(dsf, schemaManager, "simple", "dc=simple,dc=wildfly,dc=org", slaveDirectoryService, slaveWorkingDir);
    createPartition(dsf, schemaManager, "group-to-principal", "dc=group-to-principal,dc=wildfly,dc=org", slaveDirectoryService, slaveWorkingDir);
    createPartition(dsf, schemaManager, "principal-to-group", "dc=principal-to-group,dc=wildfly,dc=org", slaveDirectoryService, slaveWorkingDir);

    CoreSession adminSession = slaveDirectoryService.getAdminSession();
    processLdif(schemaManager, adminSession, "memberOf-schema.ldif");
    processLdif(schemaManager, adminSession, "simple-partition-slave.ldif");
    processLdif(schemaManager, adminSession, "group-to-principal-slave.ldif");
    processLdif(schemaManager, adminSession, "principal-to-group-slave.ldif");

    slaveLdapServer = new LdapServer();
    slaveLdapServer.setServiceName("DefaultLDAP");
    Transport ldap = new TcpTransport( "0.0.0.0", SLAVE_LDAP_PORT, 3, 5 );
    slaveLdapServer.addTransports(ldap);
    slaveLdapServer.setDirectoryService(slaveDirectoryService);
    slaveLdapServer.start();
}
 
Example 7
Source Project: light-oauth2   Source File: ApacheDirectoryServer.java    License: Apache License 2.0 5 votes vote down vote up
private static void startLdapServer() throws Exception {
    createWorkingDir();
    DirectoryServiceFactory dsf = new DefaultDirectoryServiceFactory();
    dsf.init(DIRECTORY_NAME);
    directoryService = dsf.getDirectoryService();
    directoryService.addLast(new KeyDerivationInterceptor()); // Derives the Kerberos keys for new entries.
    directoryService.getChangeLog().setEnabled(false);
    SchemaManager schemaManager = directoryService.getSchemaManager();

    createPartition(dsf, schemaManager, "users", "ou=users,dc=undertow,dc=io");

    CoreSession adminSession = directoryService.getAdminSession();
    //Map<String, String> mappings = Collections.singletonMap("hostname", DefaultServer.getDefaultServerAddress().getHostString());
    Map<String, String> mappings = Collections.singletonMap("hostname", "localhost");
    processLdif(schemaManager, adminSession, "partition.ldif", mappings);
    processLdif(schemaManager, adminSession, "krbtgt.ldif", mappings);
    processLdif(schemaManager, adminSession, "user.ldif", mappings);
    processLdif(schemaManager, adminSession, "server.ldif", mappings);

    ldapServer = new LdapServer();
    ldapServer.setServiceName("DefaultLDAP");
    Transport ldap = new TcpTransport( "0.0.0.0", LDAPS_PORT, 3, 5 );
    ldap.enableSSL(true);
    ldapServer.addTransports(ldap);
    ldapServer.setKeystoreFile(ApacheDirectoryServer.class.getResource("/config/server.keystore").getFile());
    ldapServer.setCertificatePassword("password");
    ldapServer.loadKeyStore();
    ldapServer.setDirectoryService(directoryService);
    ldapServer.start();
}
 
Example 8
Source Project: light-oauth2   Source File: ApacheDirectoryServer.java    License: Apache License 2.0 5 votes vote down vote up
private static void startLdapServer() throws Exception {
    createWorkingDir();
    DirectoryServiceFactory dsf = new DefaultDirectoryServiceFactory();
    dsf.init(DIRECTORY_NAME);
    directoryService = dsf.getDirectoryService();
    directoryService.addLast(new KeyDerivationInterceptor()); // Derives the Kerberos keys for new entries.
    directoryService.getChangeLog().setEnabled(false);
    SchemaManager schemaManager = directoryService.getSchemaManager();

    createPartition(dsf, schemaManager, "users", "ou=users,dc=undertow,dc=io");

    CoreSession adminSession = directoryService.getAdminSession();
    //Map<String, String> mappings = Collections.singletonMap("hostname", DefaultServer.getDefaultServerAddress().getHostString());
    Map<String, String> mappings = Collections.singletonMap("hostname", "localhost");
    processLdif(schemaManager, adminSession, "partition.ldif", mappings);
    processLdif(schemaManager, adminSession, "krbtgt.ldif", mappings);
    processLdif(schemaManager, adminSession, "user.ldif", mappings);
    processLdif(schemaManager, adminSession, "server.ldif", mappings);

    ldapServer = new LdapServer();
    ldapServer.setServiceName("DefaultLDAP");
    Transport ldap = new TcpTransport( "0.0.0.0", LDAPS_PORT, 3, 5 );
    ldap.enableSSL(true);
    ldapServer.addTransports(ldap);
    ldapServer.setKeystoreFile(ApacheDirectoryServer.class.getResource("/config/server.keystore").getFile());
    ldapServer.setCertificatePassword("password");
    ldapServer.loadKeyStore();
    ldapServer.setDirectoryService(directoryService);
    ldapServer.start();
}
 
Example 9
/**
 * 
 * Creates a new instance of LookupOperationContext.
 *
 */
public FilteringOperationContext( CoreSession session )
{
    // Default to All User Attributes if we don't have any attributes
    this( session, SchemaConstants.ALL_USER_ATTRIBUTES );
    
}
 
Example 10
/**
 * 
 * Creates a new instance of LookupOperationContext.
 *
 */
public FilteringOperationContext( CoreSession session, String... returningAttributes )
{
    super( session );

    setReturningAttributes( returningAttributes );
}
 
Example 11
/**
 * 
 * Creates a new instance of LookupOperationContext.
 *
 */
public FilteringOperationContext( CoreSession session, Dn dn, String... returningAttributes )
{
    super( session, dn );

    setReturningAttributes( returningAttributes );
}
 
Example 12
/**
 * Eagerly populates fields of operation contexts so multiple Interceptors
 * in the processing pathway can reuse this value without performing a
 * redundant lookup operation.
 *
 * @param opContext the operation context to populate with cached fields
 */
private void eagerlyPopulateFields( OperationContext opContext ) throws LdapException
{
    // If the entry field is not set for ops other than add for example
    // then we set the entry but don't freak if we fail to do so since it
    // may not exist in the first place

    if ( opContext.getEntry() == null )
    {
        // We have to use the admin session here, otherwise we may have
        // trouble reading the entry due to insufficient access rights
        CoreSession adminSession = opContext.getSession().getDirectoryService().getAdminSession();

        LookupOperationContext lookupContext = new LookupOperationContext( adminSession, opContext.getDn(),
            SchemaConstants.ALL_ATTRIBUTES_ARRAY );
        Entry foundEntry = opContext.getSession().getDirectoryService().getPartitionNexus().lookup( lookupContext );

        if ( foundEntry != null )
        {
            opContext.setEntry( foundEntry );
        }
        else
        {
            // This is an error : we *must* have an entry if we want to be able to rename.
            LdapNoSuchObjectException ldnfe = new LdapNoSuchObjectException( I18n.err( I18n.ERR_256_NO_SUCH_OBJECT,
                opContext.getDn() ) );

            throw ldnfe;
        }
    }
}
 
Example 13
/**
 * 
 * Creates a new instance of LookupOperationContext.
 *
 */
public FilteringOperationContext( CoreSession session, String... returningAttributes )
{
    super( session );

    setReturningAttributes( returningAttributes );
}
 
Example 14
/**
 * 
 * Creates a new instance of LookupOperationContext.
 *
 */
public FilteringOperationContext( CoreSession session, Dn dn, String... returningAttributes )
{
    super( session, dn );

    setReturningAttributes( returningAttributes );
}
 
Example 15
/**
 * Eagerly populates fields of operation contexts so multiple Interceptors
 * in the processing pathway can reuse this value without performing a
 * redundant lookup operation.
 *
 * @param opContext the operation context to populate with cached fields
 */
private void eagerlyPopulateFields( OperationContext opContext ) throws LdapException
{
    // If the entry field is not set for ops other than add for example
    // then we set the entry but don't freak if we fail to do so since it
    // may not exist in the first place

    if ( opContext.getEntry() == null )
    {
        // We have to use the admin session here, otherwise we may have
        // trouble reading the entry due to insufficient access rights
        CoreSession adminSession = opContext.getSession().getDirectoryService().getAdminSession();

        LookupOperationContext lookupContext = new LookupOperationContext( adminSession, opContext.getDn(),
            SchemaConstants.ALL_ATTRIBUTES_ARRAY );
        Entry foundEntry = opContext.getSession().getDirectoryService().getPartitionNexus().lookup( lookupContext );

        if ( foundEntry != null )
        {
            opContext.setEntry( foundEntry );
        }
        else
        {
            // This is an error : we *must* have an entry if we want to be able to rename.
            LdapNoSuchObjectException ldnfe = new LdapNoSuchObjectException( I18n.err( I18n.ERR_256_NO_SUCH_OBJECT,
                opContext.getDn() ) );

            throw ldnfe;
        }
    }
}
 
Example 16
private static void processLdif(final SchemaManager schemaManager, final CoreSession adminSession, final String ldifName) throws LdapException, IOException {
    InputStream ldifInput = LdapTestSuite.class.getResourceAsStream(ldifName);
    LdifReader ldifReader = new LdifReader(ldifInput);
    for (LdifEntry ldifEntry : ldifReader) {
        adminSession.add(new DefaultEntry(schemaManager, ldifEntry.getEntry()));
    }
    ldifReader.close();
    ldifInput.close();
}
 
Example 17
Source Project: cloudstack   Source File: EmbeddedLdapServer.java    License: Apache License 2.0 5 votes vote down vote up
protected void createRootEntry() throws LdapException {
    Entry entry = getDirectoryService().newEntry(getDirectoryService().getDnFactory().create(getBaseStructure()));
    entry.add("objectClass", "top", "domain", "extensibleObject");
    entry.add("dc", getBasePartitionName());
    CoreSession session = getDirectoryService().getAdminSession();
    try {
        session.add(entry);
    } finally {
        session.unbind();
    }
}
 
Example 18
Source Project: quarkus-http   Source File: KerberosKDCUtil.java    License: Apache License 2.0 4 votes vote down vote up
private static void processLdif(final SchemaManager schemaManager, final CoreSession adminSession, final String ldifName,
        final Map<String, String> mappings) throws Exception {
    InputStream resourceInput = KerberosKDCUtil.class.getResourceAsStream("/ldif/" + ldifName);
    ByteArrayOutputStream baos = new ByteArrayOutputStream(resourceInput.available());
    int current;
    while ((current = resourceInput.read()) != -1) {
        if (current == '$') {
            // Enter String replacement mode.
            int second = resourceInput.read();
            if (second == '{') {
                ByteArrayOutputStream substitute = new ByteArrayOutputStream();
                while ((current = resourceInput.read()) != -1 && current != '}') {
                    substitute.write(current);
                }
                if (current == -1) {
                    baos.write(current);
                    baos.write(second);
                    baos.write(substitute.toByteArray()); // Terminator never found.
                }
                String toReplace = new String(substitute.toByteArray(), StandardCharsets.UTF_8);
                if (mappings.containsKey(toReplace)) {
                    baos.write(mappings.get(toReplace).getBytes());
                } else {
                    throw new IllegalArgumentException(String.format("No mapping found for '%s'", toReplace));
                }
            } else {
                baos.write(current);
                baos.write(second);
            }
        } else {
            baos.write(current);
        }
    }

    ByteArrayInputStream ldifInput = new ByteArrayInputStream(baos.toByteArray());
    LdifReader ldifReader = new LdifReader(ldifInput);
    for (LdifEntry ldifEntry : ldifReader) {
        adminSession.add(new DefaultEntry(schemaManager, ldifEntry.getEntry()));
    }
    ldifReader.close();
    ldifInput.close();
}
 
Example 19
Source Project: light-oauth2   Source File: ApacheDirectoryServer.java    License: Apache License 2.0 4 votes vote down vote up
private static void processLdif(final SchemaManager schemaManager, final CoreSession adminSession, final String ldifName,
                                final Map<String, String> mappings) throws Exception {
    InputStream resourceInput = KerberosKDCUtil.class.getResourceAsStream("/ldif/" + ldifName);
    ByteArrayOutputStream baos = new ByteArrayOutputStream(resourceInput.available());
    int current;
    while ((current = resourceInput.read()) != -1) {
        if (current == '$') {
            // Enter String replacement mode.
            int second = resourceInput.read();
            if (second == '{') {
                ByteArrayOutputStream substitute = new ByteArrayOutputStream();
                while ((current = resourceInput.read()) != -1 && current != '}') {
                    substitute.write(current);
                }
                if (current == -1) {
                    baos.write(current);
                    baos.write(second);
                    baos.write(substitute.toByteArray()); // Terminator never found.
                }
                String toReplace = new String(substitute.toByteArray(), UTF_8);
                if (mappings.containsKey(toReplace)) {
                    baos.write(mappings.get(toReplace).getBytes(UTF_8));
                } else {
                    throw new IllegalArgumentException(String.format("No mapping found for '%s'", toReplace));
                }
            } else {
                baos.write(current);
                baos.write(second);
            }
        } else {
            baos.write(current);
        }
    }

    ByteArrayInputStream ldifInput = new ByteArrayInputStream(baos.toByteArray());
    LdifReader ldifReader = new LdifReader(ldifInput);
    for (LdifEntry ldifEntry : ldifReader) {
        adminSession.add(new DefaultEntry(schemaManager, ldifEntry.getEntry()));
    }
    ldifReader.close();
    ldifInput.close();
}
 
Example 20
Source Project: light-oauth2   Source File: ApacheDirectoryServer.java    License: Apache License 2.0 4 votes vote down vote up
private static void processLdif(final SchemaManager schemaManager, final CoreSession adminSession, final String ldifName,
                                final Map<String, String> mappings) throws Exception {
    InputStream resourceInput = KerberosKDCUtil.class.getResourceAsStream("/ldif/" + ldifName);
    ByteArrayOutputStream baos = new ByteArrayOutputStream(resourceInput.available());
    int current;
    while ((current = resourceInput.read()) != -1) {
        if (current == '$') {
            // Enter String replacement mode.
            int second = resourceInput.read();
            if (second == '{') {
                ByteArrayOutputStream substitute = new ByteArrayOutputStream();
                while ((current = resourceInput.read()) != -1 && current != '}') {
                    substitute.write(current);
                }
                if (current == -1) {
                    baos.write(current);
                    baos.write(second);
                    baos.write(substitute.toByteArray()); // Terminator never found.
                }
                String toReplace = new String(substitute.toByteArray(), StandardCharsets.UTF_8);
                if (mappings.containsKey(toReplace)) {
                    baos.write(mappings.get(toReplace).getBytes());
                } else {
                    throw new IllegalArgumentException(String.format("No mapping found for '%s'", toReplace));
                }
            } else {
                baos.write(current);
                baos.write(second);
            }
        } else {
            baos.write(current);
        }
    }

    ByteArrayInputStream ldifInput = new ByteArrayInputStream(baos.toByteArray());
    LdifReader ldifReader = new LdifReader(ldifInput);
    for (LdifEntry ldifEntry : ldifReader) {
        adminSession.add(new DefaultEntry(schemaManager, ldifEntry.getEntry()));
    }
    ldifReader.close();
    ldifInput.close();
}
 
Example 21
Source Project: MyVirtualDirectory   Source File: BindRequestHandler.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * For challenge/response exchange, generate the challenge. 
 * If the exchange is complete then send bind success.
 *
 * @param ldapSession
 * @param ss
 * @param bindRequest
 */
private void generateSaslChallengeOrComplete( LdapSession ldapSession, SaslServer ss,
    BindRequest bindRequest ) throws Exception
{
    LdapResult result = bindRequest.getResultResponse().getLdapResult();

    // SaslServer will throw an exception if the credentials are null.
    if ( bindRequest.getCredentials() == null )
    {
        bindRequest.setCredentials( StringConstants.EMPTY_BYTES );
    }

    try
    {
        // Compute the challenge
        byte[] tokenBytes = ss.evaluateResponse( bindRequest.getCredentials() );

        if ( ss.isComplete() )
        {
            // This is the end of the C/R exchange
            if ( tokenBytes != null )
            {
                /*
                 * There may be a token to return to the client.  We set it here
                 * so it will be returned in a SUCCESS message, after an LdapContext
                 * has been initialized for the client.
                 */
                ldapSession.putSaslProperty( SaslConstants.SASL_CREDS, tokenBytes );
            }

            LdapPrincipal ldapPrincipal = ( LdapPrincipal ) ldapSession
                .getSaslProperty( SaslConstants.SASL_AUTHENT_USER );

            if ( ldapPrincipal != null )
            {
                DirectoryService ds = ldapSession.getLdapServer().getDirectoryService();
                String saslMechanism = bindRequest.getSaslMechanism();
                byte[] password = null;

                if ( ldapPrincipal.getUserPasswords() != null )
                {
                    password = ldapPrincipal.getUserPasswords()[0];
                }

                CoreSession userSession = ds.getSession( ldapPrincipal.getDn(),
                    password, saslMechanism, null );

                // Set the user session into the ldap session 
                ldapSession.setCoreSession( userSession );

                // Store the IoSession in the coreSession
                ( ( DefaultCoreSession ) userSession ).setIoSession( ldapSession.getIoSession() );
            }

            // Mark the user as authenticated
            ldapSession.setAuthenticated();

            // Call the cleanup method for the selected mechanism
            MechanismHandler handler = ( MechanismHandler ) ldapSession
                .getSaslProperty( SaslConstants.SASL_MECH_HANDLER );
            handler.cleanup( ldapSession );

            // Return the successful response
            sendBindSuccess( ldapSession, bindRequest, tokenBytes );
        }
        else
        {
            // The SASL bind must continue, we are sending the computed challenge
            LOG.info( "Continuation token had length " + tokenBytes.length );

            // Build the response
            result.setResultCode( ResultCodeEnum.SASL_BIND_IN_PROGRESS );
            BindResponse resp = bindRequest.getResultResponse();

            // Store the challenge
            resp.setServerSaslCreds( tokenBytes );

            // Switch to SASLAuthPending
            ldapSession.setSaslAuthPending();

            // And write back the response
            ldapSession.getIoSession().write( resp );

            LOG.debug( "Returning final authentication data to client to complete context." );
        }
    }
    catch ( SaslException se )
    {
        sendInvalidCredentials( ldapSession, bindRequest, se );
    }
}
 
Example 22
/**
 * 
 * Creates a new instance of LookupOperationContext.
 *
 */
public FilteringOperationContext( CoreSession session, Dn dn )
{
    // Default to All User Attributes if we don't have any attributes
    this( session, dn, SchemaConstants.ALL_USER_ATTRIBUTES );
}
 
Example 23
Source Project: MyVirtualDirectory   Source File: BindRequestHandler.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * For challenge/response exchange, generate the challenge. If the exchange is complete then send bind success.
 *
 * @param ldapSession
 * @param ss
 * @param bindRequest
 */
private void generateSaslChallengeOrComplete(LdapSession ldapSession, SaslServer ss,
                                             BindRequest bindRequest) throws Exception {
    LdapResult result = bindRequest.getResultResponse().getLdapResult();

    // SaslServer will throw an exception if the credentials are null.
    if (bindRequest.getCredentials() == null) {
        bindRequest.setCredentials(StringConstants.EMPTY_BYTES);
    }

    try {
        // Compute the challenge
        byte[] tokenBytes = ss.evaluateResponse(bindRequest.getCredentials());

        if (ss.isComplete()) {
            // This is the end of the C/R exchange
            if (tokenBytes != null) {
                /*
                 * There may be a token to return to the client.  We set it here
                 * so it will be returned in a SUCCESS message, after an LdapContext
                 * has been initialized for the client.
                 */
                ldapSession.putSaslProperty(SaslConstants.SASL_CREDS, tokenBytes);
            }

            LdapPrincipal ldapPrincipal = (LdapPrincipal) ldapSession
                    .getSaslProperty(SaslConstants.SASL_AUTHENT_USER);

            if (ldapPrincipal != null) {
                DirectoryService ds = ldapSession.getLdapServer().getDirectoryService();
                String saslMechanism = bindRequest.getSaslMechanism();
                byte[] password = null;

                if (ldapPrincipal.getUserPasswords() != null) {
                    password = ldapPrincipal.getUserPasswords()[0];
                }

                CoreSession userSession = ds.getSession(ldapPrincipal.getDn(),
                                                        password, saslMechanism, null);

                // Set the user session into the ldap session 
                ldapSession.setCoreSession(userSession);

                // Store the IoSession in the coreSession
                ((DefaultCoreSession) userSession).setIoSession(ldapSession.getIoSession());
            }

            // Mark the user as authenticated
            ldapSession.setAuthenticated();

            // Call the cleanup method for the selected mechanism
            MechanismHandler handler = (MechanismHandler) ldapSession
                    .getSaslProperty(SaslConstants.SASL_MECH_HANDLER);
            handler.cleanup(ldapSession);

            // Return the successful response
            sendBindSuccess(ldapSession, bindRequest, tokenBytes);
        } else {
            // The SASL bind must continue, we are sending the computed challenge
            LOG.info("Continuation token had length " + tokenBytes.length);

            // Build the response
            result.setResultCode(ResultCodeEnum.SASL_BIND_IN_PROGRESS);
            BindResponse resp = (BindResponse) bindRequest.getResultResponse();

            // Store the challenge
            resp.setServerSaslCreds(tokenBytes);

            // Switch to SASLAuthPending
            ldapSession.setSaslAuthPending();

            // And write back the response
            ldapSession.getIoSession().write(resp);

            LOG.debug("Returning final authentication data to client to complete context.");
        }
    } catch (SaslException se) {
        sendInvalidCredentials(ldapSession, bindRequest, se);
    }
}
 
Example 24
/**
 * 
 * Creates a new instance of LookupOperationContext.
 *
 */
public FilteringOperationContext( CoreSession session )
{
    // Default to All User Attributes if we don't have any attributes
    this( session, SchemaConstants.ALL_USER_ATTRIBUTES );
}
 
Example 25
/**
 * 
 * Creates a new instance of LookupOperationContext.
 *
 */
public FilteringOperationContext( CoreSession session, Dn dn )
{
    // Default to All User Attributes if we don't have any attributes
    this( session, dn, SchemaConstants.ALL_USER_ATTRIBUTES );
}
 
Example 26
Source Project: MyVirtualDirectory   Source File: MyVDInterceptor.java    License: Apache License 2.0 4 votes vote down vote up
private void setTLSSessionParams(HashMap<Object, Object> userSession,
		CoreSession session) {
	this.setTLSSessionParams(userSession, session.getIoSession());
	
}
 
Example 27
@Override
public CoreSession getAdminSession() {
    return wrapped.getAdminSession();
}
 
Example 28
@Override
public CoreSession getSession() throws Exception {
    return wrapped.getSession();
}
 
Example 29
@Override
public CoreSession getSession(LdapPrincipal principal) throws Exception {
    return wrapped.getSession(principal);
}
 
Example 30
@Override
public CoreSession getSession(Dn principalDn, byte[] credentials) throws LdapException {
    return wrapped.getSession(principalDn, credentials);
}