Java Code Examples for org.apache.shiro.realm.ldap.LdapContextFactory#getLdapContext()

The following examples show how to use org.apache.shiro.realm.ldap.LdapContextFactory#getLdapContext() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LdapRealm.java    From Moss with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken,
                                                        LdapContextFactory ldapContextFactory) throws NamingException {
    String token = (String) authenticationToken.getCredentials();
    // 解密获得username,用于和数据库进行对比
    String username = JwtUtil.getUsername(token);

    if (null==username  || !JwtUtil.verify(token, username)) {
        throw new AuthenticationException("token认证失败!");
    }
    LdapContext ctx = null;
    try {
        ctx = ldapContextFactory.getLdapContext(username, null);
    } catch (Throwable e) {
        LOGGER.error(e.getMessage(), e);
        return null;
    } finally {
        LdapUtils.closeContext(ctx);
    }
    return new SimpleAuthenticationInfo(token, token, "MyRealm");
}
 
Example 2
Source File: SearchFirstActiveDirectoryRealm.java    From centraldogma with Apache License 2.0 6 votes vote down vote up
@Nullable
private AuthenticationInfo queryForAuthenticationInfo0(
        AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {

    final UsernamePasswordToken upToken = ensureUsernamePasswordToken(token);
    final String userDn = findUserDn(ldapContextFactory, upToken.getUsername());
    if (userDn == null) {
        return null;
    }

    LdapContext ctx = null;
    try {
        // Binds using the username and password provided by the user.
        ctx = ldapContextFactory.getLdapContext(userDn, upToken.getPassword());
    } catch (AuthenticationException e) {
        // According to this page, LDAP error code 49 (invalid credentials) is the only case where
        // AuthenticationException is raised:
        // - https://docs.oracle.com/javase/tutorial/jndi/ldap/exceptions.html
        // - com.sun.jndi.ldap.LdapCtx.mapErrorCode()
        return null;
    } finally {
        LdapUtils.closeContext(ctx);
    }
    return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword());
}
 
Example 3
Source File: ActiveDirectoryGroupRealm.java    From zeppelin with Apache License 2.0 6 votes vote down vote up
/**
 * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for
 * the specified username.  This method binds to the LDAP server using the provided username
 * and password - which if successful, indicates that the password is correct.
 * <p/>
 * This method can be overridden by subclasses to query the LDAP server in a more complex way.
 *
 * @param token              the authentication token provided by the user.
 * @param ldapContextFactory the factory used to build connections to the LDAP server.
 * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP.
 * @throws NamingException if any LDAP errors occur during the search.
 */
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token,
        LdapContextFactory ldapContextFactory) throws NamingException {
  UsernamePasswordToken upToken = (UsernamePasswordToken) token;

  // Binds using the username and password provided by the user.
  LdapContext ctx = null;
  try {
    String userPrincipalName = upToken.getUsername();
    if (!isValidPrincipalName(userPrincipalName)) {
      return null;
    }
    if (this.principalSuffix != null && userPrincipalName.indexOf('@') < 0) {
      userPrincipalName = upToken.getUsername() + this.principalSuffix;
    }
    ctx = ldapContextFactory.getLdapContext(
        userPrincipalName, upToken.getPassword());
  } finally {
    LdapUtils.closeContext(ctx);
  }

  return buildAuthenticationInfo(upToken.getUsername(), upToken.getPassword());
}
 
Example 4
Source File: GreenStepBaseAuthorizingActiveDirectoryCustomQueryAttributeRealm.java    From bamboobsc with Apache License 2.0 4 votes vote down vote up
@Override
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
    final GreenStepBaseUsernamePasswordToken usernamePasswordToken = (GreenStepBaseUsernamePasswordToken) token;
    LdapContext ctx = null;
    /*
    try {
    	ctx = ldapContextFactory.getSystemLdapContext();
        final String attribName = "userPrincipalName";
        final SearchControls searchControls = new SearchControls(SearchControls.SUBTREE_SCOPE, 1, 0, new String[] { attribName }, false, false);
        final NamingEnumeration<SearchResult> search = ctx.search(searchBase, this.getCustomQueryAttributeValue(), new Object[] { usernamePasswordToken.getPrincipal() }, searchControls);
        if (search.hasMore()) {
        	final SearchResult next = search.next();
            String loginUser= next.getAttributes().get(attribName).get().toString();
            if (search.hasMore()) {
                throw new RuntimeException("More than one user matching: "+usernamePasswordToken.getPrincipal());
            } else {
                try {
                	ldapContextFactory.getLdapContext(loginUser, usernamePasswordToken.getPassword());
                } catch (Exception ex) {
                    throw ex;
                }
            }
        }
        else {
            throw new RuntimeException("No user matching: " + usernamePasswordToken.getPrincipal());
        }
    } catch (NamingException ne) {
        throw ne;
    } finally {
        LdapUtils.closeContext(ctx);
    }
    */
    String searchBaseArr[] = StringUtils.defaultString(searchBase).split( Constants.ID_DELIMITER );
    boolean searchUser = false;
    for (int i = 0; searchBaseArr != null && !searchUser && i<searchBaseArr.length; i++) {
        try {
        	ctx = ldapContextFactory.getSystemLdapContext();
            final String attribName = "userPrincipalName";
            final SearchControls searchControls = new SearchControls(SearchControls.SUBTREE_SCOPE, 1, 0, new String[] { attribName }, false, false);
            final NamingEnumeration<SearchResult> search = ctx.search(searchBaseArr[i], this.getCustomQueryAttributeValue(), new Object[] { usernamePasswordToken.getPrincipal() }, searchControls);
            if (search.hasMore()) {
            	searchUser = true;
            	final SearchResult next = search.next();
                String loginUser= next.getAttributes().get(attribName).get().toString();
                if (search.hasMore()) {
                    throw new RuntimeException("More than one user matching: "+usernamePasswordToken.getPrincipal());
                } else {
                    try {
                    	ldapContextFactory.getLdapContext(loginUser, usernamePasswordToken.getPassword());
                    } catch (Exception ex) {
                        throw ex;
                    }
                }
            }
            /*
            else {
                throw new RuntimeException("No user matching: " + usernamePasswordToken.getPrincipal());
            }
            */
        } catch (NamingException ne) {
            throw ne;
        } finally {
            LdapUtils.closeContext(ctx);
        }        	
    }
    if (!searchUser) {
    	throw new RuntimeException("No user matching: " + usernamePasswordToken.getPrincipal());
    }        
    return buildAuthenticationInfo(usernamePasswordToken.getUsername(), usernamePasswordToken.getPassword());
}