• Home
• com.adaptrex
• adaptrex-complete
• 0.9.1
• source code
• BasicLdapRealm.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.adaptrex.security.realm.BasicLdapRealm Maven / Gradle / Ivy

/*
 * Copyright 2012 Adaptrex, LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.adaptrex.core.security.realm;

import java.util.LinkedHashSet;
import java.util.Set;

import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;

import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.realm.ldap.JndiLdapRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * The BasicLdapRealm provides authorization information from a very simple LDAP layout.
 * It retrieves the names list of groupOfNames nodes that contain the current user as a member.
 */
public class BasicLdapRealm extends JndiLdapRealm {
	
	private static final Logger log = LoggerFactory.getLogger(BasicLdapRealm.class);
	protected CacheManager cacheManager;
	
	protected String searchBase = null;
	
	public AuthorizationInfo queryForAuthorizationInfo(
			PrincipalCollection principals,
			LdapContextFactory ldapContextFactory) throws NamingException {
		String username = (String) getAvailablePrincipal(principals);
        LdapContext ldapContext = ldapContextFactory.getSystemLdapContext();
		Set roleNames = getRoleNamesForUser(username, ldapContext);

		return new SimpleAuthorizationInfo(roleNames);
	}

	
    public void setSearchBase(String searchBase) {
        this.searchBase = searchBase;
    }
    
	private Set getRoleNamesForUser(String username,
			LdapContext ldapContext) throws NamingException {
		try {
			Set roleNames;
			roleNames = new LinkedHashSet();

			SearchControls searchCtls = new SearchControls();
			searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

			String searchFilter = "(&(objectClass=groupOfNames)(member="+ getUserDnTemplate() + "))";
			Object[] searchArguments = new Object[] { username };
			
			NamingEnumeration answer = ldapContext.search(searchBase,
					searchFilter, searchArguments, searchCtls);

			while (answer.hasMoreElements()) {
				SearchResult sr = (SearchResult) answer.next();
				Attributes attrs = sr.getAttributes();
				if (attrs != null) {
					NamingEnumeration ae = attrs.getAll();
					while (ae.hasMore()) {
						Attribute attr = (Attribute) ae.next();
						if (attr.getID().equals("cn")) {
							roleNames.add((String) attr.get()); 
						}
					}
				}
			}
			return roleNames;

		} catch (Exception e) {
			log.warn("Error", e);
		}

		return null;
	}
}