All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wildfly.security.auth.realm.ldap.AttributeMapping Maven / Gradle / Ivy

Go to download

This artifact provides a single jar that contains all classes required to use remote Jakarta Enterprise Beans and Jakarta Messaging, including all dependencies. It is intended for use by those not using maven, maven users should just import the Jakarta Enterprise Beans and Jakarta Messaging BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up with different versions on classes on the class path).

There is a newer version: 35.0.0.Final
Show newest version
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2015 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.wildfly.security.auth.realm.ldap;

import java.util.Locale;

import org.wildfly.common.Assert;

import javax.naming.directory.DirContext;

/**
 * Definition of a mapping from LDAP to an Elytron attribute.
 *
 * @author Darran Lofthouse
 */
public class AttributeMapping {

    public static final String DEFAULT_FILTERED_NAME = "filtered";
    public static final String DEFAULT_DN_NAME = "dn";
    public static final String DEFAULT_ROLE_RECURSION_ATTRIBUTE = "CN";

    private final String ldapName;
    private final String searchDn;
    private final boolean recursiveSearch;
    private final String filter;
    private final String reference;
    private final String name;
    private final String rdn;
    private final int roleRecursionDepth;
    private final String roleRecursionName;

    String getLdapName() {
        return ldapName;
    }

    /**
     * Get name of LDAP attribute to obtain from identity entry
     * @return LDAP attribute to obtain from identity entry
     */
    String getIdentityLdapName() {
        if (filter != null) return null;
        return reference != null ? reference : ldapName;
    }

    String getName() {
        return name;
    }

    String getSearchDn() {
        return searchDn;
    }

    boolean getRecursiveSearch() {
        return recursiveSearch;
    }

    String getFilter() {
        return filter;
    }

    String getRdn() {
        return rdn;
    }

    String getReference() {
        return reference;
    }

    int getRoleRecursionDepth() {
        return roleRecursionDepth;
    }

    String getRoleRecursionName() {
        return roleRecursionName;
    }

    boolean isFilteredOrReference() {
        return filter != null || reference != null;
    }

    /**
     * Determine which context should be used to search filtered/referenced entry.
     * Has effect if the identity is behind referral, in different context.
     * If {@code true}, attribute will be searched in context, where was the identity found.
     * {@link DirContext} of the LdapRealm will be used otherwise.
     */
    boolean searchInIdentityContext() {
        return reference != null;
    }

    /**
     * 

Create an attribute mapping using LDAP entry of identity itself. * * @return this builder */ public static Builder fromIdentity() { Builder builder = new Builder(); builder.ldapName = null; return builder; } /** *

Create an attribute mapping based on the results of the given {@code filter}. * *

The {@code filter} may have one and exactly one {0} string that will be used to replace with the distinguished * name of the identity. In this case, the filter is specially useful when the values for this attribute should be obtained from a * separated entry. For instance, retrieving roles from entries with a object class of groupOfNames where the identity's DN is * a value of a member attribute. * * @param filter the filter that is going to be used to search for entries and obtain values for this attribute * @return this builder */ public static Builder fromFilter(String filter) { Assert.checkNotNullParam("filter", filter); Builder builder = new Builder(); builder.filter = filter; return builder; } /** *

Create an attribute mapping using LDAP entry referenced by attribute of identity entry. * * @param reference the name of LDAP attribute containing DN of LDAP entry, from which should be value loaded. * @return this builder */ public static Builder fromReference(String reference) { Assert.checkNotNullParam("reference", reference); Builder builder = new Builder(); builder.reference = reference; return builder; } public static class Builder { private String ldapName; private String searchDn; private boolean recursiveSearch = true; private String filter; private String reference; private String name; private String rdn; private int roleRecursionDepth; private String roleRecursionName; /** * Set type of RDN, whose value will be used as identity attribute value. * Use in case the attribute value is in DN form or when DN of entry is used * * @param rdn the name of type of RDN * @return this builder */ public Builder extractRdn(String rdn) { Assert.checkNotNullParam("rdn", rdn); this.rdn = rdn; return this; } /** * Set name of the attribute in LDAP from where the values are obtained. * * @param ldapName the name of the attribute in LDAP from where the values are obtained * @return this builder */ public Builder from(String ldapName) { Assert.checkNotNullParam("ldapName", ldapName); this.ldapName = ldapName.toUpperCase(Locale.ROOT); return this; } /** * Set name of the attribute in LDAP from where are {0} in role recursion obtained. * Wildcard {0} is in filter replaced by user name usually. When role recursion is used, * roles of roles are searched using the same filter, but {0} is replaced by * role name - obtained from role entry attribute specified by this method. * * If not specified, attribute specified in {@link #from(String)} is used. * * @param roleRecursionName the name of the attribute in LDAP which will replace {0} in filter while role recursion * @return this builder */ public Builder roleRecursionName(String roleRecursionName) { Assert.checkNotNullParam("roleRecursionName", roleRecursionName); this.roleRecursionName = roleRecursionName.toUpperCase(Locale.ROOT); return this; } /** * Set name of identity attribute to which will be mapping done. * * @param name the name of identity attribute (not LDAP attribute) * @return this builder */ public Builder to(String name) { Assert.checkNotNullParam("name", name); this.name = name; return this; } /** * Set search DN of LDAP search for attribute entries. * If not specified, search DN from identity mapping will be used. * @param searchDn the name of the context (DN) to be used when executing the filter * @return this builder */ public Builder searchDn(String searchDn) { Assert.checkNotNullParam("searchDn", searchDn); Assert.checkNotNullParam("filter", filter); this.searchDn = searchDn; return this; } /** * Set whether LDAP search for attribute entries should be recursive. Enabled by default. * @param recursiveSearch whether the LDAP search should be recursive * @return this builder */ public Builder searchRecursively(boolean recursiveSearch) { Assert.checkNotNullParam("filter", filter); this.recursiveSearch = recursiveSearch; return this; } /** * Set recursive search of filtered attribute (for recursive roles assignment and similar) * @param roleRecursionDepth maximum depth of recursion, 0 by default (no recursion) * @return this builder */ public Builder roleRecursion(int roleRecursionDepth) { Assert.checkMinimumParameter("roleRecursionDepth", 0, roleRecursionDepth); this.roleRecursionDepth = roleRecursionDepth; return this; } public AttributeMapping build() { if (name == null) { name = ldapName != null ? ldapName : (filter != null ? DEFAULT_FILTERED_NAME : DEFAULT_DN_NAME); } if (roleRecursionName == null) { roleRecursionName = ldapName != null ? ldapName : DEFAULT_ROLE_RECURSION_ATTRIBUTE; } return new AttributeMapping(searchDn, recursiveSearch, filter, reference, ldapName, name, rdn, roleRecursionDepth, roleRecursionName); } } AttributeMapping(String searchDn, boolean recursiveSearch, String filter, String reference, String ldapName, String name, String rdn, int roleRecursionDepth, String roleRecursionName) { this.searchDn = searchDn; this.recursiveSearch = recursiveSearch; this.filter = filter; this.reference = reference; this.ldapName = ldapName; this.name = name; this.rdn = rdn; this.roleRecursionDepth = roleRecursionDepth; this.roleRecursionName = roleRecursionName; } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy