Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #2691 replace static dn by subtee based ldap lookup for an entry inside _userBaseDn (#2842) 

* replace static dn by subtee based ldap lookup for an entry inside _userBaseDn
* additional ldap tests to cover enhancement of #2842

Signed-off-by: Alexei Pastuchov <alexei.pastuchov@telecolumbus.de>
This commit is contained in:
Алексей Пастухов 2018-09-11 07:57:48 +02:00 committed by Olivier Lamy
parent 2dd5fec4f4
commit 04941fd44c
2 changed files with 101 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/LdapLoginModule.java
View File

@ -329,9 +329,16 @@ public class LdapLoginModule extends AbstractLoginModule
} }
} }
String userDn = _userRdnAttribute + "=" + rdnValue + "," + _userBaseDn; String filter = "({0}={1})";
return getUserRolesByDn(dirContext, userDn); Object[] filterArguments = new Object[]{
_userRdnAttribute,
rdnValue
};
SearchResult searchResult = findUser(dirContext, filter, filterArguments);
return getUserRolesByDn(dirContext, searchResult.getNameInNamespace());
} }
private List<String> getUserRolesByDn(DirContext dirContext, String userDn) throws NamingException private List<String> getUserRolesByDn(DirContext dirContext, String userDn) throws NamingException
@ -547,11 +554,6 @@ public class LdapLoginModule extends AbstractLoginModule
private SearchResult findUser(String username) throws LoginException private SearchResult findUser(String username) throws LoginException
{ {
SearchControls ctls = new SearchControls();
ctls.setCountLimit(1);
ctls.setDerefLinkFlag(true);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectClass={0})({1}={2}))"; String filter = "(&(objectClass={0})({1}={2}))";
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
@ -563,24 +565,36 @@ public class LdapLoginModule extends AbstractLoginModule
username username
}; };
try return findUser(_rootContext, filter, filterArguments);
{
NamingEnumeration<SearchResult> results = _rootContext.search(_userBaseDn, filter, filterArguments, ctls);
if (LOG.isDebugEnabled())
LOG.debug("Found user?: " + results.hasMoreElements());
if (!results.hasMoreElements())
{
throw new FailedLoginException("User not found.");
} }
return results.nextElement(); private SearchResult findUser(DirContext dirContext, String filter, Object[] filterArguments) throws LoginException
{
SearchControls ctls = new SearchControls();
ctls.setDerefLinkFlag(true);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results;
try
{
results = _rootContext.search(_userBaseDn, filter, filterArguments, ctls);
} }
catch (NamingException ne) catch (NamingException ne)
{ {
throw new FailedLoginException(ne.getMessage()); throw new FailedLoginException(ne.getMessage());
} }
if (LOG.isDebugEnabled())
LOG.debug("Found user?: " + results.hasMoreElements());
if (!results.hasMoreElements())
throw new FailedLoginException("User not found.");
SearchResult searchResult = (SearchResult)results.nextElement();
if (results.hasMoreElements())
throw new FailedLoginException("Search result contains ambiguous entries");
return searchResult;
} }

65
jetty-jaas/src/test/java/org/eclipse/jetty/jaas/JAASLdapLoginServiceTest.java
View File

@ -75,14 +75,38 @@ import static org.junit.Assert.*;
"objectClass: top", "objectClass: top",
"ou: groups", "ou: groups",
// Entry 5 // Entry 5
"dn: ou=subdir,ou=people,dc=jetty,dc=org",
"objectClass: organizationalunit",
"objectClass: top",
"ou: subdir",
// Entry # 6
"dn:uid=uniqueuser,ou=subdir,ou=people,dc=jetty,dc=org",
"objectClass: inetOrgPerson",
"cn: uniqueuser",
"sn: unique user",
"userPassword: hello123",
// Entry # 7
"dn:uid=ambiguousone,ou=people,dc=jetty,dc=org",
"objectClass: inetOrgPerson",
"cn: ambiguous1",
"sn: ambiguous user",
"userPassword: foobar",
// Entry # 8
"dn:uid=ambiguousone,ou=subdir,ou=people,dc=jetty,dc=org",
"objectClass: inetOrgPerson",
"cn: ambiguous2",
"sn: ambiguous subdir user",
"userPassword: barfoo",
// Entry 9
"dn: cn=developers,ou=groups,dc=jetty,dc=org", "dn: cn=developers,ou=groups,dc=jetty,dc=org",
"objectClass: groupOfUniqueNames", "objectClass: groupOfUniqueNames",
"objectClass: top", "objectClass: top",
"ou: groups", "ou: groups",
"description: People who try to build good software", "description: People who try to build good software",
"uniquemember: uid=someone,ou=people,dc=jetty,dc=org", "uniquemember: uid=someone,ou=people,dc=jetty,dc=org",
"uniquemember: uid=uniqueuser,ou=subdir,ou=people,dc=jetty,dc=org",
"cn: developers", "cn: developers",
// Entry 6 // Entry 10
"dn: cn=admin,ou=groups,dc=jetty,dc=org", "dn: cn=admin,ou=groups,dc=jetty,dc=org",
"objectClass: groupOfUniqueNames", "objectClass: groupOfUniqueNames",
"objectClass: top", "objectClass: top",
@ -90,12 +114,28 @@ import static org.junit.Assert.*;
"description: People who try to run software build by developers", "description: People who try to run software build by developers",
"uniquemember: uid=someone,ou=people,dc=jetty,dc=org", "uniquemember: uid=someone,ou=people,dc=jetty,dc=org",
"uniquemember: uid=someoneelse,ou=people,dc=jetty,dc=org", "uniquemember: uid=someoneelse,ou=people,dc=jetty,dc=org",
"uniquemember: uid=uniqueuser,ou=subdir,ou=people,dc=jetty,dc=org",
"cn: admin" "cn: admin"
}) })
public class JAASLdapLoginServiceTest public class JAASLdapLoginServiceTest
{ {
private static LdapServer _ldapServer; private static LdapServer _ldapServer;
private JAASLoginService jaasLoginService(String name) {
JAASLoginService ls = new JAASLoginService("foo");
ls.setCallbackHandlerClass("org.eclipse.jetty.jaas.callback.DefaultCallbackHandler");
ls.setIdentityService(new DefaultIdentityService());
ls.setConfiguration(new TestConfiguration(true));
return ls;
}
private UserIdentity doLogin(String username, String password) throws Exception
{
JAASLoginService ls = jaasLoginService("foo");
Request request = new Request(null, null);
return ls.login( username, password, request);
}
public static LdapServer getLdapServer() { public static LdapServer getLdapServer() {
return _ldapServer; return _ldapServer;
} }
@ -174,4 +214,27 @@ public class JAASLdapLoginServiceTest
} }
@Test
public void testLdapBindingSubdirUniqueUserName() throws Exception
{
UserIdentity userIdentity = doLogin("uniqueuser", "hello123");
assertNotNull( userIdentity );
assertTrue( userIdentity.isUserInRole( "developers", null) );
assertTrue( userIdentity.isUserInRole( "admin", null) );
assertFalse( userIdentity.isUserInRole( "blabla", null) );
}
@Test
public void testLdapBindingAmbiguousUserName() throws Exception
{
UserIdentity userIdentity = doLogin( "ambiguousone", "foobar");
assertNull( userIdentity );
}
@Test
public void testLdapBindingSubdirAmbiguousUserName() throws Exception
{
UserIdentity userIdentity = doLogin( "ambiguousone", "barfoo");
assertNull( userIdentity );
}
} }