protected Account getAccount(ApiRequest request) {
    Account account = null;

    for (AccountLookup lookup : accountLookups) {
      if (lookup.isConfigured()) {
        account = lookup.getAccount(request);
        if (account != null) {
          request.setAttribute(AccountConstants.AUTH_TYPE, lookup.getName());
          break;
        }
      }
    }

    if (account != null) {
      return account;
    }

    if (SecurityConstants.SECURITY.get()) {
      for (AccountLookup lookup : accountLookups) {
        if (lookup.challenge(request)) {
          break;
        }
      }
    }

    return null;
  }
Beispiel #2
0
  @Override
  protected Object listInternal(
      SchemaFactory schemaFactory, String type, Map<Object, Object> criteria, ListOptions options) {
    boolean enabled = SecurityConstants.SECURITY.get();
    boolean tls = ADConstants.TLS_ENABLED.get();

    String server = ADConstants.LDAP_SERVER.get();
    String loginDomain = ADConstants.LDAP_LOGIN_DOMAIN.get();
    String domain = ADConstants.LDAP_DOMAIN.get();
    String accessMode = ADConstants.ACCESS_MODE.get();
    String serviceAccountPassword = ADConstants.SERVICE_ACCOUNT_PASSWORD.get();
    String serviceAccountUsername = ADConstants.SERVICE_ACCOUNT_USER.get();
    String userSearchField = ADConstants.USER_SEARCH_FIELD.get();
    String groupSearchField = ADConstants.GROUP_SEARCH_FIELD.get();
    String userLoginField = ADConstants.USER_LOGIN_FIELD.get();
    int port = ADConstants.LDAP_PORT.get();
    int userEnabledMaskBit = ADConstants.USER_DISABLED_BIT_MASK.get();
    String userObjectClass = ADConstants.USER_OBJECT_CLASS.get();
    String userNameField = ADConstants.USER_NAME_FIELD.get();
    String groupObjectClass = ADConstants.GROUP_OBJECT_CLASS.get();
    String userEnabledAttribute = ADConstants.USER_ENABLED_ATTRIBUTE.get();
    String groupNameField = ADConstants.GROUP_NAME_FIELD.get();
    long connectionTimeout = ADConstants.CONNECTION_TIMEOUT.get();
    return new ADConfig(
        server,
        port,
        userEnabledMaskBit,
        loginDomain,
        domain,
        enabled,
        accessMode,
        serviceAccountUsername,
        serviceAccountPassword,
        tls,
        userSearchField,
        userLoginField,
        userObjectClass,
        userNameField,
        userEnabledAttribute,
        groupSearchField,
        groupObjectClass,
        groupNameField,
        connectionTimeout);
  }
  @Override
  public void handle(ApiRequest request) throws IOException {
    if (ApiContext.getContext().getPolicy() != null) {
      return;
    }
    if (ApiContext.getContext().getTransformationService() == null) {
      ApiContext.getContext().setTransformationService(transformationService);
    }

    Account authenticatedAsAccount = getAccount(request);
    if (authenticatedAsAccount == null
        || !StringUtils.equals(CommonStatesConstants.ACTIVE, authenticatedAsAccount.getState())) {
      throw new ClientVisibleException(ResponseCodes.UNAUTHORIZED);
    }

    Set<Identity> identities = getIdentities(authenticatedAsAccount);
    if (identities == null || identities.size() == 0) {
      throw new ClientVisibleException(ResponseCodes.UNAUTHORIZED);
    }

    Account account = getAccountRequested(authenticatedAsAccount, identities, request);
    Policy policy = getPolicy(account, authenticatedAsAccount, identities, request);
    if (policy == null) {
      log.error("Failed to find policy for [{}]", account.getId());
      throwUnauthorized();
    }

    SchemaFactory schemaFactory = getSchemaFactory(account, policy, request);
    if (schemaFactory == null) {
      log.error("Failed to find a schema for account type [{}]", account.getKind());
      if (SecurityConstants.SECURITY.get()) {
        throwUnauthorized();
      }
    }
    saveInContext(request, policy, schemaFactory);
  }