protected Account getAccount(ApiRequest request) {
Account account = null;
for (AccountLookup lookup : accountLookups) {
if (lookup.isConfigured()) {
account = lookup.getAccount(request);
if (account != null) {
request.setAttribute(AccountConstants.AUTH_TYPE, lookup.getName());
break;
}
}
}
if (account != null) {
return account;
}
if (SecurityConstants.SECURITY.get()) {
for (AccountLookup lookup : accountLookups) {
if (lookup.challenge(request)) {
break;
}
}
}
return null;
}
@Override
protected Object listInternal(
SchemaFactory schemaFactory, String type, Map<Object, Object> criteria, ListOptions options) {
boolean enabled = SecurityConstants.SECURITY.get();
boolean tls = ADConstants.TLS_ENABLED.get();
String server = ADConstants.LDAP_SERVER.get();
String loginDomain = ADConstants.LDAP_LOGIN_DOMAIN.get();
String domain = ADConstants.LDAP_DOMAIN.get();
String accessMode = ADConstants.ACCESS_MODE.get();
String serviceAccountPassword = ADConstants.SERVICE_ACCOUNT_PASSWORD.get();
String serviceAccountUsername = ADConstants.SERVICE_ACCOUNT_USER.get();
String userSearchField = ADConstants.USER_SEARCH_FIELD.get();
String groupSearchField = ADConstants.GROUP_SEARCH_FIELD.get();
String userLoginField = ADConstants.USER_LOGIN_FIELD.get();
int port = ADConstants.LDAP_PORT.get();
int userEnabledMaskBit = ADConstants.USER_DISABLED_BIT_MASK.get();
String userObjectClass = ADConstants.USER_OBJECT_CLASS.get();
String userNameField = ADConstants.USER_NAME_FIELD.get();
String groupObjectClass = ADConstants.GROUP_OBJECT_CLASS.get();
String userEnabledAttribute = ADConstants.USER_ENABLED_ATTRIBUTE.get();
String groupNameField = ADConstants.GROUP_NAME_FIELD.get();
long connectionTimeout = ADConstants.CONNECTION_TIMEOUT.get();
return new ADConfig(
server,
port,
userEnabledMaskBit,
loginDomain,
domain,
enabled,
accessMode,
serviceAccountUsername,
serviceAccountPassword,
tls,
userSearchField,
userLoginField,
userObjectClass,
userNameField,
userEnabledAttribute,
groupSearchField,
groupObjectClass,
groupNameField,
connectionTimeout);
}
@Override
public void handle(ApiRequest request) throws IOException {
if (ApiContext.getContext().getPolicy() != null) {
return;
}
if (ApiContext.getContext().getTransformationService() == null) {
ApiContext.getContext().setTransformationService(transformationService);
}
Account authenticatedAsAccount = getAccount(request);
if (authenticatedAsAccount == null
|| !StringUtils.equals(CommonStatesConstants.ACTIVE, authenticatedAsAccount.getState())) {
throw new ClientVisibleException(ResponseCodes.UNAUTHORIZED);
}
Set<Identity> identities = getIdentities(authenticatedAsAccount);
if (identities == null || identities.size() == 0) {
throw new ClientVisibleException(ResponseCodes.UNAUTHORIZED);
}
Account account = getAccountRequested(authenticatedAsAccount, identities, request);
Policy policy = getPolicy(account, authenticatedAsAccount, identities, request);
if (policy == null) {
log.error("Failed to find policy for [{}]", account.getId());
throwUnauthorized();
}
SchemaFactory schemaFactory = getSchemaFactory(account, policy, request);
if (schemaFactory == null) {
log.error("Failed to find a schema for account type [{}]", account.getKind());
if (SecurityConstants.SECURITY.get()) {
throwUnauthorized();
}
}
saveInContext(request, policy, schemaFactory);
}