private boolean authorized(AdPrincipal principal) {
boolean authorized = true;
for (String requiredGroup : configuration.getRequiredGroups()) {
authorized = authorized && principal.getGroupNames().contains(requiredGroup);
}
return authorized;
}
private Optional<T> doAuthenticate(AdCredentials credentials) throws AuthenticationException {
DirContext boundContext = bindUser(credentials);
if (boundContext != null) {
AdPrincipal principal = getAdPrincipal(boundContext, credentials);
if (authorized(principal)) {
return Optional.fromNullable(mapper.map(principal));
} else {
Set<String> missingGroups = configuration.getRequiredGroups();
missingGroups.removeAll(principal.getGroupNames());
LOG.warn(
String.format(
"%s authenticated successfully but did not have authority. Missing Groups: %s",
credentials.getUsername(), missingGroups.toString()));
}
}
return Optional.absent();
}
