Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[New] Allow to add an additionalFilter in LDAP search

This commit is contained in:
Robert von Burg 2023-10-05 12:30:42 +02:00
parent d8402bad61
commit 6f729554c8
Signed by: eitch
GPG Key ID: 75DB9C85C74331F7
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
privilege/src/main/java/li/strolch/privilege/handler/BaseLdapPrivilegeHandler.java
View File

@ -40,12 +40,21 @@ public abstract class BaseLdapPrivilegeHandler extends DefaultPrivilegeHandler {
userChallengeHandler, ssoHandler, policyMap);
this.providerUrl = parameterMap.get("providerUrl");
logger.info("providerUrl: " + this.providerUrl);
this.searchBase = parameterMap.get("searchBase");
logger.info("searchBase: " + this.searchBase);
this.additionalFilter = trimOrEmpty(parameterMap.get("additionalFilter"));
if (isNotEmpty(this.additionalFilter))
logger.info("additionalFilter: " + this.additionalFilter);
this.domain = parameterMap.get("domain");
if (isNotEmpty(this.domain) && this.domain.startsWith("@")) {
logger.warn("Remove the @ symbol from the domain property! Added automatically.");
this.domain = this.domain.substring(1);
if (isNotEmpty(this.domain)) {
if (this.domain.startsWith("@")) {
logger.warn(
"Remove the @ symbol from the domain property! Will be added automatically where required.");
this.domain = this.domain.substring(1);
}
logger.info("domain: " + this.domain);
}
}
@ -70,7 +79,7 @@ public abstract class BaseLdapPrivilegeHandler extends DefaultPrivilegeHandler {
env.put(Context.SECURITY_PRINCIPAL, userPrincipalName);
env.put(Context.SECURITY_CREDENTIALS, new String(password));
logger.info("User {} tries to login on ldap {}", username + this.domain, this.providerUrl);
logger.info("User {} tries to login on ldap {}", username, this.providerUrl);
// Create the initial context
DirContext ctx = null;
@ -105,7 +114,7 @@ public abstract class BaseLdapPrivilegeHandler extends DefaultPrivilegeHandler {
SearchResult searchResult = answer.next();
if (answer.hasMore())
throw new AccessDeniedException(
"Could not login with user: " + username + this.domain + " on Ldap: Multiple LDAP Data");
"Could not login with user: " + username + " on Ldap: Multiple LDAP Data");
User user = buildUserFromSearchResult(username, searchResult);