You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by emaayan <el...@gmail.com> on 2011/05/17 22:40:18 UTC

overiding the search for principal Name

our user name is held in sAMAccountName attribute instead of the principal
and the only way i could find out is to override queryForAuthenticationInfo
like that, and do a replace of the attributes, 
is thet simplest way? 

	@Override
		protected AuthenticationInfo queryForAuthenticationInfo(final
AuthenticationToken token, final LdapContextFactory ldapContextFactory)
throws NamingException {
			//final AuthenticationInfo queryForAuthenticationInfo =
super.queryForAuthenticationInfo(token, ldapContextFactory);
	        final UsernamePasswordToken upToken = (UsernamePasswordToken)
token;
	        LdapContext ctx = null;
	        try {
	            ctx = ldapContextFactory.getLdapContext(upToken.getUsername(),
String.valueOf(upToken.getPassword()));
	            final String attribName = "userPrincipalName";
				final SearchControls searchCtls = new
SearchControls(SearchControls.SUBTREE_SCOPE,1,0,new
String[]{attribName},false,false);
				final NamingEnumeration<SearchResult> search = ctx.search(searchBase,
"(&(objectClass=*)(sAMAccountName={0}))",new
Object[]{upToken.getPrincipal()},searchCtls );
				if(search.hasMore()){
					final SearchResult next = search.next();
				
upToken.setUsername(next.getAttributes().get(attribName).get().toString());
				}
	        } finally {
	            LdapUtils.closeContext(ctx);
	        }
	        return buildAuthenticationInfo(upToken.getUsername(),
upToken.getPassword());
		}

--
View this message in context: http://shiro-user.582556.n2.nabble.com/overiding-the-search-for-principal-Name-tp6375068p6375068.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: overiding the search for principal Name

Posted by Les Hazlewood <lh...@apache.org>.

Sure, absolutely - feature requests are welcome :)

Best,

Les

On Tue, May 17, 2011 at 10:04 PM, emaayan <el...@gmail.com> wrote:
> ok, i did that, but  can i open a feature request to externelize the query in
> the ActiveDirectoryRealm?
>
> the simplest example would be instead of
> String searchFilter = "(&(objectClass=*)(userPrincipalName={0}))";
>
> use
> String searchFilter = "(&(objectClass=*)("+getFieldName()+"={0}))";
>
>
> or you could externalize the entire query in a method..

Re: overiding the search for principal Name

Posted by emaayan <el...@gmail.com>.

ok, i did that, but  can i open a feature request to externelize the query in
the ActiveDirectoryRealm? 

the simplest example would be instead of 
String searchFilter = "(&(objectClass=*)(userPrincipalName={0}))";

use
String searchFilter = "(&(objectClass=*)("+getFieldName()+"={0}))";


or you could externalize the entire query in a method..



--
View this message in context: http://shiro-user.582556.n2.nabble.com/overiding-the-search-for-principal-Name-tp6375068p6376444.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: overiding the search for principal Name

Posted by Les Hazlewood <lh...@apache.org>.

Hello,

Yes, if you have more complex search/query requirements than what is
supported by default, overriding queryForAuthenticationInfo is the
recommended approach.

Cheers,

Les

On Tue, May 17, 2011 at 1:40 PM, emaayan <el...@gmail.com> wrote:
> our user name is held in sAMAccountName attribute instead of the principal
> and the only way i could find out is to override queryForAuthenticationInfo
> like that, and do a replace of the attributes,
> is thet simplest way?
>
>        @Override
>                protected AuthenticationInfo queryForAuthenticationInfo(final
> AuthenticationToken token, final LdapContextFactory ldapContextFactory)
> throws NamingException {
>                        //final AuthenticationInfo queryForAuthenticationInfo =
> super.queryForAuthenticationInfo(token, ldapContextFactory);
>                final UsernamePasswordToken upToken = (UsernamePasswordToken)
> token;
>                LdapContext ctx = null;
>                try {
>                    ctx = ldapContextFactory.getLdapContext(upToken.getUsername(),
> String.valueOf(upToken.getPassword()));
>                    final String attribName = "userPrincipalName";
>                                final SearchControls searchCtls = new
> SearchControls(SearchControls.SUBTREE_SCOPE,1,0,new
> String[]{attribName},false,false);
>                                final NamingEnumeration<SearchResult> search = ctx.search(searchBase,
> "(&(objectClass=*)(sAMAccountName={0}))",new
> Object[]{upToken.getPrincipal()},searchCtls );
>                                if(search.hasMore()){
>                                        final SearchResult next = search.next();
>
> upToken.setUsername(next.getAttributes().get(attribName).get().toString());
>                                }
>                } finally {
>                    LdapUtils.closeContext(ctx);
>                }
>                return buildAuthenticationInfo(upToken.getUsername(),
> upToken.getPassword());
>                }
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/overiding-the-search-for-principal-Name-tp6375068p6375068.html
> Sent from the Shiro User mailing list archive at Nabble.com.