You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by emaayan <el...@gmail.com> on 2011/05/17 22:40:18 UTC
overiding the search for principal Name
our user name is held in sAMAccountName attribute instead of the principal
and the only way i could find out is to override queryForAuthenticationInfo
like that, and do a replace of the attributes,
is thet simplest way?
@Override
protected AuthenticationInfo queryForAuthenticationInfo(final
AuthenticationToken token, final LdapContextFactory ldapContextFactory)
throws NamingException {
//final AuthenticationInfo queryForAuthenticationInfo =
super.queryForAuthenticationInfo(token, ldapContextFactory);
final UsernamePasswordToken upToken = (UsernamePasswordToken)
token;
LdapContext ctx = null;
try {
ctx = ldapContextFactory.getLdapContext(upToken.getUsername(),
String.valueOf(upToken.getPassword()));
final String attribName = "userPrincipalName";
final SearchControls searchCtls = new
SearchControls(SearchControls.SUBTREE_SCOPE,1,0,new
String[]{attribName},false,false);
final NamingEnumeration<SearchResult> search = ctx.search(searchBase,
"(&(objectClass=*)(sAMAccountName={0}))",new
Object[]{upToken.getPrincipal()},searchCtls );
if(search.hasMore()){
final SearchResult next = search.next();
upToken.setUsername(next.getAttributes().get(attribName).get().toString());
}
} finally {
LdapUtils.closeContext(ctx);
}
return buildAuthenticationInfo(upToken.getUsername(),
upToken.getPassword());
}
--
View this message in context: http://shiro-user.582556.n2.nabble.com/overiding-the-search-for-principal-Name-tp6375068p6375068.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: overiding the search for principal Name
Posted by Les Hazlewood <lh...@apache.org>.
Sure, absolutely - feature requests are welcome :)
Best,
Les
On Tue, May 17, 2011 at 10:04 PM, emaayan <el...@gmail.com> wrote:
> ok, i did that, but can i open a feature request to externelize the query in
> the ActiveDirectoryRealm?
>
> the simplest example would be instead of
> String searchFilter = "(&(objectClass=*)(userPrincipalName={0}))";
>
> use
> String searchFilter = "(&(objectClass=*)("+getFieldName()+"={0}))";
>
>
> or you could externalize the entire query in a method..
Re: overiding the search for principal Name
Posted by emaayan <el...@gmail.com>.
ok, i did that, but can i open a feature request to externelize the query in
the ActiveDirectoryRealm?
the simplest example would be instead of
String searchFilter = "(&(objectClass=*)(userPrincipalName={0}))";
use
String searchFilter = "(&(objectClass=*)("+getFieldName()+"={0}))";
or you could externalize the entire query in a method..
--
View this message in context: http://shiro-user.582556.n2.nabble.com/overiding-the-search-for-principal-Name-tp6375068p6376444.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: overiding the search for principal Name
Posted by Les Hazlewood <lh...@apache.org>.
Hello,
Yes, if you have more complex search/query requirements than what is
supported by default, overriding queryForAuthenticationInfo is the
recommended approach.
Cheers,
Les
On Tue, May 17, 2011 at 1:40 PM, emaayan <el...@gmail.com> wrote:
> our user name is held in sAMAccountName attribute instead of the principal
> and the only way i could find out is to override queryForAuthenticationInfo
> like that, and do a replace of the attributes,
> is thet simplest way?
>
> @Override
> protected AuthenticationInfo queryForAuthenticationInfo(final
> AuthenticationToken token, final LdapContextFactory ldapContextFactory)
> throws NamingException {
> //final AuthenticationInfo queryForAuthenticationInfo =
> super.queryForAuthenticationInfo(token, ldapContextFactory);
> final UsernamePasswordToken upToken = (UsernamePasswordToken)
> token;
> LdapContext ctx = null;
> try {
> ctx = ldapContextFactory.getLdapContext(upToken.getUsername(),
> String.valueOf(upToken.getPassword()));
> final String attribName = "userPrincipalName";
> final SearchControls searchCtls = new
> SearchControls(SearchControls.SUBTREE_SCOPE,1,0,new
> String[]{attribName},false,false);
> final NamingEnumeration<SearchResult> search = ctx.search(searchBase,
> "(&(objectClass=*)(sAMAccountName={0}))",new
> Object[]{upToken.getPrincipal()},searchCtls );
> if(search.hasMore()){
> final SearchResult next = search.next();
>
> upToken.setUsername(next.getAttributes().get(attribName).get().toString());
> }
> } finally {
> LdapUtils.closeContext(ctx);
> }
> return buildAuthenticationInfo(upToken.getUsername(),
> upToken.getPassword());
> }
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/overiding-the-search-for-principal-Name-tp6375068p6375068.html
> Sent from the Shiro User mailing list archive at Nabble.com.