//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: private javax.naming.ldap.LdapContext getLdapContextUsingStartTls(org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory, Object principal, Object credentials) throws javax.naming.NamingException
private LdapContext GetLdapContextUsingStartTls(LdapContextFactory ldapContextFactory, object principal, object credentials)
{
JndiLdapContextFactory jndiLdapContextFactory = ( JndiLdapContextFactory )ldapContextFactory;
Dictionary <string, object> env = new Dictionary <string, object>();
env[Context.INITIAL_CONTEXT_FACTORY] = jndiLdapContextFactory.ContextFactoryClassName;
env[Context.PROVIDER_URL] = jndiLdapContextFactory.Url;
LdapContext ctx = null;
try
{
ctx = new InitialLdapContext(env, null);
StartTlsRequest startTlsRequest = new StartTlsRequest();
StartTlsResponse tls = ( StartTlsResponse )ctx.extendedOperation(startTlsRequest);
tls.negotiate();
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, jndiLdapContextFactory.AuthenticationMechanism);
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials);
// do a lookup of the user to trigger authentication
ctx.lookup(principal.ToString());
return(ctx);
}
catch (IOException e)
{
LdapUtils.closeContext(ctx);
_securityLog.error(WithRealm("Failed to negotiate TLS connection with '%s': ", Server(jndiLdapContextFactory), e));
throw new CommunicationException(e.Message);
}
catch (Exception t)
{
LdapUtils.closeContext(ctx);
_securityLog.error(WithRealm("Unexpected failure to negotiate TLS connection with '%s': ", Server(jndiLdapContextFactory), t));
throw t;
}
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: private org.apache.shiro.authc.AuthenticationInfo queryForAuthenticationInfoSAM(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory) throws javax.naming.NamingException
private AuthenticationInfo QueryForAuthenticationInfoSAM(AuthenticationToken token, LdapContextFactory ldapContextFactory)
{
object principal = token.Principal;
object credentials = token.Credentials;
LdapContext ctx = null;
try
{
ctx = _useStartTls ? GetSystemLdapContextUsingStartTls(ldapContextFactory) : ldapContextFactory.SystemLdapContext;
string[] attrs = new string[] { "cn" };
SearchControls searchCtls = new SearchControls(SearchControls.SUBTREE_SCOPE, 1, 0, attrs, false, false);
object[] searchArguments = new object[] { principal };
string filter = "sAMAccountName={0}";
NamingEnumeration <SearchResult> search = ctx.search(_userSearchBase, filter, searchArguments, searchCtls);
if (search.hasMore())
{
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final javax.naming.directory.SearchResult next = search.next();
SearchResult next = search.next();
string loginUser = next.NameInNamespace;
if (search.hasMore())
{
_securityLog.error("More than one user matching: " + principal);
throw new AuthenticationException("More than one user matching: " + principal);
}
else
{
LdapContext ctx2 = ldapContextFactory.getLdapContext(loginUser, credentials);
LdapUtils.closeContext(ctx2);
}
}
else
{
throw new AuthenticationException("No user matching: " + principal);
}
return(CreateAuthenticationInfo(token, principal, credentials, ctx));
}
finally
{
LdapUtils.closeContext(ctx);
}
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: private javax.naming.ldap.LdapContext getSystemLdapContextUsingStartTls(org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory) throws javax.naming.NamingException
private LdapContext GetSystemLdapContextUsingStartTls(LdapContextFactory ldapContextFactory)
{
JndiLdapContextFactory jndiLdapContextFactory = ( JndiLdapContextFactory )ldapContextFactory;
return(GetLdapContextUsingStartTls(ldapContextFactory, jndiLdapContextFactory.SystemUsername, jndiLdapContextFactory.SystemPassword));
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: protected org.apache.shiro.authz.AuthorizationInfo queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection principals, org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory) throws javax.naming.NamingException
protected internal override AuthorizationInfo QueryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory)
{
if (_authorizationEnabled.Value)
{
string username = GetUsername(principals);
if (string.ReferenceEquals(username, null))
{
return(null);
}
if (_useSystemAccountForAuthorization.Value)
{
// Perform context search using the system context
LdapContext ldapContext = _useStartTls ? GetSystemLdapContextUsingStartTls(ldapContextFactory) : ldapContextFactory.SystemLdapContext;
ISet <string> roleNames;
try
{
roleNames = FindRoleNamesForUser(username, ldapContext);
}
finally
{
LdapUtils.closeContext(ldapContext);
}
return(new SimpleAuthorizationInfo(roleNames));
}
else
{
// Authorization info is cached during authentication
Cache <object, AuthorizationInfo> authorizationCache = AuthorizationCache;
AuthorizationInfo authorizationInfo = authorizationCache.get(username);
if (authorizationInfo == null)
{
// The cached authorization info has expired.
// Since we do not have the subject's credentials we cannot perform a new LDAP search
// for authorization info. Instead we need to fail with a special status,
// so that the client can react by re-authenticating.
throw new AuthorizationExpiredException("LDAP authorization info expired.");
}
return(authorizationInfo);
}
}
return(null);
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: protected org.apache.shiro.authc.AuthenticationInfo queryForAuthenticationInfoUsingStartTls(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory) throws javax.naming.NamingException
protected internal virtual AuthenticationInfo QueryForAuthenticationInfoUsingStartTls(AuthenticationToken token, LdapContextFactory ldapContextFactory)
{
object principal = getLdapPrincipal(token);
object credentials = token.Credentials;
LdapContext ctx = null;
try
{
ctx = GetLdapContextUsingStartTls(ldapContextFactory, principal, credentials);
return(CreateAuthenticationInfo(token, principal, credentials, ctx));
}
finally
{
LdapUtils.closeContext(ctx);
}
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: protected org.apache.shiro.authc.AuthenticationInfo queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory) throws javax.naming.NamingException
protected internal override AuthenticationInfo QueryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory)
{
if (_authenticationEnabled.Value)
{
if (_useSAMAccountName)
{
return(QueryForAuthenticationInfoSAM(token, ldapContextFactory));
}
else
{
string serverString = Server(( JndiLdapContextFactory )ldapContextFactory);
try
{
AuthenticationInfo info = _useStartTls ? QueryForAuthenticationInfoUsingStartTls(token, ldapContextFactory) : base.QueryForAuthenticationInfo(token, ldapContextFactory);
_securityLog.debug(WithRealm("Authenticated user '%s' against %s", token.Principal, serverString));
return(info);
}
catch (Exception e)
{
if (IsExceptionAnLdapConnectionTimeout(e))
{
throw new AuthProviderTimeoutException(LDAP_CONNECTION_TIMEOUT_CLIENT_MESSAGE, e);
}
else if (IsExceptionAnLdapReadTimeout(e))
{
throw new AuthProviderTimeoutException(LDAP_READ_TIMEOUT_CLIENT_MESSAGE, e);
}
else if (IsExceptionConnectionRefused(e))
{
throw new AuthProviderFailedException(LDAP_CONNECTION_REFUSED_CLIENT_MESSAGE, e);
}
// This exception will be caught and rethrown by Shiro, and then by us, so we do not need to wrap it here
throw e;
}
}
}
else
{
return(null);
}
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: protected org.apache.shiro.authz.AuthorizationInfo queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection principals, org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory) throws javax.naming.NamingException
protected internal override AuthorizationInfo QueryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory)
{
if (FailAuth)
{
throw new NamingException("Simulated failure");
}
return(new SimpleAuthorizationInfo());
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: protected org.apache.shiro.authc.AuthenticationInfo queryForAuthenticationInfoUsingStartTls(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory) throws javax.naming.NamingException
protected internal override AuthenticationInfo QueryForAuthenticationInfoUsingStartTls(AuthenticationToken token, LdapContextFactory ldapContextFactory)
{
if (FailAuth)
{
throw new NamingException("Simulated failure");
}
return(new SimpleAuthenticationInfo("olivia", "123", "basic"));
}
