Examples of org.graylog2.security.ldap.LdapSettings

• org.graylog2.users.User
  @author Dennis Oelkers

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authtoken) throws AuthenticationException {
        // safe, we only handle this type
        UsernamePasswordToken token = (UsernamePasswordToken) authtoken;

        final LdapConnectionConfig config = new LdapConnectionConfig();
        final LdapSettings ldapSettings = settings.get();
        if (ldapSettings == null || !ldapSettings.isEnabled()) {
            LOG.trace("LDAP is disabled, skipping");
            return null;
        }
        config.setLdapHost(ldapSettings.getUri().getHost());
        config.setLdapPort(ldapSettings.getUri().getPort());
        config.setUseSsl(ldapSettings.getUri().getScheme().startsWith("ldaps"));
        config.setUseTls(ldapSettings.isUseStartTls());
        if (ldapSettings.isTrustAllCertificates()) {
            config.setTrustManagers(new TrustAllX509TrustManager());
        }
        config.setName(ldapSettings.getSystemUserName());
        config.setCredentials(ldapSettings.getSystemPassword());

        final String principal = String.valueOf(token.getPrincipal());
        LdapNetworkConnection connection = null;
        try {
            connection = ldapConnector.connect(config);

            if(null == connection) {
                LOG.error("Couldn't connect to LDAP directory");
                return null;
            }

            final String password = String.valueOf(token.getPassword());

            final LdapEntry userEntry = ldapConnector.search(connection,
                                                             ldapSettings.getSearchBase(),
                                                             ldapSettings.getSearchPattern(),
                                                             principal,
                                                             ldapSettings.isActiveDirectory());
            if (userEntry == null) {
                LOG.debug("User {} not found in LDAP", principal);
                return null;
            }

    @Timed
    @ApiOperation("Get the LDAP configuration if it is configured")
    @Path("/settings")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getLdapSettings() {
        final LdapSettings ldapSettings = ldapSettingsService.load();
        if (ldapSettings == null) {
            return noContent().build();
        }
        Map<String, Object> result = Maps.newHashMap();
        result.put("enabled", ldapSettings.isEnabled());
        result.put("system_username", ldapSettings.getSystemUserName());
        result.put("system_password", ldapSettings.getSystemPassword()); // TODO AES encrypt
        result.put("ldap_uri", ldapSettings.getUri());
        result.put("search_base", ldapSettings.getSearchBase());
        result.put("search_pattern", ldapSettings.getSearchPattern());
        result.put("display_name_attribute", ldapSettings.getDisplayNameAttribute());
        result.put("active_directory", ldapSettings.isActiveDirectory());
        result.put("use_start_tls", ldapSettings.isUseStartTls());
        result.put("trust_all_certificates", ldapSettings.isTrustAllCertificates());
        result.put("default_group", ldapSettings.getDefaultGroup());

        return ok(json(result)).build();
    }

        } catch (IOException e) {
            LOG.error("Error while parsing JSON", e);
            throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
        }
        // load the existing config, or create a new one. we only support having one, currently
        LdapSettings ldapSettings = ldapSettingsService.load();
        if (ldapSettings == null) {
            ldapSettings = ldapSettingsFactory.createEmpty();
        }
        ldapSettings.setSystemUsername(request.systemUsername);
        ldapSettings.setSystemPassword(request.systemPassword);
        ldapSettings.setUri(request.ldapUri);
        ldapSettings.setUseStartTls(request.useStartTls);
        ldapSettings.setTrustAllCertificates(request.trustAllCertificates);
        ldapSettings.setActiveDirectory(request.activeDirectory);
        ldapSettings.setSearchPattern(request.searchPattern);
        ldapSettings.setSearchBase(request.searchBase);
        ldapSettings.setEnabled(request.enabled);
        ldapSettings.setDisplayNameAttribute(request.displayNameAttribute);
        ldapSettings.setDefaultGroup(request.defaultGroup);

        try {
            ldapSettingsService.save(ldapSettings);
        } catch (ValidationException e) {
            LOG.error("Invalid LDAP settings, not updated!", e);

        for (Plugin plugin : pluginLoader.loadPlugins())
            pluginModules.addAll(plugin.modules());

        LOG.debug("Loaded modules: " + pluginModules);

        GuiceInstantiationService instantiationService = new GuiceInstantiationService();
        List<Module> bindingsModules = getBindingsModules(instantiationService,
                new RadioBindings(configuration),
                new RadioInitializerBindings());
        LOG.debug("Adding plugin modules: " + pluginModules);
        bindingsModules.addAll(pluginModules);
        final Injector injector = GuiceInjectorHolder.createInjector(bindingsModules);
        instantiationService.setInjector(injector);

        // This is holding all our metrics.
        final MetricRegistry metrics = injector.getInstance(MetricRegistry.class);

        // Report metrics via JMX.

        // register node by initiating first ping. if the node isn't registered, loading persisted inputs will fail silently, for example
        Ping.Pinger pinger = injector.getInstance(Ping.Pinger.class);
        pinger.ping();

        final ServiceManager serviceManager = injector.getInstance(ServiceManager.class);
        final ServiceManagerListener serviceManagerListener = injector.getInstance(ServiceManagerListener.class);
        serviceManager.addListener(serviceManagerListener);
        serviceManager.startAsync().awaitHealthy();

        LOG.info("Graylog2 Radio up and running.");

        if (commandLineArguments.isDebug()) {
            LOG.info("Running in Debug mode");
            logLevel = Level.DEBUG;
        }

        PluginLoader pluginLoader = new PluginLoader(new File(configuration.getPluginDir()));
        List<PluginModule> pluginModules = Lists.newArrayList();
        for (Plugin plugin : pluginLoader.loadPlugins())
            pluginModules.addAll(plugin.modules());

        LOG.debug("Loaded modules: " + pluginModules);

        GuiceInstantiationService instantiationService = new GuiceInstantiationService();

        if (radio == null) {
            LOG.error("Radio <{}> not found.", radioId);
            throw new WebApplicationException(404);
        }

        RegisterInputRequest rir;
        try {
            rir = objectMapper.readValue(body, RegisterInputRequest.class);
        } catch(IOException e) {
            LOG.error("Error while parsing JSON", e);
            throw new WebApplicationException(e, Response.Status.BAD_REQUEST);

    public Response cycle() {
        restrictToMaster();

        String msg = "Cycling deflector. Reason: REST request.";
        LOG.info(msg);
        activityWriter.write(new Activity(msg, DeflectorResource.class));

        deflector.cycle();
        return Response.ok().build();
    }

        LOG.info("Node status: [{}]. Waiting <{}sec> for possible load balancers to recognize state change.",
                serverStatus.getLifecycle(),
                configuration.getLoadBalancerRecognitionPeriodSeconds());
        Uninterruptibles.sleepUninterruptibly(configuration.getLoadBalancerRecognitionPeriodSeconds(), TimeUnit.SECONDS);

        activityWriter.write(new Activity("Graceful shutdown initiated.", GracefulShutdown.class));

        /*
         * Wait a second to give for example the calling REST call some time to respond
         * to the client. Using a latch or something here might be a bit over-engineered.
         */

    @Path("{username}")
    @RequiresPermissions(USERS_EDIT)
    @ApiOperation("Removes a user account.")
    @ApiResponses({@ApiResponse(code = 400, message = "When attempting to remove a read only user (e.g. built-in or LDAP user).")})
    public Response deleteUser(@ApiParam(name = "username", value = "The name of the user to delete.", required = true) @PathParam("username") String username) {
        final User user = userService.load(username);
        if (user == null) {
            return status(NOT_FOUND).build();
        }
        if (user.isReadOnly()) {
            throw new BadRequestException("Cannot delete readonly user " + username);
        }

        userService.destroy(user);
        return Response.noContent().build();