View Javadoc
1   /*
2    * Copyright 2014 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.bremersee.spring.security.ldaptive.authentication.provider;
18  
19  import java.time.OffsetDateTime;
20  import java.util.Optional;
21  import org.bremersee.ldaptive.transcoder.UserAccountControl;
22  import org.bremersee.ldaptive.transcoder.ValueTranscoderFactory;
23  import org.bremersee.spring.security.ldaptive.authentication.AccountControlEvaluator;
24  import org.ldaptive.LdapAttribute;
25  import org.ldaptive.LdapEntry;
26  
27  /**
28   * Evaluator of the ldap attributes {@code userAccountControl} and {@code accountExpires} of an
29   * Active Directory.
30   *
31   * @author Christian Bremer
32   */
33  public class ActiveDirectoryAccountControlEvaluator implements AccountControlEvaluator {
34  
35    @Override
36    public boolean isAccountNonExpired(LdapEntry ldapEntry) {
37      var valueTranscoder = ValueTranscoderFactory.getFileTimeToOffsetDateTimeValueTranscoder();
38      return Optional.ofNullable(ldapEntry)
39          .map(entry -> entry.getAttribute("accountExpires"))
40          .map(LdapAttribute::getStringValue)
41          .map(valueTranscoder::decodeStringValue)
42          .map(dateTime -> dateTime.isAfter(OffsetDateTime.now()))
43          .orElse(true);
44    }
45  
46    @Override
47    public boolean isAccountNonLocked(LdapEntry ldapEntry) {
48      return true;
49    }
50  
51    @Override
52    public boolean isCredentialsNonExpired(LdapEntry ldapEntry) {
53      return true;
54    }
55  
56    @Override
57    public boolean isEnabled(LdapEntry ldapEntry) {
58      var valueTranscoder = ValueTranscoderFactory.getUserAccountControlValueTranscoder();
59      return Optional.ofNullable(ldapEntry)
60          .map(entry -> entry.getAttribute("userAccountControl"))
61          .map(LdapAttribute::getStringValue)
62          .map(valueTranscoder::decodeStringValue)
63          .map(UserAccountControl::isEnabled)
64          .orElse(true);
65    }
66  }