public class JNDIRealm extends RealmBase
Implementation of Realm that works with a directory server accessed via the Java Naming and Directory Interface (JNDI) APIs. The following constraints are imposed on the data structure in the underlying directory server:
DirContext
that is accessed
via the connectionURL
property.connectURL
an attempt will be made to use the alternateURL
if it
exists.userPattern
property.userPattern
property is not
specified, a unique element can be located by searching the directory
context. In this case:
userSearch
pattern specifies the search filter
after substitution of the username.userBase
property can be set to the element that
is the base of the subtree containing users. If not specified,
the search base is the top-level context.userSubtree
property can be set to
true
if you wish to search the entire subtree of the
directory context. The default value of false
requests a search of only the current level.userPassword
property is not specified.userPassword
property is specified, in which case:
userPassword
property.
RealmBase.digest()
method (using the standard digest
support included in RealmBase
).
RealmBase.digest()
) are equal to the retrieved value
for the user password attribute.DirContext
that is accessed via the
connectionURL
property. This element has the following
characteristics:
roleSearch
property.roleSearch
pattern optionally includes pattern
replacements "{0}" for the distinguished name, and/or "{1}" for
the username, and/or "{2}" the value of an attribute from the
user's directory entry (the attribute is specified by the
userRoleAttribute
property), of the authenticated user
for which roles will be retrieved.roleBase
property can be set to the element that
is the base of the search for matching roles. If not specified,
the entire context will be searched.roleSubtree
property can be set to
true
if you wish to search the entire subtree of the
directory context. The default value of false
requests a search of only the current level.roleName
property) containing the name of the
role represented by this element.userRoleName
property.commonRole
property to the
name of this role. The role doesn't have to exist in the directory.roleNested
to true
.
The default value is false
, so role searches will not find
nested roles.<security-role-ref>
element in
the web application deployment descriptor allows applications to refer
to roles programmatically by names other than those used in the
directory server itself.TODO - Support connection pooling (including message
format objects) so that authenticate()
does not have to be
synchronized.
WARNING - There is a reported bug against the Netscape provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to successfully authenticated a non-existing user. The report is here: https://bz.apache.org/bugzilla/show_bug.cgi?id=11210 . With luck, Netscape has updated their provider code and this is not an issue.
Modifier and Type | Class and Description |
---|---|
protected static class |
JNDIRealm.User
A protected class representing a User
|
RealmBase.AllRolesMode
Lifecycle.SingleUse
Modifier and Type | Field and Description |
---|---|
protected boolean |
adCompat
Should we ignore PartialResultExceptions when iterating over NamingEnumerations?
|
protected java.lang.String |
alternateURL
An alternate URL, to which, we should connect if connectionURL fails.
|
protected java.lang.String |
authentication
The type of authentication to use
|
protected java.lang.String |
commonRole
Add this role to every authenticated user
|
protected int |
connectionAttempt
The number of connection attempts.
|
protected java.lang.String |
connectionName
The connection username for the server we will contact.
|
protected java.lang.String |
connectionPassword
The connection password for the server we will contact.
|
protected java.lang.String |
connectionTimeout
The timeout, in milliseconds, to use when trying to create a connection
to the directory.
|
protected java.lang.String |
connectionURL
The connection URL for the server we will contact.
|
protected javax.naming.directory.DirContext |
context
The directory context linking us to our directory server.
|
protected java.lang.String |
contextFactory
The JNDI context factory used to acquire our InitialContext.
|
static java.lang.String |
DEREF_ALIASES
Constant that holds the name of the environment property for specifying
the manner in which aliases should be dereferenced.
|
protected java.lang.String |
derefAliases
How aliases should be dereferenced during search operations.
|
protected static java.lang.String |
name
Descriptive information about this Realm implementation.
|
protected java.lang.String |
protocol
The protocol that will be used in the communication with the
directory server.
|
protected java.lang.String |
readTimeout
The timeout, in milliseconds, to use when trying to read from a connection
to the directory.
|
protected java.lang.String |
referrals
How should we handle referrals?
|
protected java.lang.String |
roleBase
The base element for role searches.
|
protected java.text.MessageFormat |
roleBaseFormat
The MessageFormat object associated with the current
roleBase . |
protected java.text.MessageFormat |
roleFormat
The MessageFormat object associated with the current
roleSearch . |
protected java.lang.String |
roleName
The name of the attribute containing roles held elsewhere
|
protected boolean |
roleNested
Should we look for nested group in order to determine roles?
|
protected java.lang.String |
roleSearch
The message format used to select roles for a user, with "{0}" marking
the spot where the distinguished name of the user goes.
|
protected boolean |
roleSearchAsUser
When searching for user roles, should the search be performed as the user
currently being authenticated?
|
protected boolean |
roleSubtree
Should we search the entire subtree for matching memberships?
|
protected long |
sizeLimit
The sizeLimit (also known as the countLimit) to use when the realm is
configured with
userSearch . |
protected java.lang.String |
spnegoDelegationQop
The QOP that should be used for the connection to the LDAP server after
authentication.
|
protected int |
timeLimit
The timeLimit (in milliseconds) to use when the realm is configured with
userSearch . |
protected boolean |
useDelegatedCredential
Should delegated credentials from the SPNEGO authenticator be used if
available
|
protected java.lang.String |
userBase
The base element for user searches.
|
protected java.lang.String |
userPassword
The attribute name used to retrieve the user password.
|
protected java.lang.String |
userPattern
The message format used to form the distinguished name of a
user, with "{0}" marking the spot where the specified username
goes.
|
protected java.lang.String[] |
userPatternArray
A string of LDAP user patterns or paths, ":"-separated
These will be used to form the distinguished name of a
user, with "{0}" marking the spot where the specified username
goes.
|
protected java.text.MessageFormat[] |
userPatternFormatArray
An array of MessageFormat objects associated with the current
userPatternArray . |
protected java.lang.String |
userRoleAttribute
The name of the attribute inside the users
directory entry where the value will be
taken to search for roles
This attribute is not used during a nested search
|
protected java.lang.String |
userRoleName
The name of an attribute in the user's entry containing
roles for that user
|
protected java.lang.String |
userSearch
The message format used to search for a user, with "{0}" marking
the spot where the username goes.
|
protected java.text.MessageFormat |
userSearchFormat
The MessageFormat object associated with the current
userSearch . |
protected boolean |
userSubtree
Should we search the entire subtree for matching users?
|
allRolesMode, container, containerLog, digest, digestEncoding, md, md5Helper, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassName
mserver
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
Constructor and Description |
---|
JNDIRealm() |
Modifier and Type | Method and Description |
---|---|
java.security.Principal |
authenticate(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return
null . |
java.security.Principal |
authenticate(java.lang.String username,
java.lang.String credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return
null . |
protected boolean |
bindAsUser(javax.naming.directory.DirContext context,
JNDIRealm.User user,
java.lang.String credentials)
Check credentials by binding to the directory as the user
|
protected boolean |
checkCredentials(javax.naming.directory.DirContext context,
JNDIRealm.User user,
java.lang.String credentials)
Check whether the given User can be authenticated with the
given credentials.
|
protected void |
close(javax.naming.directory.DirContext context)
Close any open connection to the directory server for this Realm.
|
protected boolean |
compareCredentials(javax.naming.directory.DirContext context,
JNDIRealm.User info,
java.lang.String credentials)
Check whether the credentials presented by the user match those
retrieved from the directory.
|
protected java.lang.String |
doRFC2254Encoding(java.lang.String inString)
Given an LDAP search string, returns the string with certain characters
escaped according to RFC 2254 guidelines.
|
boolean |
getAdCompat() |
java.lang.String |
getAlternateURL()
Getter for property alternateURL.
|
java.lang.String |
getAuthentication() |
java.lang.String |
getCommonRole() |
java.lang.String |
getConnectionName() |
java.lang.String |
getConnectionPassword() |
java.lang.String |
getConnectionTimeout() |
java.lang.String |
getConnectionURL() |
java.lang.String |
getContextFactory() |
java.lang.String |
getDerefAliases() |
protected java.util.Hashtable<java.lang.String,java.lang.String> |
getDirectoryContextEnvironment()
Create our directory context configuration.
|
protected java.lang.String |
getDistinguishedName(javax.naming.directory.DirContext context,
java.lang.String base,
javax.naming.directory.SearchResult result)
Returns the distinguished name of a search result.
|
javax.net.ssl.HostnameVerifier |
getHostnameVerifier() |
java.lang.String |
getHostnameVerifierClassName() |
protected java.lang.String |
getName() |
protected java.lang.String |
getPassword(java.lang.String username)
Get the password for the specified user.
|
protected java.security.Principal |
getPrincipal(javax.naming.directory.DirContext context,
java.lang.String username,
org.ietf.jgss.GSSCredential gssCredential)
Get the principal associated with the specified certificate.
|
protected java.security.Principal |
getPrincipal(java.lang.String username)
Get the principal associated with the specified certificate.
|
protected java.security.Principal |
getPrincipal(java.lang.String username,
org.ietf.jgss.GSSCredential gssCredential) |
java.lang.String |
getProtocol() |
java.lang.String |
getReadTimeout() |
java.lang.String |
getReferrals() |
java.lang.String |
getRoleBase() |
java.lang.String |
getRoleName() |
boolean |
getRoleNested() |
protected java.util.List<java.lang.String> |
getRoles(javax.naming.directory.DirContext context,
JNDIRealm.User user)
Return a List of roles associated with the given User.
|
java.lang.String |
getRoleSearch() |
boolean |
getRoleSubtree() |
long |
getSizeLimit() |
java.lang.String |
getSpnegoDelegationQop() |
int |
getTimeLimit() |
protected JNDIRealm.User |
getUser(javax.naming.directory.DirContext context,
java.lang.String username)
Return a User object containing information about the user
with the specified username, if found in the directory;
otherwise return
null . |
protected JNDIRealm.User |
getUser(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String credentials)
Return a User object containing information about the user
with the specified username, if found in the directory;
otherwise return
null . |
protected JNDIRealm.User |
getUser(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String credentials,
int curUserPattern)
Return a User object containing information about the user
with the specified username, if found in the directory;
otherwise return
null . |
java.lang.String |
getUserBase() |
protected JNDIRealm.User |
getUserByPattern(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String[] attrIds,
java.lang.String dn)
Use the distinguished name to locate the directory
entry for the user with the specified username and
return a User object; otherwise return
null . |
protected JNDIRealm.User |
getUserByPattern(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String credentials,
java.lang.String[] attrIds,
int curUserPattern)
Use the
UserPattern configuration attribute to
locate the directory entry for the user with the specified
username and return a User object; otherwise return
null . |
protected JNDIRealm.User |
getUserBySearch(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String[] attrIds)
Search the directory to return a User object containing
information about the user with the specified username, if
found in the directory; otherwise return
null . |
java.lang.String |
getUserPassword() |
java.lang.String |
getUserPattern() |
java.lang.String |
getUserRoleAttribute() |
java.lang.String |
getUserRoleName() |
java.lang.String |
getUserSearch() |
boolean |
getUserSubtree() |
boolean |
getUseStartTls() |
boolean |
isRoleSearchAsUser() |
boolean |
isUseDelegatedCredential() |
boolean |
isUserSearchAsUser() |
protected javax.naming.directory.DirContext |
open()
Open (if necessary) and return a connection to the configured
directory server for this Realm.
|
protected java.lang.String[] |
parseUserPatternString(java.lang.String userPatternString)
Given a string containing LDAP patterns for user locations (separated by
parentheses in a pseudo-LDAP search string format -
"(location1)(location2)", returns an array of those paths.
|
protected void |
release(javax.naming.directory.DirContext context)
Release our use of this connection so that it can be recycled.
|
void |
setAdCompat(boolean adCompat)
How do we handle PartialResultExceptions?
|
void |
setAlternateURL(java.lang.String alternateURL)
Setter for property alternateURL.
|
void |
setAuthentication(java.lang.String authentication)
Set the type of authentication to use.
|
void |
setCipherSuites(java.lang.String suites)
Set the allowed cipher suites when opening a connection using StartTLS.
|
void |
setCommonRole(java.lang.String commonRole)
Set the common role
|
void |
setConnectionName(java.lang.String connectionName)
Set the connection username for this Realm.
|
void |
setConnectionPassword(java.lang.String connectionPassword)
Set the connection password for this Realm.
|
void |
setConnectionTimeout(java.lang.String timeout)
Set the connection timeout.
|
void |
setConnectionURL(java.lang.String connectionURL)
Set the connection URL for this Realm.
|
void |
setContextFactory(java.lang.String contextFactory)
Set the JNDI context factory for this Realm.
|
void |
setDerefAliases(java.lang.String derefAliases)
Set the value for derefAliases to be used when searching the directory.
|
void |
setHostnameVerifierClassName(java.lang.String verifierClassName)
Set the
HostnameVerifier to be used when opening connections
using StartTLS. |
void |
setProtocol(java.lang.String protocol)
Set the protocol for this Realm.
|
void |
setReadTimeout(java.lang.String timeout)
Set the read timeout.
|
void |
setReferrals(java.lang.String referrals)
How do we handle JNDI referrals?
|
void |
setRoleBase(java.lang.String roleBase)
Set the base element for role searches.
|
void |
setRoleName(java.lang.String roleName)
Set the role name attribute name for this Realm.
|
void |
setRoleNested(boolean roleNested)
Set the "search subtree for roles" flag.
|
void |
setRoleSearch(java.lang.String roleSearch)
Set the message format pattern for selecting roles in this Realm.
|
void |
setRoleSearchAsUser(boolean roleSearchAsUser) |
void |
setRoleSubtree(boolean roleSubtree)
Set the "search subtree for roles" flag.
|
void |
setSizeLimit(long sizeLimit) |
void |
setSpnegoDelegationQop(java.lang.String spnegoDelegationQop) |
void |
setSslProtocol(java.lang.String protocol)
Set the ssl protocol to be used for connections using StartTLS.
|
void |
setSslSocketFactoryClassName(java.lang.String factoryClassName)
Set the
SSLSocketFactory to be used when opening connections
using StartTLS. |
void |
setTimeLimit(int timeLimit) |
void |
setUseDelegatedCredential(boolean useDelegatedCredential) |
void |
setUserBase(java.lang.String userBase)
Set the base element for user searches.
|
void |
setUserPassword(java.lang.String userPassword)
Set the password attribute used to retrieve the user password.
|
void |
setUserPattern(java.lang.String userPattern)
Set the message format pattern for selecting users in this Realm.
|
void |
setUserRoleAttribute(java.lang.String userRoleAttribute) |
void |
setUserRoleName(java.lang.String userRoleName)
Set the user role name attribute name for this Realm.
|
void |
setUserSearch(java.lang.String userSearch)
Set the message format pattern for selecting users in this Realm.
|
void |
setUserSearchAsUser(boolean userSearchAsUser) |
void |
setUserSubtree(boolean userSubtree)
Set the "search subtree for users" flag.
|
void |
setUseStartTls(boolean useStartTls)
Flag whether StartTLS should be used when connecting to the ldap server
|
protected void |
startInternal()
Prepare for the beginning of active use of the public methods of this
component and implement the requirements of
LifecycleBase.startInternal() . |
protected void |
stopInternal()
Gracefully terminate the active use of the public methods of this
component and implement the requirements of
LifecycleBase.stopInternal() . |
addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, compareCredentials, digest, Digest, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDigest, getDigestCharset, getDigestEncoding, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getRealmPath, getRealmSuffix, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRole, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setContainer, setCredentialHandler, setDigest, setDigestEncoding, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, toString
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop
protected java.lang.String authentication
protected java.lang.String connectionName
protected java.lang.String connectionPassword
protected java.lang.String connectionURL
protected javax.naming.directory.DirContext context
protected java.lang.String contextFactory
protected java.lang.String derefAliases
public static final java.lang.String DEREF_ALIASES
protected static final java.lang.String name
protected java.lang.String protocol
protected boolean adCompat
protected java.lang.String referrals
protected java.lang.String userBase
protected java.lang.String userSearch
protected java.text.MessageFormat userSearchFormat
userSearch
.protected boolean userSubtree
protected java.lang.String userPassword
protected java.lang.String userRoleAttribute
protected java.lang.String[] userPatternArray
protected java.lang.String userPattern
protected java.text.MessageFormat[] userPatternFormatArray
userPatternArray
.protected java.lang.String roleBase
protected java.text.MessageFormat roleBaseFormat
roleBase
.protected java.text.MessageFormat roleFormat
roleSearch
.protected java.lang.String userRoleName
protected java.lang.String roleName
protected java.lang.String roleSearch
protected boolean roleSubtree
protected boolean roleNested
protected boolean roleSearchAsUser
connectionName
and
connectionPassword
will be used if specified, else an anonymous
connection will be used.protected java.lang.String alternateURL
protected int connectionAttempt
protected java.lang.String commonRole
protected java.lang.String connectionTimeout
protected java.lang.String readTimeout
protected long sizeLimit
userSearch
. Zero for no limit.protected int timeLimit
userSearch
. Zero for no limit.protected boolean useDelegatedCredential
protected java.lang.String spnegoDelegationQop
javax.security.sasl.qop
environment property for the LDAP
connection.public java.lang.String getAuthentication()
public void setAuthentication(java.lang.String authentication)
authentication
- The authenticationpublic java.lang.String getConnectionName()
public void setConnectionName(java.lang.String connectionName)
connectionName
- The new connection usernamepublic java.lang.String getConnectionPassword()
public void setConnectionPassword(java.lang.String connectionPassword)
connectionPassword
- The new connection passwordpublic java.lang.String getConnectionURL()
public void setConnectionURL(java.lang.String connectionURL)
connectionURL
- The new connection URLpublic java.lang.String getContextFactory()
public void setContextFactory(java.lang.String contextFactory)
contextFactory
- The new context factorypublic java.lang.String getDerefAliases()
public void setDerefAliases(java.lang.String derefAliases)
derefAliases
- New value of property derefAliases.public java.lang.String getProtocol()
public void setProtocol(java.lang.String protocol)
protocol
- The new protocol.public boolean getAdCompat()
public void setAdCompat(boolean adCompat)
adCompat
- true
to ignore partial resultspublic java.lang.String getReferrals()
public void setReferrals(java.lang.String referrals)
referrals
- The referral handlingpublic java.lang.String getUserBase()
public void setUserBase(java.lang.String userBase)
userBase
- The new base elementpublic java.lang.String getUserSearch()
public void setUserSearch(java.lang.String userSearch)
userSearch
- The new user search patternpublic boolean isUserSearchAsUser()
public void setUserSearchAsUser(boolean userSearchAsUser)
public boolean getUserSubtree()
public void setUserSubtree(boolean userSubtree)
userSubtree
- The new search flagpublic java.lang.String getUserRoleName()
public void setUserRoleName(java.lang.String userRoleName)
userRoleName
- The new userRole name attribute namepublic java.lang.String getRoleBase()
public void setRoleBase(java.lang.String roleBase)
roleBase
- The new base elementpublic java.lang.String getRoleName()
public void setRoleName(java.lang.String roleName)
roleName
- The new role name attribute namepublic java.lang.String getRoleSearch()
public void setRoleSearch(java.lang.String roleSearch)
roleSearch
- The new role search patternpublic boolean isRoleSearchAsUser()
public void setRoleSearchAsUser(boolean roleSearchAsUser)
public boolean getRoleSubtree()
public void setRoleSubtree(boolean roleSubtree)
roleSubtree
- The new search flagpublic boolean getRoleNested()
public void setRoleNested(boolean roleNested)
roleNested
- The nested group search flagpublic java.lang.String getUserPassword()
public void setUserPassword(java.lang.String userPassword)
userPassword
- The new password attributepublic java.lang.String getUserRoleAttribute()
public void setUserRoleAttribute(java.lang.String userRoleAttribute)
public java.lang.String getUserPattern()
public void setUserPattern(java.lang.String userPattern)
userPattern
- The new user patternpublic java.lang.String getAlternateURL()
public void setAlternateURL(java.lang.String alternateURL)
alternateURL
- New value of property alternateURL.public java.lang.String getCommonRole()
public void setCommonRole(java.lang.String commonRole)
commonRole
- The common rolepublic java.lang.String getConnectionTimeout()
public void setConnectionTimeout(java.lang.String timeout)
timeout
- The new connection timeoutpublic java.lang.String getReadTimeout()
public void setReadTimeout(java.lang.String timeout)
timeout
- The new read timeoutpublic long getSizeLimit()
public void setSizeLimit(long sizeLimit)
public int getTimeLimit()
public void setTimeLimit(int timeLimit)
public boolean isUseDelegatedCredential()
public void setUseDelegatedCredential(boolean useDelegatedCredential)
public java.lang.String getSpnegoDelegationQop()
public void setSpnegoDelegationQop(java.lang.String spnegoDelegationQop)
public boolean getUseStartTls()
public void setUseStartTls(boolean useStartTls)
useStartTls
- true
when StartTLS should be used. Default is
false
.public void setCipherSuites(java.lang.String suites)
suites
- comma separated list of allowed cipher suitespublic java.lang.String getHostnameVerifierClassName()
HostnameVerifier
class used for connections
using StartTLS, or the empty string, if the default verifier
should be used.public void setHostnameVerifierClassName(java.lang.String verifierClassName)
HostnameVerifier
to be used when opening connections
using StartTLS. An instance of the given class name will be constructed
using the default constructor.verifierClassName
- class name of the HostnameVerifier
to be constructedpublic javax.net.ssl.HostnameVerifier getHostnameVerifier()
HostnameVerifier
to use for peer certificate
verification when opening connections using StartTLS.public void setSslSocketFactoryClassName(java.lang.String factoryClassName)
SSLSocketFactory
to be used when opening connections
using StartTLS. An instance of the factory with the given name will be
created using the default constructor. The SSLSocketFactory can also be
set using setSslProtocol(String)
.factoryClassName
- class name of the factory to be constructedpublic void setSslProtocol(java.lang.String protocol)
protocol
- one of the allowed ssl protocol namespublic java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
null
.
If there are any errors with the JDBC connection, executing
the query or anything we return null (don't authenticate). This
event is also logged, and the connection will be closed so that
a subsequent request will automatically re-open it.authenticate
in interface Realm
authenticate
in class RealmBase
username
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this usernamenull
if there is none.public java.security.Principal authenticate(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String credentials) throws javax.naming.NamingException
null
.context
- The directory contextusername
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this usernamenull
if there is none.javax.naming.NamingException
- if a directory server error occursprotected JNDIRealm.User getUser(javax.naming.directory.DirContext context, java.lang.String username) throws javax.naming.NamingException
null
.context
- The directory contextusername
- Username to be looked upjavax.naming.NamingException
- if a directory server error occursgetUser(DirContext, String, String, int)
protected JNDIRealm.User getUser(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String credentials) throws javax.naming.NamingException
null
.context
- The directory contextusername
- Username to be looked upcredentials
- User credentials (optional)javax.naming.NamingException
- if a directory server error occursgetUser(DirContext, String, String, int)
protected JNDIRealm.User getUser(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String credentials, int curUserPattern) throws javax.naming.NamingException
null
.
If the userPassword
configuration attribute is
specified, the value of that attribute is retrieved from the
user's directory entry. If the userRoleName
configuration attribute is specified, all values of that
attribute are retrieved from the directory entry.context
- The directory contextusername
- Username to be looked upcredentials
- User credentials (optional)curUserPattern
- Index into userPatternFormatArrayjavax.naming.NamingException
- if a directory server error occursprotected JNDIRealm.User getUserByPattern(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String[] attrIds, java.lang.String dn) throws javax.naming.NamingException
null
.context
- The directory contextusername
- The usernameattrIds
- String[]containing names of attributes todn
- Distinguished name of the user
retrieve.javax.naming.NamingException
- if a directory server error occursprotected JNDIRealm.User getUserByPattern(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String credentials, java.lang.String[] attrIds, int curUserPattern) throws javax.naming.NamingException
UserPattern
configuration attribute to
locate the directory entry for the user with the specified
username and return a User object; otherwise return
null
.context
- The directory contextusername
- The usernamecredentials
- User credentials (optional)attrIds
- String[]containing names of attributes tocurUserPattern
- Index into userPatternFormatArrayjavax.naming.NamingException
- if a directory server error occursgetUserByPattern(DirContext, String, String[], String)
protected JNDIRealm.User getUserBySearch(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String[] attrIds) throws javax.naming.NamingException
null
.context
- The directory contextusername
- The usernameattrIds
- String[]containing names of attributes to retrieve.javax.naming.NamingException
- if a directory server error occursprotected boolean checkCredentials(javax.naming.directory.DirContext context, JNDIRealm.User user, java.lang.String credentials) throws javax.naming.NamingException
userPassword
configuration attribute is specified, the credentials
previously retrieved from the directory are compared explicitly
with those presented by the user. Otherwise the presented
credentials are checked by binding to the directory as the
user.context
- The directory contextuser
- The User to be authenticatedcredentials
- The credentials presented by the usertrue
if the credentials are validatedjavax.naming.NamingException
- if a directory server error occursprotected boolean compareCredentials(javax.naming.directory.DirContext context, JNDIRealm.User info, java.lang.String credentials) throws javax.naming.NamingException
context
- The directory contextinfo
- The User to be authenticatedcredentials
- Authentication credentialstrue
if the credentials are validatedjavax.naming.NamingException
- if a directory server error occursprotected boolean bindAsUser(javax.naming.directory.DirContext context, JNDIRealm.User user, java.lang.String credentials) throws javax.naming.NamingException
context
- The directory contextuser
- The User to be authenticatedcredentials
- Authentication credentialstrue
if the credentials are validatedjavax.naming.NamingException
- if a directory server error occursprotected java.util.List<java.lang.String> getRoles(javax.naming.directory.DirContext context, JNDIRealm.User user) throws javax.naming.NamingException
context
- The directory context we are searchinguser
- The User to be checkedjavax.naming.NamingException
- if a directory server error occursprotected void close(javax.naming.directory.DirContext context)
context
- The directory context to be closedprotected java.lang.String getName()
protected java.lang.String getPassword(java.lang.String username)
getPassword
in class RealmBase
username
- The user nameprotected java.security.Principal getPrincipal(java.lang.String username)
getPrincipal
in class RealmBase
username
- The user nameprotected java.security.Principal getPrincipal(java.lang.String username, org.ietf.jgss.GSSCredential gssCredential)
getPrincipal
in class RealmBase
protected java.security.Principal getPrincipal(javax.naming.directory.DirContext context, java.lang.String username, org.ietf.jgss.GSSCredential gssCredential) throws javax.naming.NamingException
context
- The directory contextusername
- The user namegssCredential
- The credentialsjavax.naming.NamingException
- if a directory server error occursprotected javax.naming.directory.DirContext open() throws javax.naming.NamingException
javax.naming.NamingException
- if a directory server error occursprotected java.util.Hashtable<java.lang.String,java.lang.String> getDirectoryContextEnvironment()
protected void release(javax.naming.directory.DirContext context)
context
- The directory context to releaseprotected void startInternal() throws LifecycleException
LifecycleBase.startInternal()
.startInternal
in class RealmBase
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedprotected void stopInternal() throws LifecycleException
LifecycleBase.stopInternal()
.stopInternal
in class RealmBase
LifecycleException
- if this component detects a fatal error
that needs to be reportedprotected java.lang.String[] parseUserPatternString(java.lang.String userPatternString)
userPatternString
- - a string LDAP search paths surrounded by
parenthesesprotected java.lang.String doRFC2254Encoding(java.lang.String inString)
inString
- string to escape according to RFC 2254 guidelinesprotected java.lang.String getDistinguishedName(javax.naming.directory.DirContext context, java.lang.String base, javax.naming.directory.SearchResult result) throws javax.naming.NamingException
context
- Our DirContextbase
- The base DNresult
- The search resultjavax.naming.NamingException
- if a directory server error occursCopyright © 2000-2018 Apache Software Foundation. All Rights Reserved.