Class LDAPLoginModule
- java.lang.Object
-
- com.sun.enterprise.security.BasePasswordLoginModule
-
- com.sun.enterprise.security.auth.login.LDAPLoginModule
-
- All Implemented Interfaces:
LoginModule
public class LDAPLoginModule extends BasePasswordLoginModule
Payara JAAS LoginModule for an LDAP Realm.Refer to the LDAPRealm documentation for necessary and optional configuration parameters for the Payara LDAP login support.
There are various ways in which a user can be authenticated using an LDAP directory. Currently this login module only supports one mode, 'find and bind'. Other modes may be added as schedules permit.
Mode: find-bind
- An LDAP search is issued on the directory starting at base-dn with the given search-filter (having substituted the user name in place of %s). If no entries match this search, login fails and authentication is over.
- The DN of the entry which matched the search as the DN of the user in the directory. If the search-filter is properly set there should always be a single match; if there are multiple matches, the first one found is used.
- Next an LDAP bind is attempted using the above DN and the provided password. If this fails, login is considered to have failed and authentication is over.
- Then an LDAP search is issued on the directory starting at group-base-dn with the given group-search-filter (having substituted %d for the user DN previously found). From the matched entry(ies) all the values of group-target are taken as group names in which the user has membership. If no entries are found, the group membership is empty.
-
-
Field Summary
-
Fields inherited from class com.sun.enterprise.security.BasePasswordLoginModule
_commitSucceeded, _currentRealm, _groupsList, _options, _passwd, _password, _sharedState, _subject, _succeeded, _username, _userPrincipal, LOGGER, sm
-
-
Constructor Summary
Constructors Constructor Description LDAPLoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
authenticateUser()
Perform LDAP authentication.-
Methods inherited from class com.sun.enterprise.security.BasePasswordLoginModule
abort, commit, commitUserAuthentication, extractCredentials, getCurrentRealm, getGroupsList, getPassword, getPasswordChar, getRealm, getSubject, getUsername, getUserPrincipal, initialize, isCommitSucceeded, isSucceeded, login, logout, setLoginModuleForAuthentication
-
-
-
-
Method Detail
-
authenticateUser
protected void authenticateUser() throws LoginException
Perform LDAP authentication. Delegates to LDAPRealm.- Specified by:
authenticateUser
in classBasePasswordLoginModule
- Throws:
LoginException
- If login fails (JAAS login() behavior).
-
-