Class LDAPRealm
- java.lang.Object
-
- com.sun.enterprise.security.auth.realm.AbstractRealm
-
- com.sun.enterprise.security.auth.realm.AbstractStatefulRealm
-
- com.sun.enterprise.security.auth.realm.Realm
-
- com.sun.enterprise.security.BaseRealm
-
- com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
-
- All Implemented Interfaces:
Comparable<Realm>
@Service public final class LDAPRealm extends BaseRealm
Realm wrapper for supporting LDAP authentication.See LDAPLoginModule documentation for more details on the operation of the LDAP realm and login module.
The ldap realm needs the following properties in its configuration:
- directory - URL of LDAP directory to use
- base-dn - The base DN to use for user searches.
- jaas-ctx - JAAS context name used to access LoginModule for authentication.
Besides JDK Context properties start with java.naming, javax.security, one can also set connection pool related properties starting with com.sun.jndi.ldap.connect.pool. See http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html for details. Also, the following optional attributes can also be specified:
- search-filter - LDAP filter to use for searching for the user entry based on username given to iAS. The default
value is
uid=%s
where %s is expanded to the username. - group-base-dn - The base DN to use for group searches. By default its value is the same as base-dn.
- group-search-filter - The LDAP filter to use for searching group membership of a given user. The default value is
uniquemember=%d
where %d is expanded to the DN of the user found by the user search. - group-target - The attribute which value(s) are interpreted as group membership names of the user. Default value
is
cn
. - search-bind-dn - The dn of ldap user. optional and no default value.
- search-bind-password - The password of search-bind-dn.optional and no default value.
- pool-size - The JNDI ldap connection pool size.
- See Also:
LDAPLoginModule
-
-
Field Summary
Fields Modifier and Type Field Description static String
AUTH_TYPE
static String
DEFAULT_POOL_PROTOCOL
static String
DEFAULT_SSL_LDAP_SOCKET_FACTORY
static String
DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY
static String
DYNAMIC_GROUP_FILTER
static String
DYNAMIC_GROUP_STATE_FACTORY_PROPERTY
protected static Logger
groupSearchLogger
static String
LDAP_SOCKET_FACTORY
static String
LDAPS_URL
static String
MODE_FIND_BIND
static String
PARAM_BINDDN
static String
PARAM_BINDPWD
static String
PARAM_DIRURL
static String
PARAM_DYNAMIC_GRP_FILTER
static String
PARAM_DYNAMIC_GRP_TARGET
static String
PARAM_GRP_SEARCH_FILTER
static String
PARAM_GRP_TARGET
static String
PARAM_GRPDN
static String
PARAM_JNDICF
static String
PARAM_MODE
static String
PARAM_POOLSIZE
static String
PARAM_SEARCH_FILTER
static String
PARAM_USERDN
static String
SSL
static String
SUBST_SUBJECT_DN
static String
SUBST_SUBJECT_NAME
-
Fields inherited from class com.sun.enterprise.security.auth.realm.Realm
_logger, JAAS_CONTEXT_PARAM, RI_DEFAULT
-
Fields inherited from class com.sun.enterprise.security.auth.realm.AbstractStatefulRealm
groupMapper, GROUPS_SEP, PARAM_DEFAULT_DIGEST_ALGORITHM, PARAM_GROUP_MAPPING, PARAM_GROUPS
-
-
Constructor Summary
Constructors Constructor Description LDAPRealm()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String[]
findAndBind(String _username, char[] _password)
Supports mode=find-bind.String
getAuthType()
Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.Enumeration<String>
getGroupNames(String username)
Returns the name of all the groups that this user belongs to.protected void
init(Properties props)
Initialize a realm with some properties.-
Methods inherited from class com.sun.enterprise.security.BaseRealm
addUser, addUser, getGroupNames, getUser, getUserNames, persist, refresh, removeUser, supportsUserManagement, updateUser, updateUser
-
Methods inherited from class com.sun.enterprise.security.auth.realm.Realm
getDefaultInstance, getDefaultRealm, getInstance, getInstance, getRealmNames, getRealmStatsProvier, instantiate, instantiate, isValidRealm, isValidRealm, setDefaultRealm, unloadInstance, unloadInstance, updateInstance, updateInstance
-
Methods inherited from class com.sun.enterprise.security.auth.realm.AbstractStatefulRealm
addAssignGroups, compareTo, getDefaultDigestAlgorithm, getJAASContext, getMappedGroupNames, getName, getProperties, getProperty, refresh, setName, setProperty, toString
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface java.lang.Comparable
compareTo
-
-
-
-
Field Detail
-
groupSearchLogger
protected static final Logger groupSearchLogger
-
AUTH_TYPE
public static final String AUTH_TYPE
- See Also:
- Constant Field Values
-
PARAM_DIRURL
public static final String PARAM_DIRURL
- See Also:
- Constant Field Values
-
PARAM_USERDN
public static final String PARAM_USERDN
- See Also:
- Constant Field Values
-
PARAM_SEARCH_FILTER
public static final String PARAM_SEARCH_FILTER
- See Also:
- Constant Field Values
-
PARAM_GRPDN
public static final String PARAM_GRPDN
- See Also:
- Constant Field Values
-
PARAM_GRP_SEARCH_FILTER
public static final String PARAM_GRP_SEARCH_FILTER
- See Also:
- Constant Field Values
-
PARAM_GRP_TARGET
public static final String PARAM_GRP_TARGET
- See Also:
- Constant Field Values
-
PARAM_DYNAMIC_GRP_FILTER
public static final String PARAM_DYNAMIC_GRP_FILTER
- See Also:
- Constant Field Values
-
PARAM_DYNAMIC_GRP_TARGET
public static final String PARAM_DYNAMIC_GRP_TARGET
- See Also:
- Constant Field Values
-
PARAM_MODE
public static final String PARAM_MODE
- See Also:
- Constant Field Values
-
PARAM_JNDICF
public static final String PARAM_JNDICF
- See Also:
- Constant Field Values
-
PARAM_POOLSIZE
public static final String PARAM_POOLSIZE
- See Also:
- Constant Field Values
-
PARAM_BINDDN
public static final String PARAM_BINDDN
- See Also:
- Constant Field Values
-
PARAM_BINDPWD
public static final String PARAM_BINDPWD
- See Also:
- Constant Field Values
-
MODE_FIND_BIND
public static final String MODE_FIND_BIND
- See Also:
- Constant Field Values
-
SUBST_SUBJECT_NAME
public static final String SUBST_SUBJECT_NAME
- See Also:
- Constant Field Values
-
SUBST_SUBJECT_DN
public static final String SUBST_SUBJECT_DN
- See Also:
- Constant Field Values
-
DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY
public static final String DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY
- See Also:
- Constant Field Values
-
DYNAMIC_GROUP_STATE_FACTORY_PROPERTY
public static final String DYNAMIC_GROUP_STATE_FACTORY_PROPERTY
- See Also:
- Constant Field Values
-
LDAP_SOCKET_FACTORY
public static final String LDAP_SOCKET_FACTORY
- See Also:
- Constant Field Values
-
DEFAULT_SSL_LDAP_SOCKET_FACTORY
public static final String DEFAULT_SSL_LDAP_SOCKET_FACTORY
- See Also:
- Constant Field Values
-
LDAPS_URL
public static final String LDAPS_URL
- See Also:
- Constant Field Values
-
DEFAULT_POOL_PROTOCOL
public static final String DEFAULT_POOL_PROTOCOL
- See Also:
- Constant Field Values
-
DYNAMIC_GROUP_FILTER
public static final String DYNAMIC_GROUP_FILTER
- See Also:
- Constant Field Values
-
SSL
public static final String SSL
- See Also:
- Constant Field Values
-
-
Method Detail
-
init
protected void init(Properties props) throws BadRealmException, NoSuchRealmException
Description copied from class:AbstractStatefulRealm
Initialize a realm with some properties. This can be used when instantiating realms from their descriptions. This method may only be called a single time.- Overrides:
init
in classAbstractStatefulRealm
- Parameters:
props
- initialization parameters used by this realm.- Throws:
BadRealmException
- if the configuration parameters identify a corrupt realmNoSuchRealmException
- if the configuration parameters specify a realm which doesn't exist
-
getAuthType
public String getAuthType()
Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.- Specified by:
getAuthType
in classAbstractRealm
- Returns:
- Description of the kind of authentication that is directly supported by this realm.
-
getGroupNames
public Enumeration<String> getGroupNames(String username) throws InvalidOperationException, NoSuchUserException
Returns the name of all the groups that this user belongs to. Note that this information is only known after the user has logged in. This is called from web path role verification, though it should not be.- Specified by:
getGroupNames
in classAbstractRealm
- Parameters:
username
- Name of the user in this realm whose group listing is needed.- Returns:
- Enumeration of group names (strings).
- Throws:
InvalidOperationException
- thrown if the realm does not support this operation - e.g. Certificate realm does not support this operation.NoSuchUserException
-
findAndBind
public String[] findAndBind(String _username, char[] _password) throws LoginException
Supports mode=find-bind. See class documentation.- Parameters:
_username
-_password
-- Returns:
- Throws:
LoginException
-
-