Class SimpleLDAPAuthenticationManagerImpl
- java.lang.Object
-
- org.apache.qpid.server.model.AbstractConfiguredObject<T>
-
- org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
- org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl
-
- All Implemented Interfaces:
EventLoggerProvider
,AuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>
,ConfiguredObject<SimpleLDAPAuthenticationManagerImpl>
,ContextProvider
,PermissionedObject
,TaskExecutorProvider
,CachingAuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>
,SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
,UsernamePasswordAuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>
public class SimpleLDAPAuthenticationManagerImpl extends AbstractAuthenticationManager<SimpleLDAPAuthenticationManagerImpl> implements SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
Simple LDAP authentication manager.Supports username / password authentication.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.qpid.server.model.AbstractConfiguredObject
AbstractConfiguredObject.CallableWithArgument<V,A>, AbstractConfiguredObject.ChainedListenableFuture<V>, AbstractConfiguredObject.ChainedSettableFuture<V>, AbstractConfiguredObject.DuplicateIdException, AbstractConfiguredObject.DuplicateNameException
-
-
Field Summary
-
Fields inherited from class org.apache.qpid.server.model.AbstractConfiguredObject
SECURED_STRING_VALUE
-
Fields inherited from interface org.apache.qpid.server.security.auth.manager.CachingAuthenticationProvider
AUTHENTICATION_CACHE_EXPIRATION_TIME, AUTHENTICATION_CACHE_ITERATION_COUNT, AUTHENTICATION_CACHE_MAX_SIZE, DEFAULT_AUTHENTICATION_CACHE_EXPIRATION_TIME, DEFAULT_AUTHENTICATION_CACHE_ITERATION_COUNT, DEFAULT_AUTHENTICATION_CACHE_MAX_SIZE
-
Fields inherited from interface org.apache.qpid.server.model.ConfiguredObject
AWAIT_ATTAINMENT_TIMEOUT, CONTEXT, CREATED_BY, CREATED_TIME, DEFAULT_AWAIT_ATTAINMENT_TIMEOUT, DESCRIPTION, DESIRED_STATE, DURABLE, ID, LAST_UPDATED_BY, LAST_UPDATED_TIME, LIFETIME_POLICY, NAME, OVER_SIZED_ATTRIBUTE_ALTERNATIVE_TEXT, STATE, TYPE
-
Fields inherited from interface org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager
AUTHENTICATION_METHOD, CLASS_DESCRIPTION, DEFAULT_LDAP_CONTEXT_FACTORY, GROUP_SEARCH_CONTEXT, GROUP_SEARCH_FILTER, LDAP_CONTEXT_FACTORY, LOGIN_CONFIG_SCOPE, LOGIN_CONFIG_SCOPE_DEFAULT, PROVIDER_AUTH_URL, PROVIDER_TYPE, PROVIDER_URL, SEARCH_CONTEXT, SEARCH_FILTER, SEARCH_PASSWORD, SEARCH_USERNAME, TRUST_STORE
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
SimpleLDAPAuthenticationManagerImpl(Map<String,Object> attributes, Container<?> container)
Constructor creates configured object
-
Method Summary
-
Methods inherited from class org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager
activate, getAvailableMechanisms, getDisabledMechanisms, getEventLogger, getSecureOnlyMechanisms, logCreated, logDeleted, logOperation, logRecovered, logUpdated, onValidate, startQuiesced
-
Methods inherited from class org.apache.qpid.server.model.AbstractConfiguredObject
addChangeListener, addChildAsync, addFutureCallback, applyToChildren, asObjectRecord, attainState, attributesAsString, attributeSet, authorise, authorise, authorise, authoriseCreateChild, awaitChildClassToAttainState, awaitChildClassToAttainState, beforeClose, beforeDelete, changeAttributes, childAdded, childRemoved, close, closeAsync, closeChildren, create, createAsync, createChild, createChildAsync, decryptSecrets, delete, deleteAsync, deleteChildren, deleteNoChecks, doAfter, doAfter, doAfter, doAfter, doAfter, doAfter, doAfterAlways, doAfterAlways, doCreation, doOnConfigThread, doOpening, doResolution, doSync, doSync, doValidation, findConfiguredObject, forceUpdateAllSecureAttributes, getAccessControl, getActualAttributes, getAncestor, getAttainedChildById, getAttainedChildByName, getAttribute, getAttributeNames, getCategoryClass, getChildById, getChildByName, getChildExecutor, getChildren, getContext, getContextKeys, getContextValue, getContextValue, getCreatedBy, getCreatedTime, getDescription, getDesiredState, getId, getLastOpenedTime, getLastUpdatedBy, getLastUpdatedTime, getLifetimePolicy, getModel, getName, getObjectFactory, getParent, getState, getStatistics, getStatistics, getSubjectWithAddedSystemRights, getSystemPrincipal, getSystemTaskControllerContext, getSystemTaskSubject, getSystemTaskSubject, getTaskExecutor, getType, getTypeClass, getUserPreferences, handleExceptionOnOpen, hasEncrypter, isDurable, isSystemProcess, isSystemSubject, managesChildStorage, newToken, notifyStateChanged, onClose, onCreate, onDelete, onExceptionInOpen, onResolve, open, openAsync, postResolve, postResolveChildren, postSetAttributes, registerWithParents, removeChangeListener, removeContextVariable, rethrowRuntimeExceptionsOnOpen, runTask, setAttributes, setAttributesAsync, setContextVariable, setEncrypter, setState, setUserPreferences, start, startAsync, stop, updateModel, validateChildDelete
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.apache.qpid.server.model.AuthenticationProvider
getAvailableMechanisms, getDisabledMechanisms, getSecureOnlyMechanisms
-
Methods inherited from interface org.apache.qpid.server.model.ConfiguredObject
addChangeListener, asObjectRecord, authorise, authorise, authorise, close, closeAsync, createChild, createChildAsync, decryptSecrets, delete, deleteAsync, findConfiguredObject, getActualAttributes, getAttainedChildById, getAttainedChildByName, getAttribute, getAttributeNames, getCategoryClass, getChildById, getChildByName, getChildExecutor, getChildren, getContext, getCreatedBy, getCreatedTime, getDescription, getDesiredState, getId, getLastOpenedTime, getLastUpdatedBy, getLastUpdatedTime, getLifetimePolicy, getModel, getName, getObjectFactory, getParent, getState, getStatistics, getStatistics, getType, getTypeClass, getUserPreferences, hasEncrypter, isDurable, managesChildStorage, newToken, open, openAsync, removeChangeListener, removeContextVariable, setAttributes, setAttributesAsync, setContextVariable, setUserPreferences
-
Methods inherited from interface org.apache.qpid.server.model.ContextProvider
getContextKeys, getContextValue, getContextValue
-
Methods inherited from interface org.apache.qpid.server.logging.EventLoggerProvider
getEventLogger
-
Methods inherited from interface org.apache.qpid.server.model.TaskExecutorProvider
getTaskExecutor
-
-
-
-
Method Detail
-
validateOnCreate
protected void validateOnCreate()
Validates LDAP connectivity on creation- Overrides:
validateOnCreate
in classAbstractConfiguredObject<SimpleLDAPAuthenticationManagerImpl>
-
validateChange
protected void validateChange(ConfiguredObject<?> proxyForValidation, Set<String> changedAttributes)
Validate changes- Overrides:
validateChange
in classAbstractConfiguredObject<SimpleLDAPAuthenticationManagerImpl>
- Parameters:
proxyForValidation
- ConfiguredObjectchangedAttributes
- Attribute names
-
onOpen
protected void onOpen()
Retrieves protocol / cipher allow and deny lists from context. Creates authentication result cacher.- Overrides:
onOpen
in classAbstractConfiguredObject<SimpleLDAPAuthenticationManagerImpl>
-
getProviderUrl
public String getProviderUrl()
- Specified by:
getProviderUrl
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getProviderAuthUrl
public String getProviderAuthUrl()
- Specified by:
getProviderAuthUrl
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getSearchContext
public String getSearchContext()
- Specified by:
getSearchContext
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getSearchFilter
public String getSearchFilter()
- Specified by:
getSearchFilter
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getLdapContextFactory
public String getLdapContextFactory()
- Specified by:
getLdapContextFactory
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getTrustStore
public TrustStore<?> getTrustStore()
- Specified by:
getTrustStore
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getSearchUsername
public String getSearchUsername()
- Specified by:
getSearchUsername
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getSearchPassword
public String getSearchPassword()
- Specified by:
getSearchPassword
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getGroupAttributeName
public String getGroupAttributeName()
- Specified by:
getGroupAttributeName
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getGroupSearchContext
public String getGroupSearchContext()
- Specified by:
getGroupSearchContext
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getGroupSearchFilter
public String getGroupSearchFilter()
- Specified by:
getGroupSearchFilter
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
isGroupSubtreeSearchScope
public boolean isGroupSubtreeSearchScope()
- Specified by:
isGroupSubtreeSearchScope
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getAuthenticationMethod
public LdapAuthenticationMethod getAuthenticationMethod()
- Specified by:
getAuthenticationMethod
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getLoginConfigScope
public String getLoginConfigScope()
- Specified by:
getLoginConfigScope
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getMechanisms
public List<String> getMechanisms()
Description copied from interface:AuthenticationProvider
Gets the SASL mechanisms known to this manager.- Specified by:
getMechanisms
in interfaceAuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>
- Returns:
- SASL mechanism names, space separated.
-
createSaslNegotiator
public SaslNegotiator createSaslNegotiator(String mechanism, SaslSettings saslSettings, NamedAddressSpace addressSpace)
Creates SASL negotiator based on available options- Specified by:
createSaslNegotiator
in interfaceAuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>
- Parameters:
mechanism
- Mechanism namesaslSettings
- SaslSettingsaddressSpace
- NamedAddressSpace- Returns:
- SaslNegotiator
-
authenticate
public AuthenticationResult authenticate(String username, String password)
Authenticates username / password against LDAP- Specified by:
authenticate
in interfaceUsernamePasswordAuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>
- Parameters:
username
- usernamepassword
- password- Returns:
- AuthenticationResult
-
toString
public String toString()
- Overrides:
toString
in classAbstractConfiguredObject<SimpleLDAPAuthenticationManagerImpl>
-
isBindWithoutSearch
public boolean isBindWithoutSearch()
- Specified by:
isBindWithoutSearch
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
isUseFullLDAPName
public boolean isUseFullLDAPName()
- Specified by:
isUseFullLDAPName
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getTlsProtocolAllowList
public List<String> getTlsProtocolAllowList()
- Specified by:
getTlsProtocolAllowList
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getTlsProtocolDenyList
public List<String> getTlsProtocolDenyList()
- Specified by:
getTlsProtocolDenyList
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getTlsCipherSuiteAllowList
public List<String> getTlsCipherSuiteAllowList()
- Specified by:
getTlsCipherSuiteAllowList
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
getTlsCipherSuiteDenyList
public List<String> getTlsCipherSuiteDenyList()
- Specified by:
getTlsCipherSuiteDenyList
in interfaceSimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
-
-