Package org.apache.qpid.server.security.auth.manager

Class SimpleLDAPAuthenticationManagerImpl

java.lang.Object

org.apache.qpid.server.model.AbstractConfiguredObject<T>

org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl

All Implemented Interfaces:

EventLoggerProvider, AuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>, ConfiguredObject<SimpleLDAPAuthenticationManagerImpl>, ContextProvider, PermissionedObject, TaskExecutorProvider, CachingAuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>, SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>, UsernamePasswordAuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>

public class SimpleLDAPAuthenticationManagerImpl
extends AbstractAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>
implements SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

Simple LDAP authentication manager.

Supports username / password authentication.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.qpid.server.model.AbstractConfiguredObject

AbstractConfiguredObject.CallableWithArgument<V,A>, AbstractConfiguredObject.ChainedListenableFuture<V>, AbstractConfiguredObject.ChainedSettableFuture<V>, AbstractConfiguredObject.DuplicateIdException, AbstractConfiguredObject.DuplicateNameException

Field Summary

Fields inherited from class org.apache.qpid.server.model.AbstractConfiguredObject

SECURED_STRING_VALUE

Fields inherited from interface org.apache.qpid.server.security.auth.manager.CachingAuthenticationProvider

AUTHENTICATION_CACHE_EXPIRATION_TIME, AUTHENTICATION_CACHE_ITERATION_COUNT, AUTHENTICATION_CACHE_MAX_SIZE, DEFAULT_AUTHENTICATION_CACHE_EXPIRATION_TIME, DEFAULT_AUTHENTICATION_CACHE_ITERATION_COUNT, DEFAULT_AUTHENTICATION_CACHE_MAX_SIZE

Fields inherited from interface org.apache.qpid.server.model.ConfiguredObject

AWAIT_ATTAINMENT_TIMEOUT, CONTEXT, CREATED_BY, CREATED_TIME, DEFAULT_AWAIT_ATTAINMENT_TIMEOUT, DESCRIPTION, DESIRED_STATE, DURABLE, ID, LAST_UPDATED_BY, LAST_UPDATED_TIME, LIFETIME_POLICY, NAME, OVER_SIZED_ATTRIBUTE_ALTERNATIVE_TEXT, STATE, TYPE

Fields inherited from interface org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager

AUTHENTICATION_METHOD, CLASS_DESCRIPTION, DEFAULT_LDAP_CONTEXT_FACTORY, GROUP_SEARCH_CONTEXT, GROUP_SEARCH_FILTER, LDAP_CONTEXT_FACTORY, LOGIN_CONFIG_SCOPE, LOGIN_CONFIG_SCOPE_DEFAULT, PROVIDER_AUTH_URL, PROVIDER_TYPE, PROVIDER_URL, SEARCH_CONTEXT, SEARCH_FILTER, SEARCH_PASSWORD, SEARCH_USERNAME, TRUST_STORE

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SimpleLDAPAuthenticationManagerImpl(Map<String,Object> attributes, Container<?> container)	Constructor creates configured object

Method Summary

Modifier and Type	Method	Description
AuthenticationResult	authenticate(String username, String password)	Authenticates username / password against LDAP
SaslNegotiator	createSaslNegotiator(String mechanism, SaslSettings saslSettings, NamedAddressSpace addressSpace)	Creates SASL negotiator based on available options
LdapAuthenticationMethod	getAuthenticationMethod()
String	getGroupAttributeName()
String	getGroupSearchContext()
String	getGroupSearchFilter()
String	getLdapContextFactory()
String	getLoginConfigScope()
List<String>	getMechanisms()	Gets the SASL mechanisms known to this manager.
String	getProviderAuthUrl()
String	getProviderUrl()
String	getSearchContext()
String	getSearchFilter()
String	getSearchPassword()
String	getSearchUsername()
List<String>	getTlsCipherSuiteAllowList()
List<String>	getTlsCipherSuiteDenyList()
List<String>	getTlsProtocolAllowList()
List<String>	getTlsProtocolDenyList()
TrustStore<?>	getTrustStore()
boolean	isBindWithoutSearch()
boolean	isGroupSubtreeSearchScope()
boolean	isUseFullLDAPName()
protected void	onOpen()	Retrieves protocol / cipher allow and deny lists from context.
String	toString()
protected void	validateChange(ConfiguredObject<?> proxyForValidation, Set<String> changedAttributes)	Validate changes
protected void	validateOnCreate()	Validates LDAP connectivity on creation

Methods inherited from class org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager

activate, getAvailableMechanisms, getDisabledMechanisms, getEventLogger, getSecureOnlyMechanisms, logCreated, logDeleted, logOperation, logRecovered, logUpdated, onValidate, startQuiesced

Methods inherited from class org.apache.qpid.server.model.AbstractConfiguredObject

addChangeListener, addChildAsync, addFutureCallback, applyToChildren, asObjectRecord, attainState, attributesAsString, attributeSet, authorise, authorise, authorise, authoriseCreateChild, awaitChildClassToAttainState, awaitChildClassToAttainState, beforeClose, beforeDelete, changeAttributes, childAdded, childRemoved, close, closeAsync, closeChildren, create, createAsync, createChild, createChildAsync, decryptSecrets, delete, deleteAsync, deleteChildren, deleteNoChecks, doAfter, doAfter, doAfter, doAfter, doAfter, doAfter, doAfterAlways, doAfterAlways, doCreation, doOnConfigThread, doOpening, doResolution, doSync, doSync, doValidation, findConfiguredObject, forceUpdateAllSecureAttributes, getAccessControl, getActualAttributes, getAncestor, getAttainedChildById, getAttainedChildByName, getAttribute, getAttributeNames, getCategoryClass, getChildById, getChildByName, getChildExecutor, getChildren, getContext, getContextKeys, getContextValue, getContextValue, getCreatedBy, getCreatedTime, getDescription, getDesiredState, getId, getLastOpenedTime, getLastUpdatedBy, getLastUpdatedTime, getLifetimePolicy, getModel, getName, getObjectFactory, getParent, getState, getStatistics, getStatistics, getSubjectWithAddedSystemRights, getSystemPrincipal, getSystemTaskControllerContext, getSystemTaskSubject, getSystemTaskSubject, getTaskExecutor, getType, getTypeClass, getUserPreferences, handleExceptionOnOpen, hasEncrypter, isDurable, isSystemProcess, isSystemSubject, managesChildStorage, newToken, notifyStateChanged, onClose, onCreate, onDelete, onExceptionInOpen, onResolve, open, openAsync, postResolve, postResolveChildren, postSetAttributes, registerWithParents, removeChangeListener, removeContextVariable, rethrowRuntimeExceptionsOnOpen, runTask, setAttributes, setAttributesAsync, setContextVariable, setEncrypter, setState, setUserPreferences, start, startAsync, stop, updateModel, validateChildDelete

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.qpid.server.model.AuthenticationProvider

getAvailableMechanisms, getDisabledMechanisms, getSecureOnlyMechanisms

Methods inherited from interface org.apache.qpid.server.model.ConfiguredObject

addChangeListener, asObjectRecord, authorise, authorise, authorise, close, closeAsync, createChild, createChildAsync, decryptSecrets, delete, deleteAsync, findConfiguredObject, getActualAttributes, getAttainedChildById, getAttainedChildByName, getAttribute, getAttributeNames, getCategoryClass, getChildById, getChildByName, getChildExecutor, getChildren, getContext, getCreatedBy, getCreatedTime, getDescription, getDesiredState, getId, getLastOpenedTime, getLastUpdatedBy, getLastUpdatedTime, getLifetimePolicy, getModel, getName, getObjectFactory, getParent, getState, getStatistics, getStatistics, getType, getTypeClass, getUserPreferences, hasEncrypter, isDurable, managesChildStorage, newToken, open, openAsync, removeChangeListener, removeContextVariable, setAttributes, setAttributesAsync, setContextVariable, setUserPreferences

Methods inherited from interface org.apache.qpid.server.model.ContextProvider

getContextKeys, getContextValue, getContextValue

Methods inherited from interface org.apache.qpid.server.logging.EventLoggerProvider

getEventLogger

Methods inherited from interface org.apache.qpid.server.model.TaskExecutorProvider

getTaskExecutor

Constructor Detail

SimpleLDAPAuthenticationManagerImpl

protected SimpleLDAPAuthenticationManagerImpl(Map<String,Object> attributes,
                                              Container<?> container)

Constructor creates configured object

Parameters:

attributes - Attributes

container - Parent container

Method Detail

validateOnCreate

protected void validateOnCreate()

Validates LDAP connectivity on creation

Overrides:

validateOnCreate in class AbstractConfiguredObject<SimpleLDAPAuthenticationManagerImpl>

validateChange

protected void validateChange(ConfiguredObject<?> proxyForValidation,
                              Set<String> changedAttributes)

Validate changes

Overrides:

validateChange in class AbstractConfiguredObject<SimpleLDAPAuthenticationManagerImpl>

Parameters:

proxyForValidation - ConfiguredObject

changedAttributes - Attribute names

onOpen

protected void onOpen()

Retrieves protocol / cipher allow and deny lists from context. Creates authentication result cacher.

Overrides:

onOpen in class AbstractConfiguredObject<SimpleLDAPAuthenticationManagerImpl>

getProviderUrl

public String getProviderUrl()

Specified by:

getProviderUrl in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getProviderAuthUrl

public String getProviderAuthUrl()

Specified by:

getProviderAuthUrl in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getSearchContext

public String getSearchContext()

Specified by:

getSearchContext in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getSearchFilter

public String getSearchFilter()

Specified by:

getSearchFilter in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getLdapContextFactory

public String getLdapContextFactory()

Specified by:

getLdapContextFactory in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getTrustStore

public TrustStore<?> getTrustStore()

Specified by:

getTrustStore in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getSearchUsername

public String getSearchUsername()

Specified by:

getSearchUsername in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getSearchPassword

public String getSearchPassword()

Specified by:

getSearchPassword in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getGroupAttributeName

public String getGroupAttributeName()

Specified by:

getGroupAttributeName in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getGroupSearchContext

public String getGroupSearchContext()

Specified by:

getGroupSearchContext in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getGroupSearchFilter

public String getGroupSearchFilter()

Specified by:

getGroupSearchFilter in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

isGroupSubtreeSearchScope

public boolean isGroupSubtreeSearchScope()

Specified by:

isGroupSubtreeSearchScope in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getAuthenticationMethod

public LdapAuthenticationMethod getAuthenticationMethod()

Specified by:

getAuthenticationMethod in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getLoginConfigScope

public String getLoginConfigScope()

Specified by:

getLoginConfigScope in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getMechanisms

public List<String> getMechanisms()

Description copied from interface: AuthenticationProvider

Gets the SASL mechanisms known to this manager.

Specified by:

getMechanisms in interface AuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>

Returns:

SASL mechanism names, space separated.

createSaslNegotiator

public SaslNegotiator createSaslNegotiator(String mechanism,
                                           SaslSettings saslSettings,
                                           NamedAddressSpace addressSpace)

Creates SASL negotiator based on available options

Specified by:

createSaslNegotiator in interface AuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>

Parameters:

mechanism - Mechanism name

saslSettings - SaslSettings

addressSpace - NamedAddressSpace

Returns:

SaslNegotiator

authenticate

public AuthenticationResult authenticate(String username,
                                         String password)

Authenticates username / password against LDAP

Specified by:

authenticate in interface UsernamePasswordAuthenticationProvider<SimpleLDAPAuthenticationManagerImpl>

Parameters:

username - username

password - password

Returns:

AuthenticationResult

toString

public String toString()

Overrides:

toString in class AbstractConfiguredObject<SimpleLDAPAuthenticationManagerImpl>

isBindWithoutSearch

public boolean isBindWithoutSearch()

Specified by:

isBindWithoutSearch in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

isUseFullLDAPName

public boolean isUseFullLDAPName()

Specified by:

isUseFullLDAPName in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getTlsProtocolAllowList

public List<String> getTlsProtocolAllowList()

Specified by:

getTlsProtocolAllowList in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getTlsProtocolDenyList

public List<String> getTlsProtocolDenyList()

Specified by:

getTlsProtocolDenyList in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getTlsCipherSuiteAllowList

public List<String> getTlsCipherSuiteAllowList()

Specified by:

getTlsCipherSuiteAllowList in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>

getTlsCipherSuiteDenyList

public List<String> getTlsCipherSuiteDenyList()

Specified by:

getTlsCipherSuiteDenyList in interface SimpleLDAPAuthenticationManager<SimpleLDAPAuthenticationManagerImpl>