public class LdapLoginModule extends AbstractLoginModule
The jvm should be started with the following parameter:
-Djava.security.auth.login.config=etc/ldap-loginModule.confand an example of the ldap-loginModule.conf would be:
ldaploginmodule { org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required debug="true" useLdaps="false" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" hostname="ldap.example.com" port="389" bindDn="cn=Directory Manager" bindPassword="directory" authenticationMethod="simple" forceBindingLogin="false" userBaseDn="ou=people,dc=alcatel" userRdnAttribute="uid" userIdAttribute="uid" userPasswordAttribute="userPassword" userObjectClass="inetOrgPerson" roleBaseDn="ou=groups,dc=example,dc=com" roleNameAttribute="cn" roleMemberAttribute="uniqueMember" roleObjectClass="groupOfUniqueNames"; };
Modifier and Type | Class | Description |
---|---|---|
class |
LdapLoginModule.LDAPUserInfo |
AbstractLoginModule.JAASUserInfo
Constructor | Description |
---|---|
LdapLoginModule() |
Modifier and Type | Method | Description |
---|---|---|
boolean |
abort() |
|
boolean |
bindingLogin(java.lang.String username,
java.lang.Object password) |
binding authentication check
This method of authentication works only if the user branch of the DIT (ldap tree)
has an ACI (access control instruction) that allow the access to any user or at least
for the user that logs in.
|
boolean |
commit() |
|
static java.lang.String |
convertCredentialLdapToJetty(java.lang.String encryptedPassword) |
|
protected boolean |
credentialLogin(java.lang.Object webCredential) |
password supplied authentication check
|
protected java.lang.String |
doRFC2254Encoding(java.lang.String inputString) |
|
java.util.Hashtable<java.lang.Object,java.lang.Object> |
getEnvironment() |
get the context for connection
|
UserInfo |
getUserInfo(java.lang.String username) |
get the available information about the user
|
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map<java.lang.String,?> sharedState,
java.util.Map<java.lang.String,?> options) |
Init LoginModule.
|
boolean |
login() |
since ldap uses a context bind for valid authentication checking, we override login()
|
configureCallbacks, getCallbackHandler, getCurrentUser, getSubject, isAuthenticated, isCommitted, isIgnored, logout, setAuthenticated, setCallbackHandler, setCommitted, setCurrentUser, setSubject
public UserInfo getUserInfo(java.lang.String username) throws java.lang.Exception
for this LoginModule, the credential can be null which will result in a binding ldap authentication scenario
roles are also an optional concept if required
getUserInfo
in class AbstractLoginModule
username
- the user namejava.lang.Exception
- if unable to get the user infoprotected java.lang.String doRFC2254Encoding(java.lang.String inputString)
public boolean login() throws javax.security.auth.login.LoginException
if credentials are not available from the users context or if we are forcing the binding check then we try a binding authentication check, otherwise if we have the users encoded password then we can try authentication via that mechanic
login
in class AbstractLoginModule
javax.security.auth.login.LoginException
- if unable to loginLoginModule.login()
protected boolean credentialLogin(java.lang.Object webCredential) throws javax.security.auth.login.LoginException
webCredential
- the web credentialjavax.security.auth.login.LoginException
- if unable to loginpublic boolean bindingLogin(java.lang.String username, java.lang.Object password) throws javax.security.auth.login.LoginException, javax.naming.NamingException
username
- the user namepassword
- the passwordjavax.security.auth.login.LoginException
- if unable to bind the loginjavax.naming.NamingException
- if failure to bind loginpublic void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> options)
Called once by JAAS after new instance is created.
initialize
in class AbstractLoginModule
subject
- the subectcallbackHandler
- the callback handlersharedState
- the shared state mapoptions
- the option mapLoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
public boolean commit() throws javax.security.auth.login.LoginException
commit
in class AbstractLoginModule
javax.security.auth.login.LoginException
- if unable to commitLoginModule.commit()
public boolean abort() throws javax.security.auth.login.LoginException
abort
in class AbstractLoginModule
javax.security.auth.login.LoginException
- if unable to abortLoginModule.abort()
public java.util.Hashtable<java.lang.Object,java.lang.Object> getEnvironment()
public static java.lang.String convertCredentialLdapToJetty(java.lang.String encryptedPassword)
Copyright © 1995–2018 Webtide. All rights reserved.