Class LDAPRealm
java.lang.Object
com.sun.enterprise.security.auth.realm.Realm
com.sun.enterprise.security.BaseRealm
com.sun.enterprise.security.auth.realm.IASRealm
com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
- All Implemented Interfaces:
Comparable
Realm wrapper for supporting LDAP authentication.
See LDAPLoginModule documentation for more details on the operation of the LDAP realm and login module.
The ldap realm needs the following properties in its configuration:
- directory - URL of LDAP directory to use
- base-dn - The base DN to use for user searches.
- jaas-ctx - JAAS context name used to access LoginModule for authentication.
Besides JDK Context properties start with java.naming, javax.security, one can also set connection pool related properties starting with com.sun.jndi.ldap.connect.pool. See http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html for details. Also, the following optional attributes can also be specified:
- search-filter - LDAP filter to use for searching for the user entry based on username given to iAS. The default
value is
uid=%s
where %s is expanded to the username. - group-base-dn - The base DN to use for group searches. By default its value is the same as base-dn.
- group-search-filter - The LDAP filter to use for searching group membership of a given user. The default value is
uniquemember=%d
where %d is expanded to the DN of the user found by the user search. - group-target - The attribute which value(s) are interpreted as group membership names of the user. Default value
is
cn
. - search-bind-dn - The dn of ldap user. optional and no default value.
- search-bind-password - The password of search-bind-dn.optional and no default value.
- pool-size - The JNDI ldap connection pool size.
- See Also:
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
Fields inherited from class com.sun.enterprise.security.BaseRealm
JAAS_CONTEXT_PARAM, sm
Fields inherited from class com.sun.enterprise.security.auth.realm.Realm
_logger, groupMapper, PARAM_GROUP_MAPPING
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionString[]
findAndBind
(String _username, char[] _password) Supports mode=find-bind.Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.getGroupNames
(String username) Returns the name of all the groups that this user belongs to.void
init
(Properties props) Initialize a realm with some properties.Methods inherited from class com.sun.enterprise.security.BaseRealm
addUser, addUser, getAuthenticationHandler, getGroupNames, getUser, getUserNames, persist, refresh, removeUser, supportsUserManagement, updateUser, updateUser
Methods inherited from class com.sun.enterprise.security.auth.realm.Realm
addAssignGroups, compareTo, getDefaultDigestAlgorithm, getDefaultInstance, getDefaultRealm, getInstance, getInstance, getJAASContext, getMappedGroupNames, getName, getProperties, getProperty, getRealmNames, getRealmStatsProvier, instantiate, instantiate, instantiate, isValidRealm, isValidRealm, refresh, setDefaultRealm, setName, setProperty, toString, unloadInstance, unloadInstance, updateInstance, updateInstance
-
Field Details
-
AUTH_TYPE
- See Also:
-
PARAM_DIRURL
- See Also:
-
PARAM_USERDN
- See Also:
-
PARAM_SEARCH_FILTER
- See Also:
-
PARAM_GRPDN
- See Also:
-
PARAM_GRP_SEARCH_FILTER
- See Also:
-
PARAM_GRP_TARGET
- See Also:
-
PARAM_DYNAMIC_GRP_FILTER
- See Also:
-
PARAM_DYNAMIC_GRP_TARGET
- See Also:
-
PARAM_MODE
- See Also:
-
PARAM_JNDICF
- See Also:
-
PARAM_POOLSIZE
- See Also:
-
PARAM_BINDDN
- See Also:
-
PARAM_BINDPWD
- See Also:
-
MODE_FIND_BIND
- See Also:
-
SUBST_SUBJECT_NAME
- See Also:
-
SUBST_SUBJECT_DN
- See Also:
-
DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY
- See Also:
-
DYNAMIC_GROUP_STATE_FACTORY_PROPERTY
- See Also:
-
LDAP_SOCKET_FACTORY
- See Also:
-
DEFAULT_SSL_LDAP_SOCKET_FACTORY
- See Also:
-
LDAPS_URL
- See Also:
-
DEFAULT_POOL_PROTOCOL
- See Also:
-
DYNAMIC_GROUP_FILTER
- See Also:
-
SSL
- See Also:
-
-
Constructor Details
-
LDAPRealm
public LDAPRealm()
-
-
Method Details
-
getAuthType
Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.- Specified by:
getAuthType
in classRealm
- Returns:
- Description of the kind of authentication that is directly supported by this realm.
-
init
Initialize a realm with some properties. This can be used when instantiating realms from their descriptions. This method may only be called a single time.- Overrides:
init
in classRealm
- Parameters:
props
- Initialization parameters used by this realm.- Throws:
BadRealmException
- If the configuration parameters identify a corrupt realm.NoSuchRealmException
- If the configuration parameters specify a realm which doesn't exist.
-
getGroupNames
public Enumeration<String> getGroupNames(String username) throws InvalidOperationException, NoSuchUserException Returns the name of all the groups that this user belongs to. Note that this information is only known after the user has logged in. This is called from web path role verification, though it should not be.- Specified by:
getGroupNames
in classRealm
- Parameters:
username
- Name of the user in this realm whose group listing is needed.- Returns:
- Enumeration of group names (strings).
- Throws:
InvalidOperationException
- thrown if the realm does not support this operation - e.g. Certificate realm does not support this operation.NoSuchUserException
-
findAndBind
Supports mode=find-bind. See class documentation.- Throws:
LoginException
-