Class LDAPRealm
java.lang.Object
com.sun.enterprise.security.auth.realm.AbstractGlassFishRealmState
com.sun.enterprise.security.auth.realm.Realm
com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
- All Implemented Interfaces:
GlassFishUserManagement
,GlassFishUserStore
,Comparable<Realm>
Realm wrapper for supporting LDAP authentication.
See LDAPLoginModule documentation for more details on the operation of the LDAP realm and login module.
The ldap realm needs the following properties in its configuration:
- directory - URL of LDAP directory to use
- base-dn - The base DN to use for user searches.
- jaas-ctx - JAAS context name used to access LoginModule for authentication.
Besides JDK Context properties start with java.naming, javax.security, one can also set connection pool related properties starting with com.sun.jndi.ldap.connect.pool. See http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html for details. Also, the following optional attributes can also be specified:
- search-filter - LDAP filter to use for searching for the user entry based on username given to iAS. The default
value is
uid=%s
where %s is expanded to the username. - group-base-dn - The base DN to use for group searches. By default its value is the same as base-dn.
- group-search-filter - The LDAP filter to use for searching group membership of a given user. The default value is
uniquemember=%d
where %d is expanded to the DN of the user found by the user search. - group-target - The attribute which value(s) are interpreted as group membership names of the user. Default value
is
cn
. - search-bind-dn - The dn of ldap user. optional and no default value.
- search-bind-password - The password of search-bind-dn.optional and no default value.
- pool-size - The JNDI ldap connection pool size.
- See Also:
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
Fields inherited from class com.sun.enterprise.security.auth.realm.AbstractGlassFishRealmState
groupMapper, JAAS_CONTEXT_PARAM, PARAM_GROUP_MAPPING
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionString[]
findAndBind
(String _username, char[] _password) Supports mode=find-bind.Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.getGroupNames
(String username) Returns the name of all the groups that this user belongs to.void
init
(Properties props) Initialize a realm with some properties.Methods inherited from class com.sun.enterprise.security.auth.realm.Realm
getDefaultInstance, getDefaultRealm, getInstance, getInstance, getRealmNames, getRealmStatsProvier, instantiate, instantiate, isValidRealm, isValidRealm, setDefaultRealm, unloadInstance, unloadInstance, updateInstance, updateInstance
Methods inherited from class com.sun.enterprise.security.auth.realm.AbstractGlassFishRealmState
addAssignGroups, compareTo, getDefaultDigestAlgorithm, getJAASContext, getMappedGroupNames, getName, getProperties, getProperty, refresh, setName, setProperty, toString
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface com.sun.enterprise.security.auth.realm.GlassFishUserManagement
addUser, addUser, persist, removeUser, supportsUserManagement, updateUser, updateUser
Methods inherited from interface com.sun.enterprise.security.auth.realm.GlassFishUserStore
getGroupNames, getUser, getUserNames, refresh
-
Field Details
-
AUTH_TYPE
- See Also:
-
PARAM_DIRURL
- See Also:
-
PARAM_USERDN
- See Also:
-
PARAM_SEARCH_FILTER
- See Also:
-
PARAM_GRPDN
- See Also:
-
PARAM_GRP_SEARCH_FILTER
- See Also:
-
PARAM_GRP_TARGET
- See Also:
-
PARAM_DYNAMIC_GRP_FILTER
- See Also:
-
PARAM_DYNAMIC_GRP_TARGET
- See Also:
-
PARAM_MODE
- See Also:
-
PARAM_JNDICF
- See Also:
-
PARAM_POOLSIZE
- See Also:
-
PARAM_BINDDN
- See Also:
-
PARAM_BINDPWD
- See Also:
-
MODE_FIND_BIND
- See Also:
-
SUBST_SUBJECT_NAME
- See Also:
-
SUBST_SUBJECT_DN
- See Also:
-
DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY
- See Also:
-
DYNAMIC_GROUP_STATE_FACTORY_PROPERTY
- See Also:
-
LDAP_SOCKET_FACTORY
- See Also:
-
DEFAULT_SSL_LDAP_SOCKET_FACTORY
- See Also:
-
LDAPS_URL
- See Also:
-
DEFAULT_POOL_PROTOCOL
- See Also:
-
DYNAMIC_GROUP_FILTER
- See Also:
-
SSL
- See Also:
-
-
Constructor Details
-
LDAPRealm
public LDAPRealm()
-
-
Method Details
-
getAuthType
Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.- Specified by:
getAuthType
in classAbstractGlassFishRealmState
- Returns:
- Description of the kind of authentication that is directly supported by this realm.
-
init
Initialize a realm with some properties. This can be used when instantiating realms from their descriptions. This method may only be called a single time.- Overrides:
init
in classAbstractGlassFishRealmState
- Parameters:
props
- Initialization parameters used by this realm.- Throws:
BadRealmException
- If the configuration parameters identify a corrupt realm.NoSuchRealmException
- If the configuration parameters specify a realm which doesn't exist.
-
getGroupNames
Returns the name of all the groups that this user belongs to. Note that this information is only known after the user has logged in. This is called from web path role verification, though it should not be.- Parameters:
username
- Name of the user in this realm whose group listing is needed.- Returns:
- Enumeration of group names (strings).
- Throws:
InvalidOperationException
- thrown if the realm does not support this operation - e.g. Certificate realm does not support this operation.NoSuchUserException
-
findAndBind
Supports mode=find-bind. See class documentation.- Throws:
LoginException
-