public class LdapLoginModule extends AbstractLoginModule
The jvm should be started with the following parameter:
-Djava.security.auth.login.config=etc/ldap-loginModule.confand an example of the ldap-loginModule.conf would be:
ldaploginmodule { org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required debug="true" useLdaps="false" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" hostname="ldap.example.com" port="389" bindDn="cn=Directory Manager" bindPassword="directory" authenticationMethod="simple" forceBindingLogin="false" userBaseDn="ou=people,dc=alcatel" userRdnAttribute="uid" userIdAttribute="uid" userPasswordAttribute="userPassword" userObjectClass="inetOrgPerson" roleBaseDn="ou=groups,dc=example,dc=com" roleNameAttribute="cn" roleMemberAttribute="uniqueMember" roleObjectClass="groupOfUniqueNames"; };
AbstractLoginModule.JAASUserInfo
Constructor and Description |
---|
LdapLoginModule() |
Modifier and Type | Method and Description |
---|---|
boolean |
abort() |
boolean |
bindingLogin(String username,
Object password)
binding authentication check
This method of authentication works only if the user branch of the DIT (ldap tree)
has an ACI (access control instruction) that allow the access to any user or at least
for the user that logs in.
|
boolean |
commit() |
static String |
convertCredentialJettyToLdap(String encryptedPassword) |
static String |
convertCredentialLdapToJetty(String encryptedPassword) |
protected boolean |
credentialLogin(Object webCredential)
password supplied authentication check
|
protected String |
doRFC2254Encoding(String inputString) |
Hashtable<Object,Object> |
getEnvironment()
get the context for connection
|
UserInfo |
getUserInfo(String username)
get the available information about the user
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
Init LoginModule.
|
boolean |
login()
since ldap uses a context bind for valid authentication checking, we override login()
|
configureCallbacks, getCallbackHandler, getCurrentUser, getSubject, isAuthenticated, isCommitted, isIgnored, logout, setAuthenticated, setCallbackHandler, setCommitted, setCurrentUser, setSubject
public UserInfo getUserInfo(String username) throws Exception
for this LoginModule, the credential can be null which will result in a binding ldap authentication scenario
roles are also an optional concept if required
getUserInfo
in class AbstractLoginModule
username
- the user nameException
- if unable to get the user infopublic boolean login() throws LoginException
if credentials are not available from the users context or if we are forcing the binding check then we try a binding authentication check, otherwise if we have the users encoded password then we can try authentication via that mechanic
login
in interface LoginModule
login
in class AbstractLoginModule
LoginException
- if unable to loginLoginModule.login()
protected boolean credentialLogin(Object webCredential) throws LoginException
webCredential
- the web credentialLoginException
- if unable to loginpublic boolean bindingLogin(String username, Object password) throws LoginException, NamingException
username
- the user namepassword
- the passwordLoginException
- if unable to bind the loginNamingException
- if failure to bind loginpublic void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Called once by JAAS after new instance is created.
initialize
in interface LoginModule
initialize
in class AbstractLoginModule
subject
- the subectcallbackHandler
- the callback handlersharedState
- the shared state mapoptions
- the option mapLoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
public boolean commit() throws LoginException
commit
in interface LoginModule
commit
in class AbstractLoginModule
LoginException
- if unable to commitLoginModule.commit()
public boolean abort() throws LoginException
abort
in interface LoginModule
abort
in class AbstractLoginModule
LoginException
- if unable to abortLoginModule.abort()
public Hashtable<Object,Object> getEnvironment()
public static String convertCredentialJettyToLdap(String encryptedPassword)
Copyright © 1995-2015 Webtide. All Rights Reserved.