LdapLoginModule (Jetty :: Project 7.0.0.RC3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.eclipse.jetty.plus.jaas.spi
Class LdapLoginModule

java.lang.Object
  org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule
      org.eclipse.jetty.plus.jaas.spi.LdapLoginModule

All Implemented Interfaces:: LoginModule

public class LdapLoginModule
extends AbstractLoginModule
extends AbstractLoginModule

A LdapLoginModule for use with JAAS setups

The jvm should be started with the following parameter:

-Djava.security.auth.login.config=etc/ldap-loginModule.conf

and an example of the ldap-loginModule.conf would be:

 ldaploginmodule {
    org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required
    debug="true"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="ldap.example.com"
    port="389"
    bindDn="cn=Directory Manager"
    bindPassword="directory"
    authenticationMethod="simple"
    forceBindingLogin="false"
    userBaseDn="ou=people,dc=alcatel"
    userRdnAttribute="uid"
    userIdAttribute="uid"
    userPasswordAttribute="userPassword"
    userObjectClass="inetOrgPerson"
    roleBaseDn="ou=groups,dc=example,dc=com"
    roleNameAttribute="cn"
    roleMemberAttribute="uniqueMember"
    roleObjectClass="groupOfUniqueNames";
    };

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule
`AbstractLoginModule.JAASUserInfo`

Constructor Summary
`LdapLoginModule()`

Method Summary
`boolean`	`abort()`
`boolean`	`bindingLogin(String username, Object password)` binding authentication check This methode of authentication works only if the user branch of the DIT (ldap tree) has an ACI (acces control instruction) that allow the access to any user or at least for the user that logs in.
`boolean`	`commit()`
`static String`	`convertCredentialJettyToLdap(String encryptedPassword)`
`static String`	`convertCredentialLdapToJetty(String encryptedPassword)`
`protected boolean`	`credentialLogin(Object webCredential)` password supplied authentication check
`protected String`	`doRFC2254Encoding(String inputString)`
`Hashtable<Object,Object>`	`getEnvironment()` get the context for connection
`UserInfo`	`getUserInfo(String username)` get the available information about the user for this LoginModule, the credential can be null which will result in a binding ldap authentication scenario roles are also an optional concept if required
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)` Init LoginModule.
`boolean`	`login()` since ldap uses a context bind for valid authentication checking, we override login() if credentials are not available from the users context or if we are forcing the binding check then we try a binding authentication check, otherwise if we have the users encoded password then we can try authentication via that mechanic

Methods inherited from class org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule
`configureCallbacks, getCallbackHandler, getCurrentUser, getSubject, isAuthenticated, isCommitted, logout, setAuthenticated, setCallbackHandler, setCommitted, setCurrentUser, setSubject`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

LdapLoginModule

public LdapLoginModule()

Method Detail

getUserInfo

public UserInfo getUserInfo(String username)
                     throws Exception

get the available information about the user

for this LoginModule, the credential can be null which will result in a binding ldap authentication scenario

roles are also an optional concept if required

Specified by:: getUserInfo in class AbstractLoginModule

Parameters:: username -
Returns:
Throws:: Exception

doRFC2254Encoding

protected String doRFC2254Encoding(String inputString)

login

public boolean login()
              throws LoginException

since ldap uses a context bind for valid authentication checking, we override login()

if credentials are not available from the users context or if we are forcing the binding check then we try a binding authentication check, otherwise if we have the users encoded password then we can try authentication via that mechanic

Specified by:: login in interface LoginModule
Overrides:: login in class AbstractLoginModule

Returns:
Throws:: LoginException
See Also:: LoginModule.login()

credentialLogin

protected boolean credentialLogin(Object webCredential)
                           throws LoginException

password supplied authentication check

Parameters:: webCredential -
Returns:
Throws:: LoginException

bindingLogin

public boolean bindingLogin(String username,
                            Object password)
                     throws LoginException,
                            NamingException

binding authentication check This methode of authentication works only if the user branch of the DIT (ldap tree) has an ACI (acces control instruction) that allow the access to any user or at least for the user that logs in.

Parameters:: username -; password -
Returns:
Throws:: LoginException; NamingException

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)

Init LoginModule. Called once by JAAS after new instance is created.

Specified by:: initialize in interface LoginModule
Overrides:: initialize in class AbstractLoginModule

Parameters:: subject -; callbackHandler -; sharedState -; options -
See Also:: LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)

commit

public boolean commit()
               throws LoginException

Specified by:: commit in interface LoginModule
Overrides:: commit in class AbstractLoginModule

Throws:: LoginException
See Also:: LoginModule.commit()

abort

public boolean abort()
              throws LoginException

Specified by:: abort in interface LoginModule
Overrides:: abort in class AbstractLoginModule

Throws:: LoginException
See Also:: LoginModule.abort()

getEnvironment

public Hashtable<Object,Object> getEnvironment()

get the context for connection

Returns:

convertCredentialJettyToLdap

public static String convertCredentialJettyToLdap(String encryptedPassword)

convertCredentialLdapToJetty

public static String convertCredentialLdapToJetty(String encryptedPassword)