|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule org.eclipse.jetty.plus.jaas.spi.LdapLoginModule
public class LdapLoginModule
A LdapLoginModule for use with JAAS setups
The jvm should be started with the following parameter:
-Djava.security.auth.login.config=etc/ldap-loginModule.conf
ldaploginmodule { org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required debug="true" useLdaps="false" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" hostname="ldap.example.com" port="389" bindDn="cn=Directory Manager" bindPassword="directory" authenticationMethod="simple" forceBindingLogin="false" userBaseDn="ou=people,dc=alcatel" userRdnAttribute="uid" userIdAttribute="uid" userPasswordAttribute="userPassword" userObjectClass="inetOrgPerson" roleBaseDn="ou=groups,dc=example,dc=com" roleNameAttribute="cn" roleMemberAttribute="uniqueMember" roleObjectClass="groupOfUniqueNames"; };
Nested Class Summary |
---|
Nested classes/interfaces inherited from class org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule |
---|
AbstractLoginModule.JAASUserInfo |
Constructor Summary | |
---|---|
LdapLoginModule()
|
Method Summary | |
---|---|
boolean |
abort()
|
boolean |
bindingLogin(String username,
Object password)
binding authentication check This method of authentication works only if the user branch of the DIT (ldap tree) has an ACI (access control instruction) that allow the access to any user or at least for the user that logs in. |
boolean |
commit()
|
static String |
convertCredentialJettyToLdap(String encryptedPassword)
|
static String |
convertCredentialLdapToJetty(String encryptedPassword)
|
protected boolean |
credentialLogin(Object webCredential)
password supplied authentication check |
protected String |
doRFC2254Encoding(String inputString)
|
Hashtable<Object,Object> |
getEnvironment()
get the context for connection |
UserInfo |
getUserInfo(String username)
get the available information about the user for this LoginModule, the credential can be null which will result in a binding ldap authentication scenario roles are also an optional concept if required |
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
Init LoginModule. |
boolean |
login()
since ldap uses a context bind for valid authentication checking, we override login() if credentials are not available from the users context or if we are forcing the binding check then we try a binding authentication check, otherwise if we have the users encoded password then we can try authentication via that mechanic |
Methods inherited from class org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule |
---|
configureCallbacks, getCallbackHandler, getCurrentUser, getSubject, isAuthenticated, isCommitted, logout, setAuthenticated, setCallbackHandler, setCommitted, setCurrentUser, setSubject |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public LdapLoginModule()
Method Detail |
---|
public UserInfo getUserInfo(String username) throws Exception
getUserInfo
in class AbstractLoginModule
username
-
Exception
protected String doRFC2254Encoding(String inputString)
public boolean login() throws LoginException
login
in interface LoginModule
login
in class AbstractLoginModule
LoginException
LoginModule.login()
protected boolean credentialLogin(Object webCredential) throws LoginException
webCredential
-
LoginException
public boolean bindingLogin(String username, Object password) throws LoginException, NamingException
username
- password
-
LoginException
NamingException
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
initialize
in interface LoginModule
initialize
in class AbstractLoginModule
subject
- callbackHandler
- sharedState
- options
- LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
public boolean commit() throws LoginException
commit
in interface LoginModule
commit
in class AbstractLoginModule
LoginException
LoginModule.commit()
public boolean abort() throws LoginException
abort
in interface LoginModule
abort
in class AbstractLoginModule
LoginException
LoginModule.abort()
public Hashtable<Object,Object> getEnvironment()
public static String convertCredentialJettyToLdap(String encryptedPassword)
public static String convertCredentialLdapToJetty(String encryptedPassword)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |