org.jboss.security.negotiation
Class AdvancedLdapLoginModule

java.lang.Object
  extended by org.jboss.security.auth.spi.AbstractServerLoginModule
      extended by org.jboss.security.negotiation.AdvancedLdapLoginModule
All Implemented Interfaces:
LoginModule
Direct Known Subclasses:
AdvancedLdapLoginModule

public class AdvancedLdapLoginModule
extends org.jboss.security.auth.spi.AbstractServerLoginModule

Another LDAP LoginModule to take into account requirements for different authentication mechanisms and full support for password-stacking set to useFirstPass. This is essentially a complete refactoring of the LdapExtLoginModule but with enough restructuring to separate out the three login steps: - -1 Find the user -2 Authenticate as the user -3 Find the users roles Configuration should allow for any of the three actions to be skipped based on the requirements for the environment making use of this login module.

Since:
3rd July 2008
Author:
darran.lofthouse@jboss.com

Field Summary
protected  boolean allowEmptyPassword
           
protected  String baseCtxDN
           
protected  String baseFilter
           
protected  String bindAuthentication
           
protected  String bindCredential
           
protected  String bindDn
           
protected  String jaasSecurityDomain
           
protected  boolean recurseRoles
           
protected  String roleAttributeID
           
protected  boolean roleAttributeIsDN
           
protected  String roleFilter
           
protected  String roleNameAttributeID
           
protected  String rolesCtxDN
           
protected  SearchControls roleSearchControls
           
protected  int searchTimeLimit
           
protected  SearchControls userSearchControls
           
 
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
 
Constructor Summary
AdvancedLdapLoginModule()
           
 
Method Summary
protected  void authenticate(String userDN)
           
protected  LdapContext constructLdapContext(String dn, Object credential, String authentication)
           
protected  String findUserDN(LdapContext ctx)
           
protected  Principal getIdentity()
           
protected  Group[] getRoleSets()
           
 void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
           
protected  Boolean innerLogin()
           
 boolean login()
           
protected  void obtainRole(LdapContext searchContext, String dn)
           
protected  void processIdentityAndCredential()
          Either retrieve existing values based on useFirstPass or use CallBackHandler to obtain the values.
protected  void rolesSearch(LdapContext searchContext, String dn)
           
protected  void traceLdapEnv(Properties env)
           
 
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, commit, createGroup, createIdentity, getUnauthenticatedIdentity, getUseFirstPass, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

bindAuthentication

protected String bindAuthentication

bindDn

protected String bindDn

bindCredential

protected String bindCredential

jaasSecurityDomain

protected String jaasSecurityDomain

baseCtxDN

protected String baseCtxDN

baseFilter

protected String baseFilter

searchTimeLimit

protected int searchTimeLimit

userSearchControls

protected SearchControls userSearchControls

rolesCtxDN

protected String rolesCtxDN

roleFilter

protected String roleFilter

recurseRoles

protected boolean recurseRoles

roleSearchControls

protected SearchControls roleSearchControls

roleAttributeID

protected String roleAttributeID

roleAttributeIsDN

protected boolean roleAttributeIsDN

roleNameAttributeID

protected String roleNameAttributeID

allowEmptyPassword

protected boolean allowEmptyPassword
Constructor Detail

AdvancedLdapLoginModule

public AdvancedLdapLoginModule()
Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler handler,
                       Map sharedState,
                       Map options)
Specified by:
initialize in interface LoginModule
Overrides:
initialize in class org.jboss.security.auth.spi.AbstractServerLoginModule

login

public boolean login()
              throws LoginException
Specified by:
login in interface LoginModule
Overrides:
login in class org.jboss.security.auth.spi.AbstractServerLoginModule
Throws:
LoginException

getIdentity

protected Principal getIdentity()
Specified by:
getIdentity in class org.jboss.security.auth.spi.AbstractServerLoginModule

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException
Specified by:
getRoleSets in class org.jboss.security.auth.spi.AbstractServerLoginModule
Throws:
LoginException

innerLogin

protected Boolean innerLogin()
                      throws LoginException
Throws:
LoginException

processIdentityAndCredential

protected void processIdentityAndCredential()
                                     throws LoginException
Either retrieve existing values based on useFirstPass or use CallBackHandler to obtain the values.

Throws:
LoginException

constructLdapContext

protected LdapContext constructLdapContext(String dn,
                                           Object credential,
                                           String authentication)
                                    throws LoginException
Throws:
LoginException

findUserDN

protected String findUserDN(LdapContext ctx)
                     throws LoginException
Throws:
LoginException

authenticate

protected void authenticate(String userDN)
                     throws LoginException
Throws:
LoginException

rolesSearch

protected void rolesSearch(LdapContext searchContext,
                           String dn)
                    throws LoginException
Throws:
LoginException

obtainRole

protected void obtainRole(LdapContext searchContext,
                          String dn)
                   throws NamingException,
                          LoginException
Throws:
NamingException
LoginException

traceLdapEnv

protected void traceLdapEnv(Properties env)


Copyright © 2010 JBoss, a division of Red Hat, Inc.. All Rights Reserved.