public class LdapLoginModule extends AbstractLoginModule
-Djava.security.auth.login.config=etc/ldap-loginModule.conf
ldaploginmodule {
org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required
debug="true"
useLdaps="false"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="ldap.example.com"
port="389"
bindDn="cn=Directory Manager"
bindPassword="directory"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="ou=people,dc=alcatel"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="inetOrgPerson"
roleBaseDn="ou=groups,dc=example,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="uniqueMember"
roleObjectClass="groupOfUniqueNames";
};
AbstractLoginModule.JAASUserInfo| Constructor and Description |
|---|
LdapLoginModule() |
| Modifier and Type | Method and Description |
|---|---|
boolean |
abort() |
boolean |
bindingLogin(String username,
Object password)
binding authentication check
This method of authentication works only if the user branch of the DIT (ldap tree)
has an ACI (access control instruction) that allow the access to any user or at least
for the user that logs in.
|
boolean |
commit() |
static String |
convertCredentialJettyToLdap(String encryptedPassword) |
static String |
convertCredentialLdapToJetty(String encryptedPassword) |
protected boolean |
credentialLogin(Object webCredential)
password supplied authentication check
|
protected String |
doRFC2254Encoding(String inputString) |
Hashtable<Object,Object> |
getEnvironment()
get the context for connection
|
UserInfo |
getUserInfo(String username)
get the available information about the user
for this LoginModule, the credential can be null which will result in a
binding ldap authentication scenario
roles are also an optional concept if required
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
Init LoginModule.
|
boolean |
login()
since ldap uses a context bind for valid authentication checking, we override login()
if credentials are not available from the users context or if we are forcing the binding check
then we try a binding authentication check, otherwise if we have the users encoded password then
we can try authentication via that mechanic
|
configureCallbacks, getCallbackHandler, getCurrentUser, getSubject, isAuthenticated, isCommitted, isIgnored, logout, setAuthenticated, setCallbackHandler, setCommitted, setCurrentUser, setSubjectpublic UserInfo getUserInfo(String username) throws Exception
getUserInfo in class AbstractLoginModuleusername - Exceptionpublic boolean login()
throws LoginException
login in interface LoginModulelogin in class AbstractLoginModuleLoginExceptionLoginModule.login()protected boolean credentialLogin(Object webCredential) throws LoginException
webCredential - LoginExceptionpublic boolean bindingLogin(String username, Object password) throws LoginException, NamingException
username - password - LoginExceptionNamingExceptionpublic void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
initialize in interface LoginModuleinitialize in class AbstractLoginModulesubject - callbackHandler - sharedState - options - LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)public boolean commit()
throws LoginException
commit in interface LoginModulecommit in class AbstractLoginModuleLoginExceptionLoginModule.commit()public boolean abort()
throws LoginException
abort in interface LoginModuleabort in class AbstractLoginModuleLoginExceptionLoginModule.abort()public Hashtable<Object,Object> getEnvironment()
public static String convertCredentialJettyToLdap(String encryptedPassword)
Copyright © 1995-2015 Mort Bay Consulting. All Rights Reserved.