org.eclipse.jetty.plus.jaas.spi
public class LdapLoginModule extends AbstractLoginModule
-Djava.security.auth.login.config=etc/ldap-loginModule.conf
ldaploginmodule { org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required debug="true" useLdaps="false" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" hostname="ldap.example.com" port="389" bindDn="cn=Directory Manager" bindPassword="directory" authenticationMethod="simple" forceBindingLogin="false" userBaseDn="ou=people,dc=alcatel" userRdnAttribute="uid" userIdAttribute="uid" userPasswordAttribute="userPassword" userObjectClass="inetOrgPerson" roleBaseDn="ou=groups,dc=example,dc=com" roleNameAttribute="cn" roleMemberAttribute="uniqueMember" roleObjectClass="groupOfUniqueNames"; };
AbstractLoginModule.JAASUserInfo
Constructor and Description |
---|
LdapLoginModule() |
Modifier and Type | Method and Description |
---|---|
boolean |
abort() |
boolean |
bindingLogin(java.lang.String username,
java.lang.Object password)
binding authentication check
This method of authentication works only if the user branch of the DIT (ldap tree)
has an ACI (access control instruction) that allow the access to any user or at least
for the user that logs in.
|
boolean |
commit() |
static java.lang.String |
convertCredentialJettyToLdap(java.lang.String encryptedPassword) |
static java.lang.String |
convertCredentialLdapToJetty(java.lang.String encryptedPassword) |
protected boolean |
credentialLogin(java.lang.Object webCredential)
password supplied authentication check
|
protected java.lang.String |
doRFC2254Encoding(java.lang.String inputString) |
java.util.Hashtable<java.lang.Object,java.lang.Object> |
getEnvironment()
get the context for connection
|
UserInfo |
getUserInfo(java.lang.String username)
get the available information about the user
for this LoginModule, the credential can be null which will result in a
binding ldap authentication scenario
roles are also an optional concept if required
|
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map<java.lang.String,?> sharedState,
java.util.Map<java.lang.String,?> options)
Init LoginModule.
|
boolean |
login()
since ldap uses a context bind for valid authentication checking, we override login()
if credentials are not available from the users context or if we are forcing the binding check
then we try a binding authentication check, otherwise if we have the users encoded password then
we can try authentication via that mechanic
|
configureCallbacks, getCallbackHandler, getCurrentUser, getSubject, isAuthenticated, isCommitted, logout, setAuthenticated, setCallbackHandler, setCommitted, setCurrentUser, setSubject
public UserInfo getUserInfo(java.lang.String username) throws java.lang.Exception
getUserInfo
in class AbstractLoginModule
username
- java.lang.Exception
protected java.lang.String doRFC2254Encoding(java.lang.String inputString)
public boolean login() throws javax.security.auth.login.LoginException
login
in interface javax.security.auth.spi.LoginModule
login
in class AbstractLoginModule
javax.security.auth.login.LoginException
LoginModule.login()
protected boolean credentialLogin(java.lang.Object webCredential) throws javax.security.auth.login.LoginException
webCredential
- javax.security.auth.login.LoginException
public boolean bindingLogin(java.lang.String username, java.lang.Object password) throws javax.security.auth.login.LoginException, javax.naming.NamingException
username
- password
- javax.security.auth.login.LoginException
javax.naming.NamingException
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> options)
initialize
in interface javax.security.auth.spi.LoginModule
initialize
in class AbstractLoginModule
subject
- callbackHandler
- sharedState
- options
- LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
public boolean commit() throws javax.security.auth.login.LoginException
commit
in interface javax.security.auth.spi.LoginModule
commit
in class AbstractLoginModule
javax.security.auth.login.LoginException
LoginModule.commit()
public boolean abort() throws javax.security.auth.login.LoginException
abort
in interface javax.security.auth.spi.LoginModule
abort
in class AbstractLoginModule
javax.security.auth.login.LoginException
LoginModule.abort()
public java.util.Hashtable<java.lang.Object,java.lang.Object> getEnvironment()
public static java.lang.String convertCredentialJettyToLdap(java.lang.String encryptedPassword)
public static java.lang.String convertCredentialLdapToJetty(java.lang.String encryptedPassword)
Copyright © 2017. All Rights Reserved.