com.sun.enterprise.security.auth.realm.ldap

Class LDAPRealm

java.lang.Object

com.sun.enterprise.security.auth.realm.AbstractRealm

com.sun.enterprise.security.auth.realm.AbstractStatefulRealm

com.sun.enterprise.security.auth.realm.Realm

com.sun.enterprise.security.BaseRealm

com.sun.enterprise.security.auth.realm.ldap.LDAPRealm

All Implemented Interfaces:

Comparable<Realm>

@Service
public final class LDAPRealm
extends BaseRealm

Realm wrapper for supporting LDAP authentication.

See LDAPLoginModule documentation for more details on the operation of the LDAP realm and login module.

The ldap realm needs the following properties in its configuration:

• directory - URL of LDAP directory to use
• base-dn - The base DN to use for user searches.
• jaas-ctx - JAAS context name used to access LoginModule for authentication.

Besides JDK Context properties start with java.naming, javax.security, one can also set connection pool related properties starting with com.sun.jndi.ldap.connect.pool. See http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html for details. Also, the following optional attributes can also be specified:

• search-filter - LDAP filter to use for searching for the user entry based on username given to iAS. The default value is uid=%s where %s is expanded to the username.
• group-base-dn - The base DN to use for group searches. By default its value is the same as base-dn.
• group-search-filter - The LDAP filter to use for searching group membership of a given user. The default value is uniquemember=%d where %d is expanded to the DN of the user found by the user search.
• group-target - The attribute which value(s) are interpreted as group membership names of the user. Default value is cn.
• search-bind-dn - The dn of ldap user. optional and no default value.
• search-bind-password - The password of search-bind-dn.optional and no default value.
• pool-size - The JNDI ldap connection pool size.

See Also:

LDAPLoginModule

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTH_TYPE
static String	DEFAULT_POOL_PROTOCOL
static String	DEFAULT_SSL_LDAP_SOCKET_FACTORY
static String	DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY
static String	DYNAMIC_GROUP_FILTER
static String	DYNAMIC_GROUP_STATE_FACTORY_PROPERTY
protected static Logger	groupSearchLogger
static String	LDAP_SOCKET_FACTORY
static String	LDAPS_URL
static String	MODE_FIND_BIND
static String	PARAM_BINDDN
static String	PARAM_BINDPWD
static String	PARAM_DIRURL
static String	PARAM_DYNAMIC_GRP_FILTER
static String	PARAM_DYNAMIC_GRP_TARGET
static String	PARAM_GRP_SEARCH_FILTER
static String	PARAM_GRP_TARGET
static String	PARAM_GRPDN
static String	PARAM_JNDICF
static String	PARAM_MODE
static String	PARAM_POOLSIZE
static String	PARAM_SEARCH_FILTER
static String	PARAM_USERDN
static String	SSL
static String	SUBST_SUBJECT_DN
static String	SUBST_SUBJECT_NAME

Fields inherited from class com.sun.enterprise.security.BaseRealm

JAAS_CONTEXT_PARAM, sm

Fields inherited from class com.sun.enterprise.security.auth.realm.Realm

_logger, RI_DEFAULT

Fields inherited from class com.sun.enterprise.security.auth.realm.AbstractStatefulRealm

groupMapper, PARAM_GROUP_MAPPING

Constructor Summary

Constructors

Constructor and Description
LDAPRealm()

Method Summary

Modifier and Type	Method and Description
String[]	findAndBind(String _username, char[] _password) Supports mode=find-bind.
String	getAuthType() Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.
Enumeration	getGroupNames(String username) Returns the name of all the groups that this user belongs to.
void	init(Properties props) Initialize a realm with some properties.

Methods inherited from class com.sun.enterprise.security.BaseRealm

addUser, addUser, getGroupNames, getUser, getUserNames, persist, refresh, removeUser, supportsUserManagement, updateUser, updateUser

Methods inherited from class com.sun.enterprise.security.auth.realm.Realm

getDefaultInstance, getDefaultRealm, getInstance, getInstance, getRealmNames, getRealmStatsProvier, instantiate, instantiate, isValidRealm, isValidRealm, setDefaultRealm, unloadInstance, unloadInstance, updateInstance, updateInstance

Methods inherited from class com.sun.enterprise.security.auth.realm.AbstractStatefulRealm

addAssignGroups, compareTo, getDefaultDigestAlgorithm, getJAASContext, getMappedGroupNames, getName, getProperties, getProperty, refresh, setName, setProperty, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.lang.Comparable

compareTo

Field Detail

groupSearchLogger

protected static final Logger groupSearchLogger

AUTH_TYPE

public static final String AUTH_TYPE

See Also:

Constant Field Values

PARAM_DIRURL

public static final String PARAM_DIRURL

See Also:

Constant Field Values

PARAM_USERDN

public static final String PARAM_USERDN

See Also:

Constant Field Values

PARAM_SEARCH_FILTER

public static final String PARAM_SEARCH_FILTER

See Also:

Constant Field Values

PARAM_GRPDN

public static final String PARAM_GRPDN

See Also:

Constant Field Values

PARAM_GRP_SEARCH_FILTER

public static final String PARAM_GRP_SEARCH_FILTER

See Also:

Constant Field Values

PARAM_GRP_TARGET

public static final String PARAM_GRP_TARGET

See Also:

Constant Field Values

PARAM_DYNAMIC_GRP_FILTER

public static final String PARAM_DYNAMIC_GRP_FILTER

See Also:

Constant Field Values

PARAM_DYNAMIC_GRP_TARGET

public static final String PARAM_DYNAMIC_GRP_TARGET

See Also:

Constant Field Values

PARAM_MODE

public static final String PARAM_MODE

See Also:

Constant Field Values

PARAM_JNDICF

public static final String PARAM_JNDICF

See Also:

Constant Field Values

PARAM_POOLSIZE

public static final String PARAM_POOLSIZE

See Also:

Constant Field Values

PARAM_BINDDN

public static final String PARAM_BINDDN

See Also:

Constant Field Values

PARAM_BINDPWD

public static final String PARAM_BINDPWD

See Also:

Constant Field Values

MODE_FIND_BIND

public static final String MODE_FIND_BIND

See Also:

Constant Field Values

SUBST_SUBJECT_NAME

public static final String SUBST_SUBJECT_NAME

See Also:

Constant Field Values

SUBST_SUBJECT_DN

public static final String SUBST_SUBJECT_DN

See Also:

Constant Field Values

DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY

public static final String DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY

See Also:

Constant Field Values

DYNAMIC_GROUP_STATE_FACTORY_PROPERTY

public static final String DYNAMIC_GROUP_STATE_FACTORY_PROPERTY

See Also:

Constant Field Values

LDAP_SOCKET_FACTORY

public static final String LDAP_SOCKET_FACTORY

See Also:

Constant Field Values

DEFAULT_SSL_LDAP_SOCKET_FACTORY

public static final String DEFAULT_SSL_LDAP_SOCKET_FACTORY

See Also:

Constant Field Values

LDAPS_URL

public static final String LDAPS_URL

See Also:

Constant Field Values

DEFAULT_POOL_PROTOCOL

public static final String DEFAULT_POOL_PROTOCOL

See Also:

Constant Field Values

DYNAMIC_GROUP_FILTER

public static final String DYNAMIC_GROUP_FILTER

See Also:

Constant Field Values

SSL

public static final String SSL

See Also:

Constant Field Values

Constructor Detail

LDAPRealm

public LDAPRealm()

Method Detail

init

public void init(Properties props)
          throws BadRealmException,
                 NoSuchRealmException

Initialize a realm with some properties. This can be used when instantiating realms from their descriptions. This method may only be called a single time.

Overrides:

init in class AbstractStatefulRealm

Parameters:

props - Initialization parameters used by this realm.

Throws:

BadRealmException - If the configuration parameters identify a corrupt realm.

NoSuchRealmException - If the configuration parameters specify a realm which doesn't exist.

getAuthType

public String getAuthType()

Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.

Specified by:

getAuthType in class AbstractRealm

Returns:

Description of the kind of authentication that is directly supported by this realm.

getGroupNames

public Enumeration getGroupNames(String username)
                          throws InvalidOperationException,
                                 NoSuchUserException

Returns the name of all the groups that this user belongs to. Note that this information is only known after the user has logged in. This is called from web path role verification, though it should not be.

Specified by:

getGroupNames in class AbstractRealm

Parameters:

username - Name of the user in this realm whose group listing is needed.

Returns:

Enumeration of group names (strings).

Throws:

InvalidOperationException - thrown if the realm does not support this operation - e.g. Certificate realm does not support this operation.

NoSuchUserException

findAndBind

public String[] findAndBind(String _username,
                            char[] _password)
                     throws LoginException

Supports mode=find-bind. See class documentation.

Parameters:

_username -

_password -

Returns:

Throws:

LoginException