org.eclipse.jetty.plus.jaas.spi
类 LdapLoginModule

java.lang.Object
  org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule
      org.eclipse.jetty.plus.jaas.spi.LdapLoginModule

所有已实现的接口：

LoginModule

public class LdapLoginModule
extends AbstractLoginModule

A LdapLoginModule for use with JAAS setups

The jvm should be started with the following parameter:

-Djava.security.auth.login.config=etc/ldap-loginModule.conf

and an example of the ldap-loginModule.conf would be:

 ldaploginmodule {
    org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required
    debug="true"
    useLdaps="false"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="ldap.example.com"
    port="389"
    bindDn="cn=Directory Manager"
    bindPassword="directory"
    authenticationMethod="simple"
    forceBindingLogin="false"
    userBaseDn="ou=people,dc=alcatel"
    userRdnAttribute="uid"
    userIdAttribute="uid"
    userPasswordAttribute="userPassword"
    userObjectClass="inetOrgPerson"
    roleBaseDn="ou=groups,dc=example,dc=com"
    roleNameAttribute="cn"
    roleMemberAttribute="uniqueMember"
    roleObjectClass="groupOfUniqueNames";
    };
  

嵌套类摘要

从类 org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule 继承的嵌套类/接口

AbstractLoginModule.JAASUserInfo

构造方法摘要

LdapLoginModule()

方法摘要

boolean	abort()
boolean	bindingLogin(String username, Object password) binding authentication check This method of authentication works only if the user branch of the DIT (ldap tree) has an ACI (access control instruction) that allow the access to any user or at least for the user that logs in.
boolean	commit()
static String	convertCredentialJettyToLdap(String encryptedPassword)
static String	convertCredentialLdapToJetty(String encryptedPassword)
protected boolean	credentialLogin(Object webCredential) password supplied authentication check
protected String	doRFC2254Encoding(String inputString)
Hashtable<Object,Object>	getEnvironment() get the context for connection
UserInfo	getUserInfo(String username) get the available information about the user for this LoginModule, the credential can be null which will result in a binding ldap authentication scenario roles are also an optional concept if required
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) Init LoginModule.
boolean	login() since ldap uses a context bind for valid authentication checking, we override login() if credentials are not available from the users context or if we are forcing the binding check then we try a binding authentication check, otherwise if we have the users encoded password then we can try authentication via that mechanic

从类 org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule 继承的方法

configureCallbacks, getCallbackHandler, getCurrentUser, getSubject, isAuthenticated, isCommitted, logout, setAuthenticated, setCallbackHandler, setCommitted, setCurrentUser, setSubject

从类 java.lang.Object 继承的方法

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造方法详细信息

LdapLoginModule

public LdapLoginModule()

方法详细信息

getUserInfo

public UserInfo getUserInfo(String username)
                     throws Exception

get the available information about the user

for this LoginModule, the credential can be null which will result in a binding ldap authentication scenario

roles are also an optional concept if required

指定者：

类 AbstractLoginModule 中的 getUserInfo

参数：

username -

返回：

the userinfo for the username

抛出：

Exception

doRFC2254Encoding

protected String doRFC2254Encoding(String inputString)

login

public boolean login()
              throws LoginException

since ldap uses a context bind for valid authentication checking, we override login()

if credentials are not available from the users context or if we are forcing the binding check then we try a binding authentication check, otherwise if we have the users encoded password then we can try authentication via that mechanic

指定者：

接口 LoginModule 中的 login

覆盖：

类 AbstractLoginModule 中的 login

返回：

true if authenticated, false otherwise

抛出：

LoginException

另请参见：

LoginModule.login()

credentialLogin

protected boolean credentialLogin(Object webCredential)
                           throws LoginException

password supplied authentication check

参数：

webCredential -

返回：

true if authenticated

抛出：

LoginException

bindingLogin

public boolean bindingLogin(String username,
                            Object password)
                     throws LoginException,
                            NamingException

binding authentication check This method of authentication works only if the user branch of the DIT (ldap tree) has an ACI (access control instruction) that allow the access to any user or at least for the user that logs in.

参数：

username -

password -

返回：

true always

抛出：

LoginException

NamingException

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Init LoginModule. Called once by JAAS after new instance is created.

指定者：

接口 LoginModule 中的 initialize

覆盖：

类 AbstractLoginModule 中的 initialize

参数：

subject -

callbackHandler -

sharedState -

options -

另请参见：

LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)

commit

public boolean commit()
               throws LoginException

指定者：

接口 LoginModule 中的 commit

覆盖：

类 AbstractLoginModule 中的 commit

返回：

true if committed, false if not (likely not authenticated)

抛出：

LoginException

另请参见：

LoginModule.commit()

abort

public boolean abort()
              throws LoginException

指定者：

接口 LoginModule 中的 abort

覆盖：

类 AbstractLoginModule 中的 abort

抛出：

LoginException

另请参见：

LoginModule.abort()

getEnvironment

public Hashtable<Object,Object> getEnvironment()

get the context for connection

返回：

the environment details for the context

convertCredentialJettyToLdap

public static String convertCredentialJettyToLdap(String encryptedPassword)

convertCredentialLdapToJetty

public static String convertCredentialLdapToJetty(String encryptedPassword)