LdapLoginModule (Jetty :: JAAS 9.3.20.v20170531 API)

java.lang.Object
- org.eclipse.jetty.jaas.spi.AbstractLoginModule
- - org.eclipse.jetty.jaas.spi.LdapLoginModule

All Implemented Interfaces:: LoginModule

public class LdapLoginModule
extends AbstractLoginModule

A LdapLoginModule for use with JAAS setups

The jvm should be started with the following parameter:

 -Djava.security.auth.login.config=etc/ldap-loginModule.conf

and an example of the ldap-loginModule.conf would be:

 ldaploginmodule {
    org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required
    debug="true"
    useLdaps="false"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="ldap.example.com"
    port="389"
    bindDn="cn=Directory Manager"
    bindPassword="directory"
    authenticationMethod="simple"
    forceBindingLogin="false"
    userBaseDn="ou=people,dc=alcatel"
    userRdnAttribute="uid"
    userIdAttribute="uid"
    userPasswordAttribute="userPassword"
    userObjectClass="inetOrgPerson"
    roleBaseDn="ou=groups,dc=example,dc=com"
    roleNameAttribute="cn"
    roleMemberAttribute="uniqueMember"
    roleObjectClass="groupOfUniqueNames";
    };

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

class LdapLoginModule.LDAPUserInfo
- Nested classes/interfaces inherited from class org.eclipse.jetty.jaas.spi.AbstractLoginModule
  AbstractLoginModule.JAASUserInfo

Nested Classes
Modifier and Type	Class and Description
`class`	`LdapLoginModule.LDAPUserInfo`

Constructor Summary

Constructors
Constructor and Description

LdapLoginModule()

Constructors
Constructor and Description
`LdapLoginModule()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`abort()`
`boolean`	`bindingLogin(String username, Object password)` binding authentication check This method of authentication works only if the user branch of the DIT (ldap tree) has an ACI (access control instruction) that allow the access to any user or at least for the user that logs in.
`boolean`	`commit()`
`static String`	`convertCredentialLdapToJetty(String encryptedPassword)`
`protected boolean`	`credentialLogin(Object webCredential)` password supplied authentication check
`protected String`	`doRFC2254Encoding(String inputString)`
`Hashtable<Object,Object>`	`getEnvironment()` get the context for connection
`UserInfo`	`getUserInfo(String username)` get the available information about the user
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)` Init LoginModule.
`boolean`	`login()` since ldap uses a context bind for valid authentication checking, we override login()

Methods inherited from class org.eclipse.jetty.jaas.spi.AbstractLoginModule
configureCallbacks, getCallbackHandler, getCurrentUser, getSubject, isAuthenticated, isCommitted, isIgnored, logout, setAuthenticated, setCallbackHandler, setCommitted, setCurrentUser, setSubject

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - LdapLoginModule
```
public LdapLoginModule()
```
- Method Detail
  - getUserInfo
```
public UserInfo getUserInfo(String username)
                     throws Exception
```
    get the available information about the user
    for this LoginModule, the credential can be null which will result in a binding ldap authentication scenario
    roles are also an optional concept if required
    
    Specified by:
    
    getUserInfo in class AbstractLoginModule
    
    Parameters:
    
    username - the user name
    
    Returns:
    
    the userinfo for the username
    
    Throws:
    
    Exception - if unable to get the user info
  - doRFC2254Encoding
```
protected String doRFC2254Encoding(String inputString)
```
  - login
```
public boolean login()
              throws LoginException
```
    since ldap uses a context bind for valid authentication checking, we override login()
    if credentials are not available from the users context or if we are forcing the binding check then we try a binding authentication check, otherwise if we have the users encoded password then we can try authentication via that mechanic
    
    Specified by:
    
    login in interface LoginModule
    
    Overrides:
    
    login in class AbstractLoginModule
    
    Returns:
    
    true if authenticated, false otherwise
    
    Throws:
    
    LoginException - if unable to login
    
    See Also:
    
    LoginModule.login()
  - credentialLogin
```
protected boolean credentialLogin(Object webCredential)
                           throws LoginException
```
    password supplied authentication check
    
    Parameters:
    
    webCredential - the web credential
    
    Returns:
    
    true if authenticated
    
    Throws:
    
    LoginException - if unable to login
  - bindingLogin
```
public boolean bindingLogin(String username,
                            Object password)
                     throws LoginException,
                            NamingException
```
    binding authentication check This method of authentication works only if the user branch of the DIT (ldap tree) has an ACI (access control instruction) that allow the access to any user or at least for the user that logs in.
    
    Parameters:
    
    username - the user name
    
    password - the password
    
    Returns:
    
    true always
    
    Throws:
    
    LoginException - if unable to bind the login
    
    NamingException - if failure to bind login
  - initialize
```
public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)
```
    Init LoginModule.
    Called once by JAAS after new instance is created.
    
    Specified by:
    
    initialize in interface LoginModule
    
    Overrides:
    
    initialize in class AbstractLoginModule
    
    Parameters:
    
    subject - the subect
    
    callbackHandler - the callback handler
    
    sharedState - the shared state map
    
    options - the option map
    
    See Also:
    
    LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
  - commit
```
public boolean commit()
               throws LoginException
```
    Specified by:
    
    commit in interface LoginModule
    
    Overrides:
    
    commit in class AbstractLoginModule
    
    Returns:
    
    true if committed, false if not (likely not authenticated)
    
    Throws:
    
    LoginException - if unable to commit
    
    See Also:
    
    LoginModule.commit()
  - abort
```
public boolean abort()
              throws LoginException
```
    Specified by:
    
    abort in interface LoginModule
    
    Overrides:
    
    abort in class AbstractLoginModule
    
    Throws:
    
    LoginException - if unable to abort
    
    See Also:
    
    LoginModule.abort()
  - getEnvironment
```
public Hashtable<Object,Object> getEnvironment()
```
    get the context for connection
    
    Returns:
    
    the environment details for the context
  - convertCredentialLdapToJetty
```
public static String convertCredentialLdapToJetty(String encryptedPassword)
```

Class LdapLoginModule

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.jaas.spi.AbstractLoginModule

Constructor Summary

Method Summary

Methods inherited from class org.eclipse.jetty.jaas.spi.AbstractLoginModule

Methods inherited from class java.lang.Object

Constructor Detail

LdapLoginModule

Method Detail

getUserInfo

doRFC2254Encoding

login

credentialLogin

bindingLogin

initialize

commit

abort

getEnvironment

convertCredentialLdapToJetty