public class LDAPConfiguration extends Object
org.flowable.engine.configurator.ProcessEngineConfigurator that integrates a LDAP system with the Flowable process engine. The LDAP system will be consulted primarily for getting user information and in particular for
fetching groups of a user.
This class is extensible and many methods can be overridden when the default behavior is not fitting your use case.
Check the docs (specifically the setters) to see how this class can be tweaked.
| Constructor and Description |
|---|
LDAPConfiguration() |
| Modifier and Type | Method and Description |
|---|---|
String |
getBaseDn() |
Map<String,String> |
getCustomConnectionParameters() |
String |
getGroupBaseDn() |
long |
getGroupCacheExpirationTime() |
LDAPGroupCache.LDAPGroupCacheListener |
getGroupCacheListener() |
int |
getGroupCacheSize() |
String |
getGroupIdAttribute() |
String |
getGroupNameAttribute() |
String |
getGroupTypeAttribute() |
String |
getInitialContextFactory() |
LDAPQueryBuilder |
getLdapQueryBuilder()
Set a custom
LDAPQueryBuilder if the default implementation is not suitable. |
String |
getPassword() |
int |
getPort() |
String |
getQueryAllGroups() |
String |
getQueryAllUsers() |
String |
getQueryGroupByGroupId()
Query that is executed when searching for one group by a specific group id
|
String |
getQueryGroupsForUser() |
String |
getQueryUserByFullNameLike() |
String |
getQueryUserByUserId() |
int |
getSearchTimeLimit() |
String |
getSecurityAuthentication() |
String |
getServer() |
String |
getUser() |
String |
getUserBaseDn() |
String |
getUserEmailAttribute() |
String |
getUserFirstNameAttribute() |
String |
getUserIdAttribute() |
String |
getUserLastNameAttribute() |
boolean |
isConnectionPooling() |
void |
setBaseDn(String baseDn)
The base 'distinguished name' (DN) from which the searches for users and groups are started.
|
void |
setConnectionPooling(boolean connectionPooling)
Sets if connections to the LDAP system should be pooled and reused.
|
void |
setCustomConnectionParameters(Map<String,String> customConnectionParameters)
Allows to set all LDAP connection parameters which do not have a dedicated setter.
|
void |
setGroupBaseDn(String groupBaseDn)
The base 'distinguished name' (DN) from which the searches for groups are started.
|
void |
setGroupCacheExpirationTime(long groupCacheExpirationTime)
Sets the expiration time of the
LDAPGroupCache in milliseconds. |
void |
setGroupCacheListener(LDAPGroupCache.LDAPGroupCacheListener groupCacheListener) |
void |
setGroupCacheSize(int groupCacheSize)
Allows to set the size of the
LDAPGroupCache. |
void |
setGroupIdAttribute(String groupIdAttribute)
Name of the attribute that matches the group id.
|
void |
setGroupNameAttribute(String groupNameAttribute)
Name of the attribute that matches the group name.
|
void |
setGroupTypeAttribute(String groupTypeAttribute)
Name of the attribute that matches the group type.
|
void |
setInitialContextFactory(String initialContextFactory)
The
InitialContextFactory name used to connect to the LDAP system. |
void |
setLdapQueryBuilder(LDAPQueryBuilder ldapQueryBuilder) |
void |
setPassword(String password)
The password that is used to connect to the LDAP system.
|
void |
setPort(int port)
The port on which the LDAP system is running.
|
void |
setQueryAllGroups(String queryAllGroups)
The query that is executed when searching for all groups.
|
void |
setQueryAllUsers(String queryAllUsers)
The query that is executed when searching for all users.
|
void |
setQueryGroupByGroupId(String queryGroupByGroupId)
Query that is executed when searching for one group by a specific group id
|
void |
setQueryGroupsForUser(String queryGroupsForUser)
The query that is executed when searching for the groups of a specific user.
|
void |
setQueryUserByFullNameLike(String queryUserByFullNameLike)
The query that is executed when searching for a user by full name.
|
void |
setQueryUserByUserId(String queryUserByUserId)
The query that is executed when searching for a user by userId.
|
void |
setSearchTimeLimit(int searchTimeLimit)
The timeout that is used when doing a search in LDAP.
|
void |
setSecurityAuthentication(String securityAuthentication)
The value that is used for the 'java.naming.security.authentication' property used to connect to the LDAP system.
|
void |
setServer(String server)
The server on which the LDAP system can be reached.
|
void |
setUser(String user)
The user id that is used to connect to the LDAP system.
|
void |
setUserBaseDn(String userBaseDn)
The base 'distinguished name' (DN) from which the searches for users are started.
|
void |
setUserEmailAttribute(String userEmailAttribute)
Name of the attribute that matches the user email.
|
void |
setUserFirstNameAttribute(String userFirstNameAttribute)
Name of the attribute that matches the user first name.
|
void |
setUserIdAttribute(String userIdAttribute)
Name of the attribute that matches the user id.
|
void |
setUserLastNameAttribute(String userLastNameAttribute)
Name of the attribute that matches the user last name.
|
protected String server
protected int port
protected String user
protected String password
protected String initialContextFactory
protected String securityAuthentication
protected String baseDn
protected String userBaseDn
protected String groupBaseDn
protected int searchTimeLimit
protected String queryUserByUserId
protected String queryGroupsForUser
protected String queryUserByFullNameLike
protected String queryAllUsers
protected String queryAllGroups
protected String queryGroupByGroupId
protected String userIdAttribute
protected String userFirstNameAttribute
protected String userLastNameAttribute
protected String userEmailAttribute
protected String groupIdAttribute
protected String groupNameAttribute
protected String groupTypeAttribute
protected LDAPQueryBuilder ldapQueryBuilder
protected int groupCacheSize
protected long groupCacheExpirationTime
protected LDAPGroupCache.LDAPGroupCacheListener groupCacheListener
protected boolean connectionPooling
public String getServer()
public void setServer(String server)
public int getPort()
public void setPort(int port)
public String getUser()
public void setUser(String user)
public String getPassword()
public void setPassword(String password)
public String getInitialContextFactory()
public void setInitialContextFactory(String initialContextFactory)
InitialContextFactory name used to connect to the LDAP system.
By default set to 'com.sun.jndi.ldap.LdapCtxFactory'.
public String getSecurityAuthentication()
public void setSecurityAuthentication(String securityAuthentication)
By default set to 'simple'.
public void setCustomConnectionParameters(Map<String,String> customConnectionParameters)
All the provided parameters will be provided when creating a InitialDirContext, ie when a connection to the LDAP system is established.
public String getBaseDn()
public void setBaseDn(String baseDn)
Use setUserBaseDn(String) or setGroupBaseDn(String) when needing to differentiate between user and group base DN.
public String getUserBaseDn()
public void setUserBaseDn(String userBaseDn)
public String getGroupBaseDn()
public void setGroupBaseDn(String groupBaseDn)
public int getSearchTimeLimit()
public void setSearchTimeLimit(int searchTimeLimit)
public String getQueryUserByUserId()
public void setQueryUserByUserId(String queryUserByUserId)
For example: (&(objectClass=inetOrgPerson)(uid={0}))
Here, all the objects in LDAP with the class 'inetOrgPerson' and who have the matching 'uid' attribute value will be returned.
As shown in the example, the user id is injected by the typical MessageFormat, ie by using {0}
If setting the query alone is insufficient for your specific LDAP setup, you can alternatively plug in a different LDAPQueryBuilder, which allows for more customization than only the
query.
public String getQueryGroupsForUser()
public String getQueryUserByFullNameLike()
public void setQueryUserByFullNameLike(String queryUserByFullNameLike)
For example: (&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}={3})))
Here, all the objects in LDAP with the class 'inetOrgPerson' and who have the matching first name or last name will be returned
Several things will be injected in the expression: {0} : the first name attribute {1} : the search text {2} : the last name attribute {3} : the search text
If setting the query alone is insufficient for your specific LDAP setup, you can alternatively plug in a different LDAPQueryBuilder, which allows for more customization than only the
query.
public String getQueryAllUsers()
public void setQueryAllUsers(String queryAllUsers)
public String getQueryAllGroups()
public void setQueryAllGroups(String queryAllGroups)
public String getQueryGroupByGroupId()
public void setQueryGroupByGroupId(String queryGroupByGroupId)
public void setQueryGroupsForUser(String queryGroupsForUser)
For example: (&(objectClass=groupOfUniqueNames)(uniqueMember={0}))
Here, all the objects in LDAP with the class 'groupOfUniqueNames' and where the provided DN is a 'uniqueMember' are returned.
As shown in the example, the user id is injected by the typical MessageFormat, ie by using {0}
If setting the query alone is insufficient for your specific LDAP setup, you can alternatively plug in a different LDAPQueryBuilder, which allows for more customization than only the
query.
public String getUserIdAttribute()
public void setUserIdAttribute(String userIdAttribute)
public String getUserFirstNameAttribute()
public void setUserFirstNameAttribute(String userFirstNameAttribute)
public String getUserLastNameAttribute()
public void setUserLastNameAttribute(String userLastNameAttribute)
public String getUserEmailAttribute()
public void setUserEmailAttribute(String userEmailAttribute)
public String getGroupIdAttribute()
public void setGroupIdAttribute(String groupIdAttribute)
public String getGroupNameAttribute()
public void setGroupNameAttribute(String groupNameAttribute)
public String getGroupTypeAttribute()
public void setGroupTypeAttribute(String groupTypeAttribute)
public LDAPQueryBuilder getLdapQueryBuilder()
LDAPQueryBuilder if the default implementation is not suitable. The LDAPQueryBuilder instance is used when the LDAPUserManager or LDAPGroupManager
does an actual query against the LDAP system.
The default implementation uses the properties as set on this instance such as setQueryGroupsForUser(String) and setQueryUserByUserId(String).
public void setLdapQueryBuilder(LDAPQueryBuilder ldapQueryBuilder)
public int getGroupCacheSize()
public void setGroupCacheSize(int groupCacheSize)
LDAPGroupCache. This is an LRU cache that caches groups for users and thus avoids hitting the LDAP system each time the groups of a user needs to be known.
The cache will not be instantiated if the value is less then zero. By default set to -1, so no caching is done.
Note that the group cache is instantiated on the LDAPGroupManagerFactory. As such, if you have a custom implementation of the LDAPGroupManagerFactory, do not forget to add the
group cache functionality.
public long getGroupCacheExpirationTime()
public void setGroupCacheExpirationTime(long groupCacheExpirationTime)
LDAPGroupCache in milliseconds. When groups for a specific user are fetched, and if the group cache exists (see setGroupCacheSize(int)), the
groups will be stored in this cache for the time set in this property. ie. when the groups were fetched at 00:00 and the expiration time is 30 mins, any fetch of the groups for that user after
00:30 will not come from the cache, but do a fetch again from the LDAP system. Likewise, everything group fetch for that user done between 00:00 - 00:30 will come from the cache.
By default set to one hour.
public LDAPGroupCache.LDAPGroupCacheListener getGroupCacheListener()
public void setGroupCacheListener(LDAPGroupCache.LDAPGroupCacheListener groupCacheListener)
public void setConnectionPooling(boolean connectionPooling)
Enabled by default.
public boolean isConnectionPooling()
Copyright © 2021 Flowable. All rights reserved.