Package org.flowable.ldap

Class LDAPConfiguration

  • public class LDAPConfiguration
extends Object
    A org.flowable.engine.configurator.ProcessEngineConfigurator that integrates a LDAP system with the Flowable process engine. The LDAP system will be consulted primarily for getting user information and in particular for fetching groups of a user.

    This class is extensible and many methods can be overridden when the default behavior is not fitting your use case.

    Check the docs (specifically the setters) to see how this class can be tweaked.

    Author:
    Joram Barrez

    • Field Detail

      • server

        protected String server

      • port

        protected int port

      • password

        protected String password

      • initialContextFactory

        protected String initialContextFactory

      • securityAuthentication

        protected String securityAuthentication

      • customConnectionParameters

        protected Map<String,​String> customConnectionParameters

      • baseDn

        protected String baseDn

      • userBaseDn

        protected String userBaseDn

      • groupBaseDn

        protected String groupBaseDn

      • searchTimeLimit

        protected int searchTimeLimit

      • queryUserByUserId

        protected String queryUserByUserId

      • queryGroupsForUser

        protected String queryGroupsForUser

      • queryUserByFullNameLike

        protected String queryUserByFullNameLike

      • queryAllUsers

        protected String queryAllUsers

      • queryAllGroups

        protected String queryAllGroups

      • queryGroupByGroupId

        protected String queryGroupByGroupId

      • userIdAttribute

        protected String userIdAttribute

      • userFirstNameAttribute

        protected String userFirstNameAttribute

      • userLastNameAttribute

        protected String userLastNameAttribute

      • userEmailAttribute

        protected String userEmailAttribute

      • groupIdAttribute

        protected String groupIdAttribute

      • groupNameAttribute

        protected String groupNameAttribute

      • groupTypeAttribute

        protected String groupTypeAttribute

      • groupCacheSize

        protected int groupCacheSize

      • groupCacheExpirationTime

        protected long groupCacheExpirationTime

      • connectionPooling

        protected boolean connectionPooling

    • Constructor Detail

      • LDAPConfiguration

        public LDAPConfiguration()

    • Method Detail

      • getServer

        public String getServer()

      • setServer

        public void setServer​(String server)
        The server on which the LDAP system can be reached. For example 'ldap://localhost:33389'.

      • getPort

        public int getPort()

      • setPort

        public void setPort​(int port)
        The port on which the LDAP system is running.

      • getUser

        public String getUser()

      • setUser

        public void setUser​(String user)
        The user id that is used to connect to the LDAP system.

      • getPassword

        public String getPassword()

      • setPassword

        public void setPassword​(String password)
        The password that is used to connect to the LDAP system.

      • getInitialContextFactory

        public String getInitialContextFactory()

      • setInitialContextFactory

        public void setInitialContextFactory​(String initialContextFactory)
        The InitialContextFactory name used to connect to the LDAP system.

        By default set to 'com.sun.jndi.ldap.LdapCtxFactory'.

      • getSecurityAuthentication

        public String getSecurityAuthentication()

      • setSecurityAuthentication

        public void setSecurityAuthentication​(String securityAuthentication)
        The value that is used for the 'java.naming.security.authentication' property used to connect to the LDAP system.

        By default set to 'simple'.

      • getCustomConnectionParameters

        public Map<String,​String> getCustomConnectionParameters()

      • setCustomConnectionParameters

        public void setCustomConnectionParameters​(Map<String,​String> customConnectionParameters)
        Allows to set all LDAP connection parameters which do not have a dedicated setter. See for example http://docs.oracle.com/javase/tutorial/jndi/ldap/jndi.html for custom properties. Such properties are for example to configure connection pooling, specific security settings, etc.

        All the provided parameters will be provided when creating a InitialDirContext, ie when a connection to the LDAP system is established.

      • getBaseDn

        public String getBaseDn()

      • setBaseDn

        public void setBaseDn​(String baseDn)
        The base 'distinguished name' (DN) from which the searches for users and groups are started.

        Use setUserBaseDn(String) or setGroupBaseDn(String) when needing to differentiate between user and group base DN.

      • getUserBaseDn

        public String getUserBaseDn()

      • setUserBaseDn

        public void setUserBaseDn​(String userBaseDn)
        The base 'distinguished name' (DN) from which the searches for users are started.

      • getGroupBaseDn

        public String getGroupBaseDn()

      • setGroupBaseDn

        public void setGroupBaseDn​(String groupBaseDn)
        The base 'distinguished name' (DN) from which the searches for groups are started.

      • getSearchTimeLimit

        public int getSearchTimeLimit()

      • setSearchTimeLimit

        public void setSearchTimeLimit​(int searchTimeLimit)
        The timeout that is used when doing a search in LDAP. By default set to '0', which means 'wait forever'.

      • getQueryUserByUserId

        public String getQueryUserByUserId()

      • setQueryUserByUserId

        public void setQueryUserByUserId​(String queryUserByUserId)
        The query that is executed when searching for a user by userId.

        For example: (&(objectClass=inetOrgPerson)(uid={0}))

        Here, all the objects in LDAP with the class 'inetOrgPerson' and who have the matching 'uid' attribute value will be returned.

        As shown in the example, the user id is injected by the typical MessageFormat, ie by using {0}

        If setting the query alone is insufficient for your specific LDAP setup, you can alternatively plug in a different LDAPQueryBuilder, which allows for more customization than only the query.

      • getQueryGroupsForUser

        public String getQueryGroupsForUser()

      • getQueryUserByFullNameLike

        public String getQueryUserByFullNameLike()

      • setQueryUserByFullNameLike

        public void setQueryUserByFullNameLike​(String queryUserByFullNameLike)
        The query that is executed when searching for a user by full name.

        For example: (&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}={3})))

        Here, all the objects in LDAP with the class 'inetOrgPerson' and who have the matching first name or last name will be returned

        Several things will be injected in the expression: {0} : the first name attribute {1} : the search text {2} : the last name attribute {3} : the search text

        If setting the query alone is insufficient for your specific LDAP setup, you can alternatively plug in a different LDAPQueryBuilder, which allows for more customization than only the query.

      • getQueryAllUsers

        public String getQueryAllUsers()

      • setQueryAllUsers

        public void setQueryAllUsers​(String queryAllUsers)
        The query that is executed when searching for all users.

      • getQueryAllGroups

        public String getQueryAllGroups()

      • setQueryAllGroups

        public void setQueryAllGroups​(String queryAllGroups)
        The query that is executed when searching for all groups.

      • getQueryGroupByGroupId

        public String getQueryGroupByGroupId()
        Query that is executed when searching for one group by a specific group id

      • setQueryGroupByGroupId

        public void setQueryGroupByGroupId​(String queryGroupByGroupId)
        Query that is executed when searching for one group by a specific group id

      • setQueryGroupsForUser

        public void setQueryGroupsForUser​(String queryGroupsForUser)
        The query that is executed when searching for the groups of a specific user.

        For example: (&(objectClass=groupOfUniqueNames)(uniqueMember={0}))

        Here, all the objects in LDAP with the class 'groupOfUniqueNames' and where the provided DN is a 'uniqueMember' are returned.

        As shown in the example, the user id is injected by the typical MessageFormat, ie by using {0}

        If setting the query alone is insufficient for your specific LDAP setup, you can alternatively plug in a different LDAPQueryBuilder, which allows for more customization than only the query.

      • getUserIdAttribute

        public String getUserIdAttribute()

      • setUserIdAttribute

        public void setUserIdAttribute​(String userIdAttribute)
        Name of the attribute that matches the user id.

        This property is used when looking for a User object and the mapping between the LDAP object and the Flowable User object is done.

        This property is optional and is only needed if searching for User objects using the Flowable API.

      • getUserFirstNameAttribute

        public String getUserFirstNameAttribute()

      • setUserFirstNameAttribute

        public void setUserFirstNameAttribute​(String userFirstNameAttribute)
        Name of the attribute that matches the user first name.

        This property is used when looking for a User object and the mapping between the LDAP object and the Flowable User object is done.

      • getUserLastNameAttribute

        public String getUserLastNameAttribute()

      • setUserLastNameAttribute

        public void setUserLastNameAttribute​(String userLastNameAttribute)
        Name of the attribute that matches the user last name.

        This property is used when looking for a User object and the mapping between the LDAP object and the Flowable User object is done.

      • getUserEmailAttribute

        public String getUserEmailAttribute()

      • setUserEmailAttribute

        public void setUserEmailAttribute​(String userEmailAttribute)
        Name of the attribute that matches the user email.

        This property is used when looking for a User object and the mapping between the LDAP object and the Flowable User object is done.

      • getGroupIdAttribute

        public String getGroupIdAttribute()

      • setGroupIdAttribute

        public void setGroupIdAttribute​(String groupIdAttribute)
        Name of the attribute that matches the group id.

        This property is used when looking for a Group object and the mapping between the LDAP object and the Flowable Group object is done.

      • getGroupNameAttribute

        public String getGroupNameAttribute()

      • setGroupNameAttribute

        public void setGroupNameAttribute​(String groupNameAttribute)
        Name of the attribute that matches the group name.

        This property is used when looking for a Group object and the mapping between the LDAP object and the Flowable Group object is done.

      • getGroupTypeAttribute

        public String getGroupTypeAttribute()

      • setGroupTypeAttribute

        public void setGroupTypeAttribute​(String groupTypeAttribute)
        Name of the attribute that matches the group type.

        This property is used when looking for a Group object and the mapping between the LDAP object and the Flowable Group object is done.

      • setLdapQueryBuilder

        public void setLdapQueryBuilder​(LDAPQueryBuilder ldapQueryBuilder)

      • getGroupCacheSize

        public int getGroupCacheSize()

      • setGroupCacheSize

        public void setGroupCacheSize​(int groupCacheSize)
        Allows to set the size of the LDAPGroupCache. This is an LRU cache that caches groups for users and thus avoids hitting the LDAP system each time the groups of a user needs to be known.

        The cache will not be instantiated if the value is less then zero. By default set to -1, so no caching is done.

        Note that the group cache is instantiated on the LDAPGroupManagerFactory. As such, if you have a custom implementation of the LDAPGroupManagerFactory, do not forget to add the group cache functionality.

      • getGroupCacheExpirationTime

        public long getGroupCacheExpirationTime()

      • setGroupCacheExpirationTime

        public void setGroupCacheExpirationTime​(long groupCacheExpirationTime)
        Sets the expiration time of the LDAPGroupCache in milliseconds. When groups for a specific user are fetched, and if the group cache exists (see setGroupCacheSize(int)), the groups will be stored in this cache for the time set in this property. ie. when the groups were fetched at 00:00 and the expiration time is 30 mins, any fetch of the groups for that user after 00:30 will not come from the cache, but do a fetch again from the LDAP system. Likewise, everything group fetch for that user done between 00:00 - 00:30 will come from the cache.

        By default set to one hour.

      • setConnectionPooling

        public void setConnectionPooling​(boolean connectionPooling)
        Sets if connections to the LDAP system should be pooled and reused.

        Enabled by default.

      • isConnectionPooling

        public boolean isConnectionPooling()