AdvancedLdapLoginModule (Red Hat JBoss Enterprise Application Platform 6.4.19.GA public API)

java.lang.Object
- org.jboss.security.auth.spi.AbstractServerLoginModule
- - org.jboss.security.negotiation.common.CommonLoginModule
  - - org.jboss.security.negotiation.AdvancedLdapLoginModule

All Implemented Interfaces:

LoginModule

Direct Known Subclasses:

AdvancedADLoginModule, AdvancedLdapLoginModule
```
public class AdvancedLdapLoginModule
extends CommonLoginModule
```
Another LDAP LoginModule to take into account requirements for different authentication mechanisms and full support for password-stacking set to useFirstPass. This is essentially a complete refactoring of the LdapExtLoginModule but with enough restructuring to separate out the three login steps: - -1 Find the user -2 Authenticate as the user -3 Find the users roles Configuration should allow for any of the three actions to be skipped based on the requirements for the environment making use of this login module.

Since:

3rd July 2008

Author:

darran.lofthouse@jboss.com

Field Summary

Fields
Modifier and Type	Field and Description
`protected boolean`	`allowEmptyPassword`
`protected String`	`baseCtxDN`
`protected String`	`baseFilter`
`protected String`	`bindAuthentication`
`protected String`	`bindCredential`
`protected String`	`bindDn`
`protected String`	`jaasSecurityDomain`
`protected boolean`	`recurseRoles`
`protected String`	`referralUserAttributeIDToCheck`
`protected String`	`roleAttributeID`
`protected boolean`	`roleAttributeIsDN`
`protected String`	`roleFilter`
`protected String`	`roleNameAttributeID`
`protected String`	`rolesCtxDN`
`protected SearchControls`	`roleSearchControls`
`protected int`	`searchTimeLimit`
`protected SearchControls`	`userSearchControls`

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

Constructors
Constructor and Description

AdvancedLdapLoginModule()

Constructors
Constructor and Description
`AdvancedLdapLoginModule()`

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`authenticate(String userDN)`
`protected String`	`canonicalize(String searchResult)`
`protected LdapContext`	`constructLdapContext(String namingProviderURL, String dn, Object credential, String authentication)`
`protected Properties`	`createBaseProperties()`
`protected String`	`findUserDN(LdapContext ctx)`
`protected Group[]`	`getRoleSets()` Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.
`void`	`initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)` Initialize the login module.
`protected Boolean`	`innerLogin()`
`protected void`	`loadRoleByRoleNameAttributeID(LdapContext searchContext, String roleDN)`
`boolean`	`login()` Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist.
`protected void`	`obtainRole(LdapContext searchContext, String dn, SearchResult sr)`
`protected void`	`recurseRolesSearch(LdapContext searchContext, String roleDN)`
`protected void`	`rolesSearch(LdapContext searchContext, String dn)`
`protected void`	`traceLdapEnv(Properties env)`

Methods inherited from class org.jboss.security.negotiation.common.CommonLoginModule
getCredential, getIdentity, processIdentityAndCredential, setIdentity

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass, logout

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - bindAuthentication
```
protected String bindAuthentication
```
  - bindDn
```
protected String bindDn
```
  - bindCredential
```
protected String bindCredential
```
  - jaasSecurityDomain
```
protected String jaasSecurityDomain
```
  - baseCtxDN
```
protected String baseCtxDN
```
  - baseFilter
```
protected String baseFilter
```
  - searchTimeLimit
```
protected int searchTimeLimit
```
  - userSearchControls
```
protected SearchControls userSearchControls
```
  - rolesCtxDN
```
protected String rolesCtxDN
```
  - roleFilter
```
protected String roleFilter
```
  - recurseRoles
```
protected boolean recurseRoles
```
  - roleSearchControls
```
protected SearchControls roleSearchControls
```
  - roleAttributeID
```
protected String roleAttributeID
```
  - roleAttributeIsDN
```
protected boolean roleAttributeIsDN
```
  - roleNameAttributeID
```
protected String roleNameAttributeID
```
  - referralUserAttributeIDToCheck
```
protected String referralUserAttributeIDToCheck
```
  - allowEmptyPassword
```
protected boolean allowEmptyPassword
```
- Constructor Detail
  - AdvancedLdapLoginModule
```
public AdvancedLdapLoginModule()
```
- Method Detail
  - initialize
```
public void initialize(Subject subject,
              CallbackHandler handler,
              Map sharedState,
              Map options)
```
    Description copied from class: AbstractServerLoginModule
    
    Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to super.initialize(...) must be made in the case of an override.
    
    Specified by:
    
    initialize in interface LoginModule
    
    Overrides:
    
    initialize in class AbstractServerLoginModule
    
    Parameters:
    subject - the Subject to update after a successful login.
    handler - the CallbackHandler that will be used to obtain the the user identity and credentials.
    sharedState - a Map shared between all configured login module instances
    options - the parameters passed to the login module.
  - login
```
public boolean login()
              throws LoginException
```
    Description copied from class: AbstractServerLoginModule
    
    Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist. If they do not or are null this method returns false. Note that subclasses that override the login method must set the loginOk ivar to true if the login succeeds in order for the commit phase to populate the Subject. This implementation sets loginOk to true if the login() method returns true, otherwise, it sets loginOk to false.
    
    Specified by:
    
    login in interface LoginModule
    
    Overrides:
    
    login in class AbstractServerLoginModule
    
    Throws:
    
    LoginException
  - getRoleSets
```
protected Group[] getRoleSets()
                       throws LoginException
```
    Description copied from class: AbstractServerLoginModule
    
    Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.
    
    Specified by:
    
    getRoleSets in class AbstractServerLoginModule
    
    Returns:
    Group[] containing the sets of roles
    
    Throws:
    
    LoginException
  - innerLogin
```
protected Boolean innerLogin()
                      throws LoginException
```
    Throws:
    
    LoginException
  - constructLdapContext
```
protected LdapContext constructLdapContext(String namingProviderURL,
                               String dn,
                               Object credential,
                               String authentication)
                                    throws LoginException
```
    Throws:
    
    LoginException
  - createBaseProperties
```
protected Properties createBaseProperties()
```
  - findUserDN
```
protected String findUserDN(LdapContext ctx)
                     throws LoginException
```
    Throws:
    
    LoginException
  - authenticate
```
protected void authenticate(String userDN)
                     throws LoginException
```
    Throws:
    
    LoginException
  - rolesSearch
```
protected void rolesSearch(LdapContext searchContext,
               String dn)
                    throws LoginException
```
    Throws:
    
    LoginException
  - obtainRole
```
protected void obtainRole(LdapContext searchContext,
              String dn,
              SearchResult sr)
                   throws NamingException,
                          LoginException
```
    Throws:
    
    NamingException
    
    LoginException
  - loadRoleByRoleNameAttributeID
```
protected void loadRoleByRoleNameAttributeID(LdapContext searchContext,
                                 String roleDN)
```
  - recurseRolesSearch
```
protected void recurseRolesSearch(LdapContext searchContext,
                      String roleDN)
                           throws LoginException
```
    Throws:
    
    LoginException
  - traceLdapEnv
```
protected void traceLdapEnv(Properties env)
```
  - canonicalize
```
protected String canonicalize(String searchResult)
```

Class AdvancedLdapLoginModule

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

Constructor Summary

Method Summary

Methods inherited from class org.jboss.security.negotiation.common.CommonLoginModule

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

Methods inherited from class java.lang.Object

Field Detail

bindAuthentication

bindDn

bindCredential

jaasSecurityDomain

baseCtxDN

baseFilter

searchTimeLimit

userSearchControls

rolesCtxDN

roleFilter

recurseRoles

roleSearchControls

roleAttributeID

roleAttributeIsDN

roleNameAttributeID

referralUserAttributeIDToCheck

allowEmptyPassword

Constructor Detail

AdvancedLdapLoginModule

Method Detail

initialize

login

getRoleSets

innerLogin

constructLdapContext

createBaseProperties

findUserDN

authenticate

rolesSearch

obtainRole

loadRoleByRoleNameAttributeID

recurseRolesSearch

traceLdapEnv

canonicalize