public class LdapUsersLoginModule extends UsernamePasswordLoginModule
Modifier and Type | Field and Description |
---|---|
protected boolean |
allowEmptyPasswords |
protected String |
baseDN |
protected String |
baseFilter |
protected String |
bindCredential |
protected String |
bindDN |
protected String |
distinguishedNameAttribute |
protected boolean |
parseUsername |
protected int |
searchScope |
protected int |
searchTimeLimit |
protected String |
usernameBeginString |
protected String |
usernameEndString |
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
Constructor and Description |
---|
LdapUsersLoginModule() |
Modifier and Type | Method and Description |
---|---|
protected String |
bindDNAuthentication(InitialLdapContext ctx,
String user,
Object credential,
String baseDN,
String filter) |
protected Group[] |
getRoleSets()
Overriden by subclasses to return the Groups that correspond to the
to the role sets assigned to the user.
|
protected String |
getUsername() |
protected String |
getUsersPassword()
Get the expected password for the current username available via
the getUsername() method.
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
Override the superclass method to look for the following options after
first invoking the super version.
|
protected boolean |
validatePassword(String inputPassword,
String expectedPassword)
A hook that allows subclasses to change the validation of the input
password against the expected password.
|
createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsernameAndPassword, getValidateError, login, safeClose, setValidateError
abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUseFirstPass, logout
protected String bindDN
protected String bindCredential
protected String baseDN
protected String baseFilter
protected int searchTimeLimit
protected int searchScope
protected String distinguishedNameAttribute
protected boolean parseUsername
protected String usernameBeginString
protected String usernameEndString
protected boolean allowEmptyPasswords
protected String getUsersPassword() throws LoginException
UsernamePasswordLoginModule
getUsersPassword
in class UsernamePasswordLoginModule
LoginException
protected Group[] getRoleSets() throws LoginException
AbstractServerLoginModule
getRoleSets
in class AbstractServerLoginModule
LoginException
protected String getUsername()
getUsername
in class UsernamePasswordLoginModule
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
UsernamePasswordLoginModule
initialize
in interface LoginModule
initialize
in class UsernamePasswordLoginModule
subject
- the Subject to update after a successful login.callbackHandler
- the CallbackHandler that will be used to obtain the
the user identity and credentials.sharedState
- a Map shared between all configured login module instancesoptions
- :
option: hashAlgorithm - the message digest algorithm used to hash passwords.
If null then plain passwords will be used.
option: hashCharset - the name of the charset/encoding to use when converting
the password String to a byte array. Default is the platform's default
encoding.
option: hashEncoding - the string encoding format to use. Defaults to base64.
option: ignorePasswordCase: A flag indicating if the password comparison
should ignore case.
option: digestCallback - The class name of the DigestCallback DigestCallback
implementation that includes pre/post digest content like salts for hashing
the input password. Only used if hashAlgorithm has been specified.
option: hashStorePassword - A flag indicating if the store password returned
from #getUsersPassword() should be hashed .
option: hashUserPassword - A flag indicating if the user entered password should be hashed.
option: storeDigestCallback - The class name of the DigestCallback DigestCallback
implementation that includes pre/post digest content like salts for hashing
the store/expected password. Only used if hashStorePassword or hashUserPassword is true and
hashAlgorithm has been specified.protected boolean validatePassword(String inputPassword, String expectedPassword)
UsernamePasswordLoginModule
validatePassword
in class UsernamePasswordLoginModule
protected String bindDNAuthentication(InitialLdapContext ctx, String user, Object credential, String baseDN, String filter) throws NamingException
NamingException
Copyright © 2016 JBoss by Red Hat. All rights reserved.