LdapCallbackHandler (Red Hat JBoss Enterprise Application Platform 7.1.0.GA public API)

java.lang.Object
- org.jboss.security.auth.callback.AbstractCallbackHandler
- - org.jboss.security.auth.callback.LdapCallbackHandler

All Implemented Interfaces:

CallbackHandler
```
public class LdapCallbackHandler
extends AbstractCallbackHandler
implements CallbackHandler
```
A CallbackHandler using the LDAP to match the passed password.

There are two callbacks that can be passed to this handler.
1. PasswordCallback: Passing this callback will get the password for the user. The returned password will not be in clear text. It will be in the hashed form the ldap server has stored.
2. VerifyPasswordCallback Passing this callback with a value will make the handler to do a ldap bind to verify the user password.
The main method is #setConfiguration(Map) which takes in a map of String key/value pairs. The possible pairs are:
1. passwordAttributeID : what is the name of the attribute where the password is stored. Default: userPassword
2. bindDN : DN used to bind against the ldap server with read/write permissions for baseCtxDN.
3. bindCredential : Password for the bindDN. This can be encrypted if the jaasSecurityDomain is specified.
4. baseCtxDN : The fixed DN of the context to start the user search from.
5. baseFilter: A search filter used to locate the context of the user to authenticate. The input username/userDN as provided by the NameCallback will be substituted into the filter anywhere a "{0}" expression is seen. This substitution behavior comes from the standard.
6. searchTimeLimit : The timeout in milliseconds for the user/role searches. Defaults to 10000 (10 seconds).
7. jaasSecurityDomain : The JMX ObjectName of the JaasSecurityDomain to use to decrypt the java.naming.security.principal. The encrypted form of the password is that returned by the JaasSecurityDomain#encrypt64(byte[]) method. The org.jboss.security.plugins.PBEUtils can also be used to generate the encrypted form.
8. distinguishedNameAttribute : Used in ldap servers such as Active Directory where the ldap provider has a property (distinguishedName) to return the relative CN of the user. Default: distinguishedName
Example Usages:
```
  LdapCallbackHandler cbh = new LdapCallbackHandler();
  Map map = new HashMap();
  map.put("bindDN", "cn=Directory Manager");
  map.put("bindCredential", "password");
  map.put("baseFilter", "(uid={0})");
  map.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
  map.put("java.naming.provider.url", "ldap://localhost:10389");
  map.put("baseCtxDN", "ou=People,dc=jboss,dc=org");
  cbh.setConfiguration(map);
  NameCallback ncb = new NameCallback("Enter");
  ncb.setName("jduke");
  VerifyPasswordCallback vpc = new VerifyPasswordCallback();
  vpc.setValue("theduke");
  cbh.handle(new Callback[] {ncb,vpc} );
  assertTrue(vpc.isVerified());
 
```
Since:

Nov 1, 2011

Author:

Anil Saldhana

Field Summary

Fields
Modifier and Type	Field and Description
`protected String`	`bindCredential`
`protected String`	`bindDN`
`protected String`	`distinguishedNameAttribute`
`protected boolean`	`isPasswordValidated`
`protected Map<String,String>`	`options`
`protected String`	`passwordAttributeID`
`protected int`	`searchTimeLimit`

Fields inherited from class org.jboss.security.auth.callback.AbstractCallbackHandler
userName

Constructor Summary

Constructors
Constructor and Description

LdapCallbackHandler()

Constructors
Constructor and Description
`LdapCallbackHandler()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected String`	`bindDNAuthentication(InitialLdapContext ctx, String user, Object credential, String baseDN, String filter)`
`protected String`	`getBindCredential()`
`protected String`	`getBindDN()`
`void`	`handle(Callback[] callbacks)`
`protected void`	`handleCallBack(Callback c)` Handle a `Callback`
`protected void`	`safeClose(InitialLdapContext ic)`
`protected void`	`safeClose(NamingEnumeration results)`
`void`	`setConfiguration(Map<String,String> config)`
`protected void`	`setPasswordCallbackValue(Object thePass, PasswordCallback passwdCallback)`
`protected void`	`verifyPassword(VerifyPasswordCallback vpc)`

Methods inherited from class org.jboss.security.auth.callback.AbstractCallbackHandler
getUserName

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

bindDN
```
protected String bindDN
```

bindCredential
```
protected String bindCredential
```

passwordAttributeID
```
protected String passwordAttributeID
```

searchTimeLimit
```
protected int searchTimeLimit
```

distinguishedNameAttribute

protected String distinguishedNameAttribute

isPasswordValidated
```
protected boolean isPasswordValidated
```

options
```
protected Map<String,String> options
```

Constructor Detail
- LdapCallbackHandler
```
public LdapCallbackHandler()
```

Method Detail

setConfiguration

public void setConfiguration(Map<String,String> config)

handle

public void handle(Callback[] callbacks)
            throws IOException,
                   UnsupportedCallbackException

Specified by:: handle in interface CallbackHandler
Throws:: IOException; UnsupportedCallbackException

handleCallBack

protected void handleCallBack(Callback c)
                       throws UnsupportedCallbackException,
                              NamingException

Handle a Callback

Parameters:: c - callback
Throws:: UnsupportedCallbackException - If the callback is not supported by this handler; NamingException

verifyPassword

protected void verifyPassword(VerifyPasswordCallback vpc)
                       throws NamingException

Throws:: NamingException

getBindDN
```
protected String getBindDN()
```

getBindCredential
```
protected String getBindCredential()
```

setPasswordCallbackValue

protected void setPasswordCallbackValue(Object thePass,
                                        PasswordCallback passwdCallback)

bindDNAuthentication

protected String bindDNAuthentication(InitialLdapContext ctx,
                                      String user,
                                      Object credential,
                                      String baseDN,
                                      String filter)
                               throws NamingException

Parameters:: ctx - - the context to search from; user - - the input username; credential - - the bind credential; baseDN - - base DN to search the ctx from; filter - - the search filter string
Returns:: the userDN string for the successful authentication
Throws:: NamingException

safeClose

protected void safeClose(NamingEnumeration results)

safeClose

protected void safeClose(InitialLdapContext ic)

Class LdapCallbackHandler

Field Summary

Fields inherited from class org.jboss.security.auth.callback.AbstractCallbackHandler

Constructor Summary

Method Summary

Methods inherited from class org.jboss.security.auth.callback.AbstractCallbackHandler

Methods inherited from class java.lang.Object

Field Detail

bindDN

bindCredential

passwordAttributeID

searchTimeLimit

distinguishedNameAttribute

isPasswordValidated

options

Constructor Detail

LdapCallbackHandler

Method Detail

setConfiguration

handle

handleCallBack

verifyPassword

getBindDN

getBindCredential

setPasswordCallbackValue

bindDNAuthentication

safeClose

safeClose