public class LdapExtLoginModule extends UsernamePasswordLoginModule
Modifier and Type | Field and Description |
---|---|
protected String |
baseDN |
protected String |
baseFilter |
protected String |
bindCredential |
protected String |
bindDN |
protected String |
distinguishedNameAttribute |
protected boolean |
isPasswordValidated |
protected boolean |
parseRoleNameFromDN |
protected boolean |
parseUsername |
protected int |
recursion |
protected String |
referralUserAttributeIDToCheck |
protected String |
roleAttributeID |
protected boolean |
roleAttributeIsDN |
protected String |
roleFilter |
protected String |
roleNameAttributeID |
protected String |
rolesCtxDN |
protected int |
searchScope |
protected int |
searchTimeLimit |
protected String |
usernameBeginString |
protected String |
usernameEndString |
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
Constructor and Description |
---|
LdapExtLoginModule() |
Modifier and Type | Method and Description |
---|---|
protected String |
bindDNAuthentication(InitialLdapContext ctx,
String user,
Object credential,
String baseDN,
String filter) |
protected Group[] |
getRoleSets()
Overridden by subclasses to return the Groups that correspond to the to the
role sets assigned to the user.
|
protected String |
getUsername() |
protected String |
getUsersPassword()
Overridden to return an empty password string as typically one cannot obtain a
user's password.
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map sharedState,
Map options)
Override the superclass method to look for the following options after
first invoking the super version.
|
protected void |
rolesSearch(LdapContext ctx,
SearchControls constraints,
String user,
String userDN,
int recursionMax,
int nesting) |
protected boolean |
validatePassword(String inputPassword,
String expectedPassword)
Validate the inputPassword by creating a LDAP InitialContext with the
SECURITY_CREDENTIALS set to the password.
|
createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsernameAndPassword, getValidateError, login, safeClose, setValidateError
abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUseFirstPass, logout
protected String bindDN
protected String bindCredential
protected String baseDN
protected String baseFilter
protected String rolesCtxDN
protected String roleFilter
protected String roleAttributeID
protected String roleNameAttributeID
protected boolean roleAttributeIsDN
protected boolean parseRoleNameFromDN
protected int recursion
protected int searchTimeLimit
protected int searchScope
protected String distinguishedNameAttribute
protected boolean parseUsername
protected String usernameBeginString
protected String usernameEndString
protected boolean isPasswordValidated
protected String referralUserAttributeIDToCheck
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
UsernamePasswordLoginModule
initialize
in interface LoginModule
initialize
in class UsernamePasswordLoginModule
subject
- the Subject to update after a successful login.callbackHandler
- the CallbackHandler that will be used to obtain the
the user identity and credentials.sharedState
- a Map shared between all configured login module instancesoptions
- :
option: hashAlgorithm - the message digest algorithm used to hash passwords.
If null then plain passwords will be used.
option: hashCharset - the name of the charset/encoding to use when converting
the password String to a byte array. Default is the platform's default
encoding.
option: hashEncoding - the string encoding format to use. Defaults to base64.
option: ignorePasswordCase: A flag indicating if the password comparison
should ignore case.
option: digestCallback - The class name of the DigestCallback DigestCallback
implementation that includes pre/post digest content like salts for hashing
the input password. Only used if hashAlgorithm has been specified.
option: hashStorePassword - A flag indicating if the store password returned
from #getUsersPassword() should be hashed .
option: hashUserPassword - A flag indicating if the user entered password should be hashed.
option: storeDigestCallback - The class name of the DigestCallback DigestCallback
implementation that includes pre/post digest content like salts for hashing
the store/expected password. Only used if hashStorePassword or hashUserPassword is true and
hashAlgorithm has been specified.protected String getUsersPassword() throws LoginException
getUsersPassword
in class UsernamePasswordLoginModule
LoginException
protected Group[] getRoleSets() throws LoginException
getRoleSets
in class AbstractServerLoginModule
LoginException
protected boolean validatePassword(String inputPassword, String expectedPassword)
validatePassword
in class UsernamePasswordLoginModule
inputPassword
- the password to validate.expectedPassword
- ignoredprotected String bindDNAuthentication(InitialLdapContext ctx, String user, Object credential, String baseDN, String filter) throws NamingException
ctx
- - the context to search fromuser
- - the input usernamecredential
- - the bind credentialbaseDN
- - base DN to search the ctx fromfilter
- - the search filter stringNamingException
protected void rolesSearch(LdapContext ctx, SearchControls constraints, String user, String userDN, int recursionMax, int nesting) throws NamingException
ctx
- constraints
- user
- userDN
- recursionMax
- nesting
- NamingException
protected String getUsername()
getUsername
in class UsernamePasswordLoginModule
Copyright © 2017 JBoss by Red Hat. All rights reserved.