org.jboss.security.negotiation

Class AdvancedLdapLoginModule

java.lang.Object

org.jboss.security.auth.spi.AbstractServerLoginModule

org.jboss.security.negotiation.common.CommonLoginModule

org.jboss.security.negotiation.AdvancedLdapLoginModule

All Implemented Interfaces:

LoginModule

Direct Known Subclasses:

AdvancedADLoginModule, AdvancedLdapLoginModule

public class AdvancedLdapLoginModule
extends CommonLoginModule

Another LDAP LoginModule to take into account requirements for different authentication mechanisms and full support for password-stacking set to useFirstPass. This is essentially a complete refactoring of the LdapExtLoginModule but with enough restructuring to separate out the three login steps: - -1 Find the user -2 Authenticate as the user -3 Find the users roles Configuration should allow for any of the three actions to be skipped based on the requirements for the environment making use of this login module.

Since:

3rd July 2008

Author:

darran.lofthouse@jboss.com

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	allowEmptyPassword
protected String	baseCtxDN
protected String	baseFilter
protected String	bindAuthentication
protected String	bindCredential
protected String	bindDn
protected String	jaasSecurityDomain
protected boolean	recurseRoles
protected String	referralUserAttributeIDToCheck
protected String	roleAttributeID
protected boolean	roleAttributeIsDN
protected String	roleFilter
protected String	roleNameAttributeID
protected String	rolesCtxDN
protected SearchControls	roleSearchControls
protected int	searchTimeLimit
protected SearchControls	userSearchControls

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

Constructors

Constructor and Description
AdvancedLdapLoginModule()

Method Summary

Modifier and Type	Method and Description
protected void	authenticate(String userDN)
protected String	canonicalize(String searchResult)
protected LdapContext	constructLdapContext(String namingProviderURL, String dn, Object credential, String authentication)
protected Properties	createBaseProperties()
protected String	findUserDN(LdapContext ctx)
protected Group[]	getRoleSets()
void	initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
protected Boolean	innerLogin()
protected void	loadRoleByRoleNameAttributeID(LdapContext searchContext, String roleDN)
boolean	login()
protected void	obtainRole(LdapContext searchContext, String dn, SearchResult sr)
protected void	recurseRolesSearch(LdapContext searchContext, String roleDN)
protected void	rolesSearch(LdapContext searchContext, String dn)
protected void	traceLdapEnv(Properties env)

Methods inherited from class org.jboss.security.negotiation.common.CommonLoginModule

getCredential, getIdentity, processIdentityAndCredential, setIdentity

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

bindAuthentication

protected String bindAuthentication

bindDn

protected String bindDn

bindCredential

protected String bindCredential

jaasSecurityDomain

protected String jaasSecurityDomain

baseCtxDN

protected String baseCtxDN

baseFilter

protected String baseFilter

searchTimeLimit

protected int searchTimeLimit

userSearchControls

protected SearchControls userSearchControls

rolesCtxDN

protected String rolesCtxDN

roleFilter

protected String roleFilter

recurseRoles

protected boolean recurseRoles

roleSearchControls

protected SearchControls roleSearchControls

roleAttributeID

protected String roleAttributeID

roleAttributeIsDN

protected boolean roleAttributeIsDN

roleNameAttributeID

protected String roleNameAttributeID

referralUserAttributeIDToCheck

protected String referralUserAttributeIDToCheck

allowEmptyPassword

protected boolean allowEmptyPassword

Constructor Detail

AdvancedLdapLoginModule

public AdvancedLdapLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler handler,
                       Map sharedState,
                       Map options)

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class org.jboss.security.auth.spi.AbstractServerLoginModule

login

public boolean login()
              throws LoginException

Specified by:

login in interface LoginModule

Overrides:

login in class org.jboss.security.auth.spi.AbstractServerLoginModule

Throws:

LoginException

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException

Specified by:

getRoleSets in class org.jboss.security.auth.spi.AbstractServerLoginModule

Throws:

LoginException

innerLogin

protected Boolean innerLogin()
                      throws LoginException

Throws:

LoginException

constructLdapContext

protected LdapContext constructLdapContext(String namingProviderURL,
                                           String dn,
                                           Object credential,
                                           String authentication)
                                    throws LoginException

Throws:

LoginException

createBaseProperties

protected Properties createBaseProperties()

findUserDN

protected String findUserDN(LdapContext ctx)
                     throws LoginException

Throws:

LoginException

authenticate

protected void authenticate(String userDN)
                     throws LoginException

Throws:

LoginException

rolesSearch

protected void rolesSearch(LdapContext searchContext,
                           String dn)
                    throws LoginException

Throws:

LoginException

obtainRole

protected void obtainRole(LdapContext searchContext,
                          String dn,
                          SearchResult sr)
                   throws NamingException,
                          LoginException

Throws:

NamingException

LoginException

loadRoleByRoleNameAttributeID

protected void loadRoleByRoleNameAttributeID(LdapContext searchContext,
                                             String roleDN)

recurseRolesSearch

protected void recurseRolesSearch(LdapContext searchContext,
                                  String roleDN)
                           throws LoginException

Throws:

LoginException

traceLdapEnv

protected void traceLdapEnv(Properties env)

canonicalize

protected String canonicalize(String searchResult)