org.ow2.proactive.authentication

Class LDAPLoginModule

java.lang.Object

org.ow2.proactive.authentication.FileLoginModule

org.ow2.proactive.authentication.LDAPLoginModule

All Implemented Interfaces:

LoginModule, Loggable

Direct Known Subclasses:

RMLDAPLoginModule

public abstract class LDAPLoginModule
extends FileLoginModule
implements Loggable

Authentication based on LDAP system. Improved version of @see{LDAPLoginModule} support custom filters for username and group

Since:

ProActive Scheduling 2.1.1

Field Summary

Fields

Modifier and Type	Field and Description
static String	ANONYMOUS_LDAP_CONNECTION default value for Context.SECURITY_AUTHENTICATION that correspond to anonymous connection
static String	SSL_KEYSTORE_PASSWD_PROPERTY name of key store password java property
static String	SSL_KEYSTORE_PATH_PROPERTY name of key store path java property
static String	SSL_TRUSTSTORE_PASSWD_PROPERTY name of trust store password java property
static String	SSL_TRUSTSTORE_PATH_PROPERTY name of trust store password java property

Fields inherited from class org.ow2.proactive.authentication.FileLoginModule

callbackHandler, ENCRYPTED_DATA_SEP, groupFile, loginFile, subject, tenantFile

Constructor Summary

Constructors

Constructor and Description
LDAPLoginModule() Creates a new instance of LDAPLoginModule

Method Summary

Modifier and Type	Method and Description
boolean	abort() This method is called if the LoginContext's overall authentication failed.
boolean	commit() This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
protected abstract String	getLDAPConfigFileName() Retrieves LDAP configuration file name.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) Initialize this LDAPLoginModule.
boolean	login() Authenticate the user by getting the user name and password from the CallbackHandler.
boolean	logout() Logout the user.
protected boolean	logUser(String username, String password, String domain) Check user and password from file, or authenticate with ldap.

Methods inherited from class org.ow2.proactive.authentication.FileLoginModule

checkGroupFile, checkLoginFile, checkTenantFile, getConfiguredDomains, getGroupFileName, getLoginFileName, getPrivateKey, getTenantFileName, groupMembershipFromFile, logUser, removeOldFailedAttempts, resetFailedAttempt, retryInHowManyMinutes, storeFailedAttempt, tenantMembershipFromFile, tooManyFailedAttempts

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.ow2.proactive.authentication.Loggable

getLogger

Field Detail

ANONYMOUS_LDAP_CONNECTION

public static final String ANONYMOUS_LDAP_CONNECTION

default value for Context.SECURITY_AUTHENTICATION that correspond to anonymous connection

See Also:

Constant Field Values

SSL_KEYSTORE_PATH_PROPERTY

public static final String SSL_KEYSTORE_PATH_PROPERTY

name of key store path java property

See Also:

Constant Field Values

SSL_KEYSTORE_PASSWD_PROPERTY

public static final String SSL_KEYSTORE_PASSWD_PROPERTY

name of key store password java property

See Also:

Constant Field Values

SSL_TRUSTSTORE_PATH_PROPERTY

public static String SSL_TRUSTSTORE_PATH_PROPERTY

name of trust store password java property

SSL_TRUSTSTORE_PASSWD_PROPERTY

public static String SSL_TRUSTSTORE_PASSWD_PROPERTY

name of trust store password java property

Constructor Detail

LDAPLoginModule

public LDAPLoginModule()

Creates a new instance of LDAPLoginModule

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Initialize this LDAPLoginModule.

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class FileLoginModule

Parameters:

subject - the Subject not to be authenticated.

callbackHandler - a CallbackHandler to get the credentials of the user, must work with NoCallback callbacks.

sharedState - state shared with other configured LoginModules.

options - options specified in the login Configuration for this particular LDAPLoginModule.

See Also:

LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)

login

public boolean login()
              throws LoginException

Authenticate the user by getting the user name and password from the CallbackHandler.

Specified by:

login in interface LoginModule

Overrides:

login in class FileLoginModule

Returns:

true in all cases since this LDAPLoginModule should not be ignored.

Throws:

FailedLoginException - if the authentication fails.

LoginException - if this LDAPLoginModule is unable to perform the authentication.

See Also:

LoginModule.login()

logUser

protected boolean logUser(String username,
                          String password,
                          String domain)
                   throws LoginException

Check user and password from file, or authenticate with ldap.

Parameters:

username - user's login

password - user's password

domain - user's domain

Returns:

true user login and password are correct, and requested group is authorized for the user

Throws:

LoginException - if authentication and group membership fails.

commit

public boolean commit()
               throws LoginException

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

Specified by:

commit in interface LoginModule

Overrides:

commit in class FileLoginModule

Returns:

true if this LDAPLoginModule's own login and commit attempts succeeded, or false otherwise.

Throws:

LoginException - if the commit fails.

See Also:

LoginModule.commit()

abort

public boolean abort()
              throws LoginException

This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

If this LDAPLoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login and commit methods), then this method cleans up any state that was originally saved.

Specified by:

abort in interface LoginModule

Overrides:

abort in class FileLoginModule

Returns:

false if this LoginModule's own login and/or commit attempts failed, and true otherwise.

Throws:

LoginException - if the abort fails.

See Also:

LoginModule.abort()

logout

public boolean logout()
               throws LoginException

Logout the user.

Specified by:

logout in interface LoginModule

Overrides:

logout in class FileLoginModule

Returns:

true in all cases since this LoginModule should not be ignored.

Throws:

LoginException - if the logout fails.

See Also:

LoginModule.logout()

getLDAPConfigFileName

protected abstract String getLDAPConfigFileName()

Retrieves LDAP configuration file name.

Returns:

name of the file with LDAP configuration.