public abstract class LDAPLoginModule extends FileLoginModule implements Loggable
Modifier and Type | Field and Description |
---|---|
static String |
ANONYMOUS_LDAP_CONNECTION
default value for Context.SECURITY_AUTHENTICATION
that correspond to anonymous connection
|
static String |
SSL_KEYSTORE_PASSWD_PROPERTY
name of key store password java property
|
static String |
SSL_KEYSTORE_PATH_PROPERTY
name of key store path java property
|
static String |
SSL_TRUSTSTORE_PASSWD_PROPERTY
name of trust store password java property
|
static String |
SSL_TRUSTSTORE_PATH_PROPERTY
name of trust store password java property
|
callbackHandler, ENCRYPTED_DATA_SEP, groupFile, loginFile, subject, tenantFile
Constructor and Description |
---|
LDAPLoginModule()
Creates a new instance of LDAPLoginModule
|
Modifier and Type | Method and Description |
---|---|
boolean |
abort()
This method is called if the LoginContext's overall authentication
failed.
|
boolean |
commit()
This method is called if the LoginContext's overall authentication
succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL
LoginModules succeeded).
|
protected abstract String |
getLDAPConfigFileName()
Retrieves LDAP configuration file name.
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
Initialize this
LDAPLoginModule . |
boolean |
login()
Authenticate the user by getting the user name and password from the
CallbackHandler.
|
boolean |
logout()
Logout the user.
|
protected boolean |
logUser(String username,
String password,
String domain)
Check user and password from file, or authenticate with ldap.
|
checkGroupFile, checkLoginFile, checkTenantFile, getConfiguredDomains, getGroupFileName, getLoginFileName, getPrivateKey, getTenantFileName, groupMembershipFromFile, isLegacyPasswordEncryption, logUser, removeOldFailedAttempts, resetFailedAttempt, retryInHowManyMinutes, storeFailedAttempt, tenantMembershipFromFile, tooManyFailedAttempts
public static final String ANONYMOUS_LDAP_CONNECTION
public static final String SSL_KEYSTORE_PATH_PROPERTY
public static final String SSL_KEYSTORE_PASSWD_PROPERTY
public static String SSL_TRUSTSTORE_PATH_PROPERTY
public static String SSL_TRUSTSTORE_PASSWD_PROPERTY
public LDAPLoginModule()
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
LDAPLoginModule
.
initialize
in interface LoginModule
initialize
in class FileLoginModule
subject
- the Subject
not to be authenticated.
callbackHandler
- a CallbackHandler
to get the credentials of the
user, must work with NoCallback
callbacks.
sharedState
- state shared with other configured LoginModules. options
- options specified in the login
Configuration
for this particular
LDAPLoginModule
.LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
public boolean login() throws LoginException
login
in interface LoginModule
login
in class FileLoginModule
LDAPLoginModule
should not be ignored.FailedLoginException
- if the authentication fails.
LoginException
- if this LDAPLoginModule
is unable to
perform the authentication.LoginModule.login()
protected boolean logUser(String username, String password, String domain) throws LoginException
username
- user's loginpassword
- user's passworddomain
- user's domainLoginException
- if authentication and group membership fails.public boolean commit() throws LoginException
This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
commit
in interface LoginModule
commit
in class FileLoginModule
LoginException
- if the commit fails.LoginModule.commit()
public boolean abort() throws LoginException
This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).
If this LDAPLoginModule's own authentication attempt succeeded (checked
by retrieving the private state saved by the login
and
commit
methods), then this method cleans up any state that
was originally saved.
abort
in interface LoginModule
abort
in class FileLoginModule
LoginException
- if the abort fails.LoginModule.abort()
public boolean logout() throws LoginException
logout
in interface LoginModule
logout
in class FileLoginModule
LoginModule
should
not be ignored.LoginException
- if the logout fails.LoginModule.logout()
protected abstract String getLDAPConfigFileName()