Package org.apache.shiro.realm.ldap

Class AbstractLdapRealm

    • Field Detail

      • principalSuffix

        protected  principalSuffix

      • searchBase

        protected  searchBase

      • url

        protected  url

      • systemUsername

        protected  systemUsername

      • systemPassword

        protected  systemPassword

      • searchFilter

        protected  searchFilter

    • Constructor Detail

      • AbstractLdapRealm

        public AbstractLdapRealm()

    • Method Detail

      • setSystemUsername

        public void setSystemUsername​( systemUsername)
        Used when initializing the default LdapContextFactory. This property is ignored if a custom LdapContextFactory is specified.
        Parameters:
        systemUsername - the username to use when logging into the LDAP server for authorization.
        See Also:
        DefaultLdapContextFactory.setSystemUsername(String)

      • setSystemPassword

        public void setSystemPassword​( systemPassword)
        Used when initializing the default LdapContextFactory. This property is ignored if a custom LdapContextFactory is specified.
        Parameters:
        systemPassword - the password to use when logging into the LDAP server for authorization.
        See Also:
        DefaultLdapContextFactory.setSystemPassword(String)

      • setLdapContextFactory

        public void setLdapContextFactory​(LdapContextFactory ldapContextFactory)
        Configures the LdapContextFactory implementation that is used to create LDAP connections for authentication and authorization. If this is set, the LdapContextFactory provided will be used. Otherwise, a DefaultLdapContextFactory instance will be created based on the properties specified in this realm.
        Parameters:
        ldapContextFactory - the factory to use - if not specified, a default factory will be created automatically.

      • setSearchFilter

        public void setSearchFilter​( searchFilter)

      • onInit

        protected void onInit()
        Description copied from class: AuthorizingRealm
        Initializes this realm and potentially enables a cache, depending on configuration.

        When this method is called, the following logic is executed:

        1. If the cache property has been set, it will be used to cache the AuthorizationInfo objects returned from AuthorizingRealm.getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) method invocations. All future calls to getAuthorizationInfo will attempt to use this cache first to alleviate any potentially unnecessary calls to an underlying data store.
        2. If the cache property has not been set, the cacheManager property will be checked. If a cacheManager has been set, it will be used to create an authorization cache, and this newly created cache which will be used as specified in #1.
        3. If neither the (org.apache.shiro.cache.Cache) cache or cacheManager properties are set, caching will be disabled and authorization look-ups will be delegated to subclass implementations for each authorization check.
        Overrides:
        onInit in class AuthorizingRealm

      • doGetAuthenticationInfo

        protected AuthenticationInfo doGetAuthenticationInfo​(AuthenticationToken token)
                                              throws AuthenticationException
        Description copied from class: AuthenticatingRealm
        Retrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc) for the given authentication token.

        For most datasources, this means just 'pulling' authentication data for an associated subject/user and nothing more and letting Shiro do the rest. But in some systems, this method could actually perform EIS specific log-in logic in addition to just retrieving data - it is up to the Realm implementation.

        A null return value means that no account could be associated with the specified token.

        Specified by:
        doGetAuthenticationInfo in class AuthenticatingRealm
        Parameters:
        token - the authentication token containing the user's principal and credentials.
        Returns:
        an AuthenticationInfo object containing account data resulting from the authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.)
        Throws:
        AuthenticationException - if there is an error acquiring data or performing realm-specific authentication logic for the specified token

      • queryForAuthenticationInfo

        protected abstract AuthenticationInfo queryForAuthenticationInfo​(AuthenticationToken token,
                                                                 LdapContextFactory ldapContextFactory)
                                                          throws

        Abstract method that should be implemented by subclasses to builds an AuthenticationInfo object by querying the LDAP context for the specified username.

        Parameters:
        token - the authentication token given during authentication.
        ldapContextFactory - factory used to retrieve LDAP connections.
        Returns:
        an AuthenticationInfo instance containing information retrieved from the LDAP server.
        Throws:
        - if any LDAP errors occur during the search.

      • queryForAuthorizationInfo

        protected abstract AuthorizationInfo queryForAuthorizationInfo​(PrincipalCollection principal,
                                                               LdapContextFactory ldapContextFactory)
                                                        throws

        Abstract method that should be implemented by subclasses to builds an AuthorizationInfo object by querying the LDAP context for the specified principal.

        Parameters:
        principal - the principal of the Subject whose AuthenticationInfo should be queried from the LDAP server.
        ldapContextFactory - factory used to retrieve LDAP connections.
        Returns:
        an AuthorizationInfo instance containing information retrieved from the LDAP server.
        Throws:
        - if any LDAP errors occur during the search.