Class LdapSecurityRealm
- java.lang.Object
-
- org.wildfly.security.auth.realm.ldap.LdapSecurityRealm
-
- All Implemented Interfaces:
CacheableSecurityRealm
,ModifiableSecurityRealm
,SecurityRealm
class LdapSecurityRealm extends Object implements ModifiableSecurityRealm, CacheableSecurityRealm
Security realm implementation backed by LDAP.- Author:
- Darran Lofthouse, Jan Kalina
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description (package private) static class
LdapSecurityRealm.IdentityMapping
private class
LdapSecurityRealm.LdapRealmIdentity
private class
LdapSecurityRealm.LdapSearch
private class
LdapSecurityRealm.ServerNotificationListener
-
Field Summary
Fields Modifier and Type Field Description private List<CredentialLoader>
credentialLoaders
private List<CredentialPersister>
credentialPersisters
private org.wildfly.common.function.ExceptionSupplier<DirContext,NamingException>
dirContextSupplier
private String
ENV_BINARY_ATTRIBUTES
private List<EvidenceVerifier>
evidenceVerifiers
private Charset
hashCharset
private Encoding
hashEncoding
private LdapSecurityRealm.IdentityMapping
identityMapping
private Set<Consumer<Principal>>
listenersPendingRegistration
private NameRewriter
nameRewriter
private int
pageSize
private Supplier<Provider[]>
providers
private ConcurrentHashMap<String,IdentitySharedExclusiveLock>
realmIdentityLocks
-
Fields inherited from interface org.wildfly.security.auth.server.SecurityRealm
EMPTY_REALM
-
-
Constructor Summary
Constructors Constructor Description LdapSecurityRealm(Supplier<Provider[]> providers, org.wildfly.common.function.ExceptionSupplier<DirContext,NamingException> dirContextSupplier, NameRewriter nameRewriter, LdapSecurityRealm.IdentityMapping identityMapping, List<CredentialLoader> credentialLoaders, List<CredentialPersister> credentialPersisters, List<EvidenceVerifier> evidenceVerifiers, int pageSize, Charset hashCharset, Encoding hashEncoding)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private void
closeContext(DirContext dirContext)
SupportLevel
getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.SupportLevel
getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)
Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.RealmIdentity
getRealmIdentity(Principal principal)
Get a handle for to the identity for the given principal in the context of this security realm.private ModifiableRealmIdentity
getRealmIdentity(Principal principal, boolean exclusive)
ModifiableRealmIdentity
getRealmIdentityForUpdate(Principal principal)
Get an update handle for to the identity for the given principal in the context of this security realm.ModifiableRealmIdentityIterator
getRealmIdentityIterator()
Get an iterator over all of this realm's identities.private IdentitySharedExclusiveLock
getRealmIdentityLockForName(String name)
private DirContext
obtainContext()
void
registerIdentityChangeListener(Consumer<Principal> listener)
Register a listener that should be invoked by this realm in order to notify the caching layer about changes to a specific identity.private void
registerIdentityChangeListener(DirContext dirContext, Consumer<Principal> listener)
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.wildfly.security.auth.server.ModifiableSecurityRealm
getRealmIdentityForUpdate
-
Methods inherited from interface org.wildfly.security.auth.server.SecurityRealm
getCredentialAcquireSupport, getRealmIdentity, getRealmIdentity, handleRealmEvent
-
-
-
-
Field Detail
-
ENV_BINARY_ATTRIBUTES
private final String ENV_BINARY_ATTRIBUTES
- See Also:
- Constant Field Values
-
dirContextSupplier
private final org.wildfly.common.function.ExceptionSupplier<DirContext,NamingException> dirContextSupplier
-
nameRewriter
private final NameRewriter nameRewriter
-
identityMapping
private final LdapSecurityRealm.IdentityMapping identityMapping
-
pageSize
private final int pageSize
-
hashCharset
private final Charset hashCharset
-
hashEncoding
private final Encoding hashEncoding
-
credentialLoaders
private final List<CredentialLoader> credentialLoaders
-
credentialPersisters
private final List<CredentialPersister> credentialPersisters
-
evidenceVerifiers
private final List<EvidenceVerifier> evidenceVerifiers
-
realmIdentityLocks
private final ConcurrentHashMap<String,IdentitySharedExclusiveLock> realmIdentityLocks
-
-
Constructor Detail
-
LdapSecurityRealm
LdapSecurityRealm(Supplier<Provider[]> providers, org.wildfly.common.function.ExceptionSupplier<DirContext,NamingException> dirContextSupplier, NameRewriter nameRewriter, LdapSecurityRealm.IdentityMapping identityMapping, List<CredentialLoader> credentialLoaders, List<CredentialPersister> credentialPersisters, List<EvidenceVerifier> evidenceVerifiers, int pageSize, Charset hashCharset, Encoding hashEncoding)
-
-
Method Detail
-
getRealmIdentity
public RealmIdentity getRealmIdentity(Principal principal)
Description copied from interface:SecurityRealm
Get a handle for to the identity for the given principal in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call toRealmIdentity.dispose()
.- Specified by:
getRealmIdentity
in interfaceSecurityRealm
- Parameters:
principal
- the principal which identifies the identity within the realm (must not benull
)- Returns:
- the
RealmIdentity
for the provided principal (notnull
)
-
getRealmIdentityForUpdate
public ModifiableRealmIdentity getRealmIdentityForUpdate(Principal principal)
Description copied from interface:ModifiableSecurityRealm
Get an update handle for to the identity for the given principal in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call toRealmIdentity.dispose()
. During the lifespan of aModifiableRealmIdentity
, no other updates or authentications may take place for the corresponding realm identity, thus care should be taken to minimize the duration of the identity's lifespan.If there is not enough information to locate an identity compatible with this realm,
ModifiableRealmIdentity.NON_EXISTENT
may be returned.- Specified by:
getRealmIdentityForUpdate
in interfaceModifiableSecurityRealm
- Parameters:
principal
- the principal to use to locate theModifiableRealmIdentity
handle (must not benull
)- Returns:
- the
ModifiableRealmIdentity
for the provided information (notnull
)
-
registerIdentityChangeListener
public void registerIdentityChangeListener(Consumer<Principal> listener)
Description copied from interface:CacheableSecurityRealm
Register a listener that should be invoked by this realm in order to notify the caching layer about changes to a specific identity.- Specified by:
registerIdentityChangeListener
in interfaceCacheableSecurityRealm
- Parameters:
listener
- the listener
-
registerIdentityChangeListener
private void registerIdentityChangeListener(DirContext dirContext, Consumer<Principal> listener) throws NamingException
- Throws:
NamingException
-
getRealmIdentity
private ModifiableRealmIdentity getRealmIdentity(Principal principal, boolean exclusive)
-
obtainContext
private DirContext obtainContext() throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
closeContext
private void closeContext(DirContext dirContext)
-
getRealmIdentityIterator
public ModifiableRealmIdentityIterator getRealmIdentityIterator() throws RealmUnavailableException
Description copied from interface:ModifiableSecurityRealm
Get an iterator over all of this realm's identities.- Specified by:
getRealmIdentityIterator
in interfaceModifiableSecurityRealm
- Returns:
- the identity iterator
- Throws:
RealmUnavailableException
- if the realm fails for some reason
-
getCredentialAcquireSupport
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Description copied from interface:SecurityRealm
Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.- Specified by:
getCredentialAcquireSupport
in interfaceSecurityRealm
- Parameters:
credentialType
- the exact credential type (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec
- the algorithm parameters to match, ornull
if any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the level of support for this credential
- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getEvidenceVerifySupport
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException
Description copied from interface:SecurityRealm
Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.- Specified by:
getEvidenceVerifySupport
in interfaceSecurityRealm
- Parameters:
evidenceType
- the type of evidence to be verified (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the evidence type does not support algorithm names- Returns:
- the level of support for this evidence type
- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getRealmIdentityLockForName
private IdentitySharedExclusiveLock getRealmIdentityLockForName(String name)
-
-