Package org.wildfly.security.auth.realm.ldap

Interface EvidenceVerifier

All Known Implementing Classes:

DirectEvidenceVerifier, X509EvidenceVerifier

interface EvidenceVerifier

An individual evidence verifier to associate with an LDAP SecurityRealm, multiple verifiers can be associated with the realm allowing for different verification strategies to be applied to different named credentials.

Author:

Darran Lofthouse

Method Summary

Modifier and Type	Method	Description
default void	addBinaryIdentityAttributes(Collection<String> attributes)	Construct set of LDAP attributes, which should be loaded as binary data.
default void	addRequiredIdentityAttributes(Collection<String> attributes)	Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.
IdentityEvidenceVerifier	forIdentity(DirContext dirContext, String distinguishedName, String url, Attributes attributes)	Obtain an IdentityEvidenceVerifier to verify the evidence for a specific identity.
default IdentityEvidenceVerifier	forIdentity(DirContext dirContext, String distinguishedName, String url, Attributes attributes, Encoding hashEncoding)	Obtain an IdentityEvidenceVerifier to verify the evidence for a specific identity.
SupportLevel	getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)	Get the SupportLevel for the level of evidence validation support for the named credential.

Method Detail

getEvidenceVerifySupport

SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType,
                                      String algorithmName)
                               throws RealmUnavailableException

Get the SupportLevel for the level of evidence validation support for the named credential.

Parameters:

evidenceType - the evidence type (must not be null)

algorithmName - the evidence algorithm name or null if none

Returns:

the level of support for the named credential

Throws:

RealmUnavailableException - if the realm is currently unable to handle requests

forIdentity

IdentityEvidenceVerifier forIdentity(DirContext dirContext,
                                     String distinguishedName,
                                     String url,
                                     Attributes attributes)
                              throws RealmUnavailableException

Obtain an IdentityEvidenceVerifier to verify the evidence for a specific identity. Note: By this point referrals relating to the identity should have been resolved so the DirContextFactory should be suitable for use with the supplied distinguishedName

Parameters:

dirContext - the DirContext to use to connect to LDAP.

distinguishedName - the distinguished name of the identity entry.

url - the absolute distinguished name of identity LDAP entry as URL string (when identity is not in realm context)

attributes - the identity attributes requested by addRequiredIdentityAttributes(Collection).

Returns:

An IdentityEvidenceVerifier for the specified identity identified by their distinguished name.

Throws:

RealmUnavailableException

forIdentity

default IdentityEvidenceVerifier forIdentity(DirContext dirContext,
                                             String distinguishedName,
                                             String url,
                                             Attributes attributes,
                                             Encoding hashEncoding)
                                      throws RealmUnavailableException

Obtain an IdentityEvidenceVerifier to verify the evidence for a specific identity. Note: By this point referrals relating to the identity should have been resolved so the DirContextFactory should be suitable for use with the supplied distinguishedName

Parameters:

dirContext - the DirContext to use to connect to LDAP.

distinguishedName - the distinguished name of the identity entry.

url - the absolute distinguished name of identity LDAP entry as URL string (when identity is not in realm context)

attributes - the identity attributes requested by addRequiredIdentityAttributes(Collection).

hashEncoding - specifies the string format for the hashed password

Returns:

An IdentityEvidenceVerifier for the specified identity identified by their distinguished name.

Throws:

RealmUnavailableException

addRequiredIdentityAttributes

default void addRequiredIdentityAttributes(Collection<String> attributes)

Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.

Parameters:

attributes - output collection of attributes names, into which should be added

addBinaryIdentityAttributes

default void addBinaryIdentityAttributes(Collection<String> attributes)

Construct set of LDAP attributes, which should be loaded as binary data. Should be subset of addRequiredIdentityAttributes(Collection) output.

Parameters:

attributes - output collection of attributes names, into which should be added