Package org.wildfly.security.auth.realm.ldap

Class LdapSecurityRealm.LdapRealmIdentity

java.lang.Object

org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.LdapRealmIdentity

All Implemented Interfaces:

ModifiableRealmIdentity, RealmIdentity

Enclosing class:

LdapSecurityRealm

private class LdapSecurityRealm.LdapRealmIdentity
extends Object
implements ModifiableRealmIdentity

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	LdapSecurityRealm.LdapRealmIdentity.LdapIdentity

Field Summary

Fields

Modifier and Type	Field	Description
private Charset	hashCharset
private Encoding	hashEncoding
private IdentitySharedExclusiveLock.IdentityLock	lock
private String	name

Fields inherited from interface org.wildfly.security.auth.server.ModifiableRealmIdentity

NON_EXISTENT

Fields inherited from interface org.wildfly.security.auth.server.RealmIdentity

ANONYMOUS

Constructor Summary

Constructors

Constructor	Description
LdapRealmIdentity(String name, IdentitySharedExclusiveLock.IdentityLock lock, Charset hashCharset, Encoding hashEncoding)

Method Summary

Modifier and Type	Method	Description
void	create()	Create this realm identity.
private LdapSecurityRealm.LdapSearch	createLdapSearchByDn()
void	delete()	Delete this realm identity.
void	dispose()	Dispose this realm identity after a completed authentication attempt.
boolean	exists()	Determine if the identity exists in lieu of verifying or acquiring a credential.
private Map<String,Collection<String>>	extractAttributes(Predicate<AttributeMapping> filter, Function<AttributeMapping,Collection<String>> valueFunction)
private Map<String,Collection<String>>	extractFilteredAttributes(SearchResult identityEntry, DirContext context, DirContext identityContext)
private void	extractFilteredAttributesFromSearch(LdapSecurityRealm.LdapSearch search, SearchResult referencedEntry, AttributeMapping mapping, DirContext context, DirContext identityContext, Collection<String> identityAttributeValues, Collection<SearchResult> toSearchInNextLevel)
private String	extractRdn(AttributeMapping mapping, String dn)
private Map<String,Collection<String>>	extractSimpleAttributes(SearchResult identityEntry)
private void	forEachAttributeValue(SearchResult entry, String attrId, Consumer<String> action)
Attributes	getAttributes()	Get the attributes for the realm identity.
AuthorizationIdentity	getAuthorizationIdentity()	Get an authorization identity for this pre-authenticated identity.
<C extends Credential> C	getCredential(Class<C> credentialType)	Acquire a credential of the given type.
<C extends Credential> C	getCredential(Class<C> credentialType, String algorithmName)	Acquire a credential of the given type and algorithm name.
<C extends Credential> C	getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)	Acquire a credential of the given type and algorithm name.
SupportLevel	getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)	Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.
SupportLevel	getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)	Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.
Charset	getHashCharset()
private LdapSecurityRealm.LdapRealmIdentity.LdapIdentity	getIdentity(DirContext dirContext)
private LdapSecurityRealm.LdapRealmIdentity.LdapIdentity	getIdentity(DirContext dirContext, Collection<String> returningAttributes, Collection<String> binaryAttributes)
Principal	getRealmIdentityPrincipal()	Get the principal that canonically identifies the identity within the realm.
void	setAttributes(Attributes attributes)	Modify the attributes collection of this identity.
void	setCredentials(Collection<? extends Credential> credentials)	Set the credentials of this identity.
private boolean	valuesFromAttribute(SearchResult entry, AttributeMapping mapping, Collection<String> outputCollection)	Obtains attribute value by mapping from given entry and put it into given collection.
boolean	verifyEvidence(Evidence evidence)	Verify the given evidence against a credential of this identity.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.wildfly.security.auth.server.ModifiableRealmIdentity

updateCredential

Methods inherited from interface org.wildfly.security.auth.server.RealmIdentity

applyToCredential, applyToCredential, applyToCredential, getCredentialAcquireSupport

Field Detail

name

private final String name

lock

private IdentitySharedExclusiveLock.IdentityLock lock

hashCharset

private final Charset hashCharset

hashEncoding

private final Encoding hashEncoding

Constructor Detail

LdapRealmIdentity

LdapRealmIdentity(String name,
                  IdentitySharedExclusiveLock.IdentityLock lock,
                  Charset hashCharset,
                  Encoding hashEncoding)

Method Detail

getRealmIdentityPrincipal

public Principal getRealmIdentityPrincipal()

Description copied from interface: RealmIdentity

Get the principal that canonically identifies the identity within the realm. This method may return the principal object which was passed in as a parameter to SecurityRealm.getRealmIdentity(Principal) (a.k.a. domain principal), but is not required to do so. Any existent realm identity (i.e. any identity which returns true on invocation of RealmIdentity.exists()) must return a non-null principal.

Specified by:

getRealmIdentityPrincipal in interface RealmIdentity

Returns:

the principal for this realm identity (may not be null)

getHashCharset

public Charset getHashCharset()

getCredentialAcquireSupport

public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType,
                                                String algorithmName,
                                                AlgorithmParameterSpec parameterSpec)
                                         throws RealmUnavailableException

Description copied from interface: RealmIdentity

Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.

Specified by:

getCredentialAcquireSupport in interface RealmIdentity

Parameters:

credentialType - the exact credential type (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters

Returns:

the level of support for this credential type (may not be null)

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

getCredential

public <C extends Credential> C getCredential(Class<C> credentialType)
                                       throws RealmUnavailableException

Description copied from interface: RealmIdentity

Acquire a credential of the given type.

Specified by:

getCredential in interface RealmIdentity

Type Parameters:

C - the credential type

Parameters:

credentialType - the credential type class (must not be null)

Returns:

the credential, or null if no such credential exists

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

getCredential

public <C extends Credential> C getCredential(Class<C> credentialType,
                                              String algorithmName)
                                       throws RealmUnavailableException

Description copied from interface: RealmIdentity

Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type must override this method.

Specified by:

getCredential in interface RealmIdentity

Type Parameters:

C - the credential type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

Returns:

the credential, or null if no such credential exists

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

getCredential

public <C extends Credential> C getCredential(Class<C> credentialType,
                                              String algorithmName,
                                              AlgorithmParameterSpec parameterSpec)
                                       throws RealmUnavailableException

Description copied from interface: RealmIdentity

Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type and algorithm must override this method.

Specified by:

getCredential in interface RealmIdentity

Type Parameters:

C - the credential type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters

Returns:

the credential, or null if no such credential exists

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

setCredentials

public void setCredentials(Collection<? extends Credential> credentials)
                    throws RealmUnavailableException

Description copied from interface: ModifiableRealmIdentity

Set the credentials of this identity. If the identity does not exist, an exception is thrown. Any existing credential(s) are replaced/updated with the new value (in a possibly realm-specific manner).

Specified by:

setCredentials in interface ModifiableRealmIdentity

Parameters:

credentials - the new credentials to set

Throws:

RealmUnavailableException - if updating the credentials fails for some reason

dispose

public void dispose()

Description copied from interface: RealmIdentity

Dispose this realm identity after a completed authentication attempt.

Specified by:

dispose in interface RealmIdentity

getAuthorizationIdentity

public AuthorizationIdentity getAuthorizationIdentity()
                                               throws RealmUnavailableException

Description copied from interface: RealmIdentity

Get an authorization identity for this pre-authenticated identity.

Specified by:

getAuthorizationIdentity in interface RealmIdentity

Returns:

the authorization identity (may not be null)

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

getAttributes

public Attributes getAttributes()
                         throws RealmUnavailableException

Description copied from interface: RealmIdentity

Get the attributes for the realm identity.

Specified by:

getAttributes in interface RealmIdentity

Returns:

the attributes, or null if the implementing class does not support getting attributes

Throws:

RealmUnavailableException - if accessing the attributes fails for some reason

getEvidenceVerifySupport

public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType,
                                             String algorithmName)
                                      throws RealmUnavailableException

Description copied from interface: RealmIdentity

Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.

Specified by:

getEvidenceVerifySupport in interface RealmIdentity

Parameters:

evidenceType - the type of evidence to be verified (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the evidence type does not support algorithm names

Returns:

the level of support for this evidence type

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

verifyEvidence

public boolean verifyEvidence(Evidence evidence)
                       throws RealmUnavailableException

Description copied from interface: RealmIdentity

Verify the given evidence against a credential of this identity. The credential to be used is selected based on the evidence type.

Specified by:

verifyEvidence in interface RealmIdentity

Parameters:

evidence - the evidence to verify

Returns:

true if verification was successful, false otherwise

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

exists

public boolean exists()
               throws RealmUnavailableException

Description copied from interface: RealmIdentity

Determine if the identity exists in lieu of verifying or acquiring a credential. This method is intended to be used to verify an identity for non-authentication purposes only. Implementations of this method should return false up until the point it is known that a call to RealmIdentity.getAuthorizationIdentity() can successfully return an identity. If a realm can load an identity independently of credential acquisition and evidence verification if not already loaded it should be loaded at the time of this call to return an accurate result.

Specified by:

exists in interface RealmIdentity

Returns:

true if the identity exists in this realm, false otherwise

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

createLdapSearchByDn

private LdapSecurityRealm.LdapSearch createLdapSearchByDn()

getIdentity

private LdapSecurityRealm.LdapRealmIdentity.LdapIdentity getIdentity(DirContext dirContext)
                                                              throws RealmUnavailableException

Throws:

RealmUnavailableException

getIdentity

private LdapSecurityRealm.LdapRealmIdentity.LdapIdentity getIdentity(DirContext dirContext,
                                                                     Collection<String> returningAttributes,
                                                                     Collection<String> binaryAttributes)
                                                              throws RealmUnavailableException

Throws:

RealmUnavailableException

extractRdn

private String extractRdn(AttributeMapping mapping,
                          String dn)

valuesFromAttribute

private boolean valuesFromAttribute(SearchResult entry,
                                    AttributeMapping mapping,
                                    Collection<String> outputCollection)
                             throws NamingException

Obtains attribute value by mapping from given entry and put it into given collection.

Parameters:

entry - LDAP entry, from which should be values obtained

mapping - attribute mapping defining attribute, whose values should be obtained

outputCollection - output collection for obtained values

Returns:

true if outputCollection was changed.

Throws:

NamingException

extractFilteredAttributes

private Map<String,Collection<String>> extractFilteredAttributes(SearchResult identityEntry,
                                                                       DirContext context,
                                                                       DirContext identityContext)

extractFilteredAttributesFromSearch

private void extractFilteredAttributesFromSearch(LdapSecurityRealm.LdapSearch search,
                                                 SearchResult referencedEntry,
                                                 AttributeMapping mapping,
                                                 DirContext context,
                                                 DirContext identityContext,
                                                 Collection<String> identityAttributeValues,
                                                 Collection<SearchResult> toSearchInNextLevel)

extractSimpleAttributes

private Map<String,Collection<String>> extractSimpleAttributes(SearchResult identityEntry)

extractAttributes

private Map<String,Collection<String>> extractAttributes(Predicate<AttributeMapping> filter,
                                                               Function<AttributeMapping,Collection<String>> valueFunction)

forEachAttributeValue

private void forEachAttributeValue(SearchResult entry,
                                   String attrId,
                                   Consumer<String> action)

delete

public void delete()
            throws RealmUnavailableException

Description copied from interface: ModifiableRealmIdentity

Delete this realm identity. After this call, RealmIdentity.exists() will return false. If the identity does not exist, an exception is thrown.

Specified by:

delete in interface ModifiableRealmIdentity

Throws:

RealmUnavailableException - if deletion fails for some reason

create

public void create()
            throws RealmUnavailableException

Description copied from interface: ModifiableRealmIdentity

Create this realm identity. After this call, RealmIdentity.exists() will return true and the credentials and role sets will be empty. If the identity already exists, an exception is thrown.

Specified by:

create in interface ModifiableRealmIdentity

Throws:

RealmUnavailableException - if creation fails for some reason

setAttributes

public void setAttributes(Attributes attributes)
                   throws RealmUnavailableException

Description copied from interface: ModifiableRealmIdentity

Modify the attributes collection of this identity. If the identity does not exist, an exception is thrown.

Specified by:

setAttributes in interface ModifiableRealmIdentity

Parameters:

attributes - the new attributes collection

Throws:

RealmUnavailableException - if updating the attributes collection fails for some reason