Class LdapSecurityRealm
- java.lang.Object
-
- org.wildfly.security.auth.realm.ldap.LdapSecurityRealm
-
- All Implemented Interfaces:
CacheableSecurityRealm,ModifiableSecurityRealm,SecurityRealm
class LdapSecurityRealm extends Object implements ModifiableSecurityRealm, CacheableSecurityRealm
Security realm implementation backed by LDAP.- Author:
- Darran Lofthouse, Jan Kalina
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description (package private) static classLdapSecurityRealm.IdentityMappingprivate classLdapSecurityRealm.LdapRealmIdentityprivate classLdapSecurityRealm.LdapSearchprivate classLdapSecurityRealm.ServerNotificationListener
-
Field Summary
Fields Modifier and Type Field Description private List<CredentialLoader>credentialLoadersprivate List<CredentialPersister>credentialPersistersprivate org.wildfly.common.function.ExceptionSupplier<DirContext,NamingException>dirContextSupplierprivate static StringENV_BINARY_ATTRIBUTESprivate List<EvidenceVerifier>evidenceVerifiersprivate CharsethashCharsetprivate EncodinghashEncodingprivate LdapSecurityRealm.IdentityMappingidentityMappingprivate Set<Consumer<Principal>>listenersPendingRegistrationprivate NameRewriternameRewriterprivate intpageSizeprivate Supplier<Provider[]>providersprivate ConcurrentHashMap<String,IdentitySharedExclusiveLock>realmIdentityLocks-
Fields inherited from interface org.wildfly.security.auth.server.SecurityRealm
EMPTY_REALM
-
-
Constructor Summary
Constructors Constructor Description LdapSecurityRealm(Supplier<Provider[]> providers, org.wildfly.common.function.ExceptionSupplier<DirContext,NamingException> dirContextSupplier, NameRewriter nameRewriter, LdapSecurityRealm.IdentityMapping identityMapping, List<CredentialLoader> credentialLoaders, List<CredentialPersister> credentialPersisters, List<EvidenceVerifier> evidenceVerifiers, int pageSize, Charset hashCharset, Encoding hashEncoding)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private voidcloseContext(DirContext dirContext)SupportLevelgetCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.SupportLevelgetEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.RealmIdentitygetRealmIdentity(Principal principal)Get a handle for to the identity for the given principal in the context of this security realm.private ModifiableRealmIdentitygetRealmIdentity(Principal principal, boolean exclusive)ModifiableRealmIdentitygetRealmIdentityForUpdate(Principal principal)Get an update handle for to the identity for the given principal in the context of this security realm.ModifiableRealmIdentityIteratorgetRealmIdentityIterator()Get an iterator over all of this realm's identities.private IdentitySharedExclusiveLockgetRealmIdentityLockForName(String name)private DirContextobtainContext()voidregisterIdentityChangeListener(Consumer<Principal> listener)Register a listener that should be invoked by this realm in order to notify the caching layer about changes to a specific identity.private voidregisterIdentityChangeListener(DirContext dirContext, Consumer<Principal> listener)-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.wildfly.security.auth.server.ModifiableSecurityRealm
getRealmIdentityForUpdate
-
Methods inherited from interface org.wildfly.security.auth.server.SecurityRealm
getCredentialAcquireSupport, getRealmIdentity, getRealmIdentity, handleRealmEvent
-
-
-
-
Field Detail
-
ENV_BINARY_ATTRIBUTES
private static final String ENV_BINARY_ATTRIBUTES
- See Also:
- Constant Field Values
-
dirContextSupplier
private final org.wildfly.common.function.ExceptionSupplier<DirContext,NamingException> dirContextSupplier
-
nameRewriter
private final NameRewriter nameRewriter
-
identityMapping
private final LdapSecurityRealm.IdentityMapping identityMapping
-
pageSize
private final int pageSize
-
hashCharset
private final Charset hashCharset
-
hashEncoding
private final Encoding hashEncoding
-
credentialLoaders
private final List<CredentialLoader> credentialLoaders
-
credentialPersisters
private final List<CredentialPersister> credentialPersisters
-
evidenceVerifiers
private final List<EvidenceVerifier> evidenceVerifiers
-
realmIdentityLocks
private final ConcurrentHashMap<String,IdentitySharedExclusiveLock> realmIdentityLocks
-
-
Constructor Detail
-
LdapSecurityRealm
LdapSecurityRealm(Supplier<Provider[]> providers, org.wildfly.common.function.ExceptionSupplier<DirContext,NamingException> dirContextSupplier, NameRewriter nameRewriter, LdapSecurityRealm.IdentityMapping identityMapping, List<CredentialLoader> credentialLoaders, List<CredentialPersister> credentialPersisters, List<EvidenceVerifier> evidenceVerifiers, int pageSize, Charset hashCharset, Encoding hashEncoding)
-
-
Method Detail
-
getRealmIdentity
public RealmIdentity getRealmIdentity(Principal principal)
Description copied from interface:SecurityRealmGet a handle for to the identity for the given principal in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call toRealmIdentity.dispose().- Specified by:
getRealmIdentityin interfaceSecurityRealm- Parameters:
principal- the principal which identifies the identity within the realm (must not benull)- Returns:
- the
RealmIdentityfor the provided principal (notnull)
-
getRealmIdentityForUpdate
public ModifiableRealmIdentity getRealmIdentityForUpdate(Principal principal)
Description copied from interface:ModifiableSecurityRealmGet an update handle for to the identity for the given principal in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call toRealmIdentity.dispose(). During the lifespan of aModifiableRealmIdentity, no other updates or authentications may take place for the corresponding realm identity, thus care should be taken to minimize the duration of the identity's lifespan.If there is not enough information to locate an identity compatible with this realm,
ModifiableRealmIdentity.NON_EXISTENTmay be returned.- Specified by:
getRealmIdentityForUpdatein interfaceModifiableSecurityRealm- Parameters:
principal- the principal to use to locate theModifiableRealmIdentityhandle (must not benull)- Returns:
- the
ModifiableRealmIdentityfor the provided information (notnull)
-
registerIdentityChangeListener
public void registerIdentityChangeListener(Consumer<Principal> listener)
Description copied from interface:CacheableSecurityRealmRegister a listener that should be invoked by this realm in order to notify the caching layer about changes to a specific identity.- Specified by:
registerIdentityChangeListenerin interfaceCacheableSecurityRealm- Parameters:
listener- the listener
-
registerIdentityChangeListener
private void registerIdentityChangeListener(DirContext dirContext, Consumer<Principal> listener) throws NamingException
- Throws:
NamingException
-
getRealmIdentity
private ModifiableRealmIdentity getRealmIdentity(Principal principal, boolean exclusive)
-
obtainContext
private DirContext obtainContext() throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
closeContext
private void closeContext(DirContext dirContext)
-
getRealmIdentityIterator
public ModifiableRealmIdentityIterator getRealmIdentityIterator() throws RealmUnavailableException
Description copied from interface:ModifiableSecurityRealmGet an iterator over all of this realm's identities.- Specified by:
getRealmIdentityIteratorin interfaceModifiableSecurityRealm- Returns:
- the identity iterator
- Throws:
RealmUnavailableException- if the realm fails for some reason
-
getCredentialAcquireSupport
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Description copied from interface:SecurityRealmDetermine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.- Specified by:
getCredentialAcquireSupportin interfaceSecurityRealm- Parameters:
credentialType- the exact credential type (must not benull)algorithmName- the algorithm name, ornullif any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec- the algorithm parameters to match, ornullif any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the level of support for this credential
- Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
getEvidenceVerifySupport
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException
Description copied from interface:SecurityRealmDetermine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.- Specified by:
getEvidenceVerifySupportin interfaceSecurityRealm- Parameters:
evidenceType- the type of evidence to be verified (must not benull)algorithmName- the algorithm name, ornullif any algorithm is acceptable or the evidence type does not support algorithm names- Returns:
- the level of support for this evidence type
- Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
getRealmIdentityLockForName
private IdentitySharedExclusiveLock getRealmIdentityLockForName(String name)
-
-