Class UserPasswordCredentialLoader
- java.lang.Object
-
- org.wildfly.security.auth.realm.ldap.UserPasswordCredentialLoader
-
- All Implemented Interfaces:
CredentialLoader,CredentialPersister
class UserPasswordCredentialLoader extends Object implements CredentialPersister
ACredentialLoaderfor loading credentials stored within the 'userPassword' attribute of LDAP entries.- Author:
- Darran Lofthouse
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private classUserPasswordCredentialLoader.ForIdentityLoader
-
Field Summary
Fields Modifier and Type Field Description (package private) static StringDEFAULT_USER_PASSWORD_ATTRIBUTE_NAMEprivate StringuserPasswordAttributeName
-
Constructor Summary
Constructors Constructor Description UserPasswordCredentialLoader(String userPasswordAttributeName)Construct a newUserPasswordCredentialLoaderfor a specific attribute name.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddRequiredIdentityAttributes(Collection<String> attributes)Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.IdentityCredentialPersisterforIdentity(DirContext dirContext, String distinguishedName, Attributes attributes)Obtain anIdentityCredentialLoaderto query the credentials for a specific identity.IdentityCredentialPersisterforIdentity(DirContext dirContext, String distinguishedName, Attributes attributes, Encoding hashEncoding)Obtain anIdentityCredentialLoaderto query the credentials for a specific identity.SupportLevelgetCredentialAcquireSupport(Class<? extends Credential> credentialType, String credentialAlgorithm, AlgorithmParameterSpec parameterSpec)Determine whether a given credential is definitely supported, possibly supported (for some identities), or definitely not supported.(package private) EvidenceVerifiertoEvidenceVerifier()-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.wildfly.security.auth.realm.ldap.CredentialLoader
addBinaryIdentityAttributes
-
-
-
-
Field Detail
-
DEFAULT_USER_PASSWORD_ATTRIBUTE_NAME
static final String DEFAULT_USER_PASSWORD_ATTRIBUTE_NAME
- See Also:
- Constant Field Values
-
userPasswordAttributeName
private final String userPasswordAttributeName
-
-
Constructor Detail
-
UserPasswordCredentialLoader
UserPasswordCredentialLoader(String userPasswordAttributeName)
Construct a newUserPasswordCredentialLoaderfor a specific attribute name.- Parameters:
userPasswordAttributeName- the name of the attribute within the LDAP entry that holds the credential.
-
-
Method Detail
-
getCredentialAcquireSupport
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String credentialAlgorithm, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Description copied from interface:CredentialLoaderDetermine whether a given credential is definitely supported, possibly supported (for some identities), or definitely not supported.A DirContextFactory is made available if the directory server is going to be queried but most likely this call will need to be generic as querying a whole directory is not realistic.
Note: The DirContextFactory approach will be evolved further for better referral support so it makes it easier for it to be passed in for each call.
- Specified by:
getCredentialAcquireSupportin interfaceCredentialLoader- Parameters:
credentialType- the credential type (must not benull)credentialAlgorithm- the credential algorithm nameparameterSpec- the algorithm parameters to match, ornullif any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the level of support for this credential type
- Throws:
RealmUnavailableException
-
forIdentity
public IdentityCredentialPersister forIdentity(DirContext dirContext, String distinguishedName, Attributes attributes)
Description copied from interface:CredentialPersisterObtain anIdentityCredentialLoaderto query the credentials for a specific identity. Note: By this point referrals relating to the identity should have been resolved so theDirContextFactoryshould be suitable for use with the supplieddistinguishedName- Specified by:
forIdentityin interfaceCredentialLoader- Specified by:
forIdentityin interfaceCredentialPersister- Parameters:
dirContext- theDirContextto use to connect to LDAP.distinguishedName- the distinguished name of the identity.attributes- the identity attributes requested byCredentialLoader.addRequiredIdentityAttributes(Collection)- Returns:
- An
IdentityCredentialLoaderfor the specified identity identified by their distinguished name.
-
forIdentity
public IdentityCredentialPersister forIdentity(DirContext dirContext, String distinguishedName, Attributes attributes, Encoding hashEncoding)
Description copied from interface:CredentialLoaderObtain anIdentityCredentialLoaderto query the credentials for a specific identity.Note: By this point referrals relating to the identity should have been resolved so the
DirContextFactoryshould be suitable for use with the supplieddistinguishedName- Specified by:
forIdentityin interfaceCredentialLoader- Parameters:
dirContext- theDirContextto use to connect to LDAP.distinguishedName- the distinguished name of the identity.attributes- the identity attributes requested byCredentialLoader.addRequiredIdentityAttributes(Collection)hashEncoding- specifies the string format for the hashed password- Returns:
- An
IdentityCredentialLoaderfor the specified identity identified by their distinguished name.
-
addRequiredIdentityAttributes
public void addRequiredIdentityAttributes(Collection<String> attributes)
Description copied from interface:CredentialLoaderConstruct set of LDAP attributes, which should be loaded as part of the identity from identity entry.- Specified by:
addRequiredIdentityAttributesin interfaceCredentialLoader- Parameters:
attributes- output collection of attributes names, into which should be added
-
toEvidenceVerifier
EvidenceVerifier toEvidenceVerifier()
-
-