com.terracotta.management.security.shiro.realm
Class ActiveDirectoryRealm

java.lang.Object
  org.apache.shiro.realm.CachingRealm
      org.apache.shiro.realm.AuthenticatingRealm
          org.apache.shiro.realm.AuthorizingRealm
              org.apache.shiro.realm.ldap.JndiLdapRealm
                  com.terracotta.management.security.shiro.realm.LdapRealm
                      com.terracotta.management.security.shiro.realm.ActiveDirectoryRealm

All Implemented Interfaces:

org.apache.shiro.authc.LogoutAware, org.apache.shiro.authz.Authorizer, org.apache.shiro.authz.permission.PermissionResolverAware, org.apache.shiro.authz.permission.RolePermissionResolverAware, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.realm.Realm, org.apache.shiro.util.Initializable, org.apache.shiro.util.Nameable

public class ActiveDirectoryRealm
extends LdapRealm

A Realm that authenticates with an active directory LDAP server to determine the roles for a particular user. This implementation queries for the user's groups and then maps the group names to roles using the LdapRealm.groupRolesMap. This Terracotta version is a fork of the original shiro one (org.apache.shiro.realm.ActiveDirectoryRealm) extending JndiLdapRealm instead of AbstractLdapRealm

Field Summary

protected static String

CN

Fields inherited from class com.terracotta.management.security.shiro.realm.LdapRealm

groupRolesMap, ROLE_NAMES_DELIMETER, searchBase

Constructor Summary

ActiveDirectoryRealm()

Method Summary

protected Collection<String>	getRoleNamesForGroups(Collection<String> groupNames) This method is called by the default implementation to translate Active Directory group names to role names.
protected Set<String>	getRoleNamesForUser(String username, LdapContext ldapContext)
void	setSystemUsername(String systemUsername) This method is here because we use the com.terracotta.management.security.shiro.realm.TCJndiLdapContextFactory for the LdapRealm, and it always read the systemUserName from the ContextFactory

Methods inherited from class com.terracotta.management.security.shiro.realm.LdapRealm

buildAuthorizationInfo, getGroupDnTemplate, queryForAuthorizationInfo, setDynamicGroupConfiguration, setGroupAttributeMatching, setGroupDnTemplate, setGroupRolesMap, setGroupRolesMapAsString, setSearchBase

Methods inherited from class org.apache.shiro.realm.ldap.JndiLdapRealm

createAuthenticationInfo, doGetAuthenticationInfo, doGetAuthorizationInfo, getContextFactory, getLdapPrincipal, getUserDn, getUserDnPrefix, getUserDnSuffix, getUserDnTemplate, queryForAuthenticationInfo, setContextFactory, setUserDnTemplate

Methods inherited from class org.apache.shiro.realm.AuthorizingRealm

afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, onInit, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver

Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm

assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports

Methods inherited from class org.apache.shiro.realm.CachingRealm

clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shiro.util.Initializable

init

Field Detail

CN

protected static final String CN

See Also:

Constant Field Values

Constructor Detail

ActiveDirectoryRealm

public ActiveDirectoryRealm()

Method Detail

getRoleNamesForUser

protected Set<String> getRoleNamesForUser(String username,
                                          LdapContext ldapContext)
                                   throws NamingException

Overrides:

getRoleNamesForUser in class LdapRealm

Throws:

NamingException

getRoleNamesForGroups

protected Collection<String> getRoleNamesForGroups(Collection<String> groupNames)

This method is called by the default implementation to translate Active Directory group names to role names. This implementation uses the LdapRealm.groupRolesMap to map group names to role names.

Overrides:

getRoleNamesForGroups in class LdapRealm

Parameters:

groupNames - the group names that apply to the current user.

Returns:

a collection of roles that are implied by the given role names.

setSystemUsername

public void setSystemUsername(String systemUsername)

This method is here because we use the com.terracotta.management.security.shiro.realm.TCJndiLdapContextFactory for the LdapRealm, and it always read the systemUserName from the ContextFactory

Overrides:

setSystemUsername in class LdapRealm

Parameters:

systemUsername - "simple" version of the username