LdapRealm (security-core 1.2.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.terracotta.management.security.shiro.realm
Class LdapRealm

java.lang.Object
  org.apache.shiro.realm.CachingRealm
      org.apache.shiro.realm.AuthenticatingRealm
          org.apache.shiro.realm.AuthorizingRealm
              org.apache.shiro.realm.ldap.JndiLdapRealm
                  com.terracotta.management.security.shiro.realm.LdapRealm

All Implemented Interfaces:: org.apache.shiro.authc.LogoutAware, org.apache.shiro.authz.Authorizer, org.apache.shiro.authz.permission.PermissionResolverAware, org.apache.shiro.authz.permission.RolePermissionResolverAware, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.realm.Realm, org.apache.shiro.util.Initializable, org.apache.shiro.util.Nameable

Direct Known Subclasses:: ActiveDirectoryRealm

public class LdapRealm
extends org.apache.shiro.realm.ldap.JndiLdapRealm
extends org.apache.shiro.realm.ldap.JndiLdapRealm

Author:: Anthony Dahanne

Field Summary
`protected Map<String,Set<String>>`	`groupRolesMap` the map contains the groups, each set contains the roles for the group : Map> groupRolesMap = new HashMap>(); Set dudesRoles = new HashSet(); dudesRoles.add("admin"); groupRolesMap.put("dudes", dudesRoles); Set guysRoles = new HashSet(); guysRoles.add("admin"); guysRoles.add("operator"); groupRolesMap.put("guys", guysRoles);
`protected static String`	`ROLE_NAMES_DELIMETER`
`protected String`	`searchBase`

Constructor Summary
`LdapRealm()`

Method Summary
`protected org.apache.shiro.authz.AuthorizationInfo`	`buildAuthorizationInfo(Set<String> roleNames)`
`String`	`getGroupDnTemplate()`
`protected Collection<String>`	`getRoleNamesForGroups(Collection<String> groupNames)`
`protected Set<String>`	`getRoleNamesForUser(String username, LdapContext ldapContext)`
`protected org.apache.shiro.authz.AuthorizationInfo`	`queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection principals, org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory)` Builds an `AuthorizationInfo` object by querying the active directory LDAP context for the groups that a user is a member of.
`void`	`setDynamicGroupConfiguration(boolean dynamicGroupConfiguration)`
`void`	`setGroupAttributeMatching(String groupAttributeMatching)`
`void`	`setGroupDnTemplate(String groupDnTemplate)`
`void`	`setGroupRolesMap(Map<String,Set<String>> groupRolesMap)`
`void`	`setGroupRolesMapAsString(Map<String,String> groupRolesMap)`
`void`	`setSearchBase(String searchBase)`
`void`	`setSystemUsername(String systemUsername)` This method replaces calls to TCJndiLdapContextFactory.setSystemUsername to allow the user to configure the LdapContext leveraging the userDnTemplate; ie : ludovic instead of uid=ludovic,ou=users,dc=mycompany,dc=com

Methods inherited from class org.apache.shiro.realm.ldap.JndiLdapRealm
`createAuthenticationInfo, doGetAuthenticationInfo, doGetAuthorizationInfo, getContextFactory, getLdapPrincipal, getUserDn, getUserDnPrefix, getUserDnSuffix, getUserDnTemplate, queryForAuthenticationInfo, setContextFactory, setUserDnTemplate`

Methods inherited from class org.apache.shiro.realm.AuthorizingRealm
afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, onInit, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver

Methods inherited from class org.apache.shiro.realm.AuthorizingRealm

afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, onInit, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver

Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm
`assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports`

Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm

assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports

Methods inherited from class org.apache.shiro.realm.CachingRealm
`clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Methods inherited from interface org.apache.shiro.util.Initializable
`init`

Field Detail

ROLE_NAMES_DELIMETER

protected static final String ROLE_NAMES_DELIMETER

See Also:: Constant Field Values

groupRolesMap

protected Map<String,Set<String>> groupRolesMap

the map contains the groups, each set contains the roles for the group : Map> groupRolesMap = new HashMap>(); Set dudesRoles = new HashSet(); dudesRoles.add("admin"); groupRolesMap.put("dudes", dudesRoles); Set guysRoles = new HashSet(); guysRoles.add("admin"); guysRoles.add("operator"); groupRolesMap.put("guys", guysRoles);

searchBase

protected String searchBase

Constructor Detail

LdapRealm

public LdapRealm()

Method Detail

queryForAuthorizationInfo

protected org.apache.shiro.authz.AuthorizationInfo queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection principals,
                                                                             org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory)
                                                                      throws NamingException

Builds an AuthorizationInfo object by querying the active directory LDAP context for the groups that a user is a member of. The groups are then translated to role names by using the configured groupRolesMap.

This implementation expects the principal argument to be a String username.

Subclasses can override this method to determine authorization data (roles, permissions, etc) in a more complex way. Note that this default implementation does not support permissions, only roles.

Overrides:: queryForAuthorizationInfo in class org.apache.shiro.realm.ldap.JndiLdapRealm

Parameters:: principals - the principal of the Subject whose account is being retrieved.; ldapContextFactory - the factory used to create LDAP connections.
Returns:: the AuthorizationInfo for the given Subject principal.
Throws:: NamingException - if an error occurs when searching the LDAP server.

buildAuthorizationInfo

protected org.apache.shiro.authz.AuthorizationInfo buildAuthorizationInfo(Set<String> roleNames)

getRoleNamesForUser

protected Set<String> getRoleNamesForUser(String username,
                                          LdapContext ldapContext)
                                   throws NamingException

Throws:: NamingException

getRoleNamesForGroups

protected Collection<String> getRoleNamesForGroups(Collection<String> groupNames)

setGroupAttributeMatching

public void setGroupAttributeMatching(String groupAttributeMatching)

setDynamicGroupConfiguration

public void setDynamicGroupConfiguration(boolean dynamicGroupConfiguration)

setGroupRolesMap

public void setGroupRolesMap(Map<String,Set<String>> groupRolesMap)

setGroupRolesMapAsString

public void setGroupRolesMapAsString(Map<String,String> groupRolesMap)

setSearchBase

public void setSearchBase(String searchBase)

getGroupDnTemplate

public String getGroupDnTemplate()

setGroupDnTemplate

public void setGroupDnTemplate(String groupDnTemplate)

setSystemUsername

public void setSystemUsername(String systemUsername)

This method replaces calls to TCJndiLdapContextFactory.setSystemUsername to allow the user to configure the LdapContext leveraging the userDnTemplate; ie : ludovic instead of uid=ludovic,ou=users,dc=mycompany,dc=com

Parameters:: systemUsername - the "simple" system username