|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.shiro.realm.CachingRealm org.apache.shiro.realm.AuthenticatingRealm org.apache.shiro.realm.AuthorizingRealm org.apache.shiro.realm.ldap.AbstractLdapRealm
public abstract class AbstractLdapRealm
A Realm
that authenticates with an LDAP
server to build the Subject for a user. This implementation only returns roles for a
particular user, and not permissions - but it can be subclassed to build a permission
list as well.
Implementations would need to implement the
queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken ,LdapContextFactory)
and
queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection ,LdapContextFactory)
abstract methods.
By default, this implementation will create an instance of DefaultLdapContextFactory
to use for
creating LDAP connections using the principalSuffix, searchBase, url, systemUsername, and systemPassword properties
specified on the realm. The remaining settings use the defaults of DefaultLdapContextFactory
, which are usually
sufficient. If more customized connections are needed, you should inject a custom LdapContextFactory
, which
will cause these properties specified on the realm to be ignored.
queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken , LdapContextFactory)
,
queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection , LdapContextFactory)
Field Summary | |
---|---|
protected String |
principalSuffix
|
protected String |
searchBase
|
protected String |
systemPassword
|
protected String |
systemUsername
|
protected String |
url
|
Constructor Summary | |
---|---|
AbstractLdapRealm()
|
Method Summary | |
---|---|
protected AuthenticationInfo |
doGetAuthenticationInfo(AuthenticationToken token)
Retrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc) for the given authentication token. |
protected AuthorizationInfo |
doGetAuthorizationInfo(PrincipalCollection principals)
Retrieves the AuthorizationInfo for the given principals from the underlying data store. |
protected void |
onInit()
Initializes this realm and potentially enables a cache, depending on configuration. |
protected abstract AuthenticationInfo |
queryForAuthenticationInfo(AuthenticationToken token,
LdapContextFactory ldapContextFactory)
Abstract method that should be implemented by subclasses to builds an AuthenticationInfo object by querying the LDAP context for the
specified username. |
protected abstract AuthorizationInfo |
queryForAuthorizationInfo(PrincipalCollection principal,
LdapContextFactory ldapContextFactory)
Abstract method that should be implemented by subclasses to builds an AuthorizationInfo object by querying the LDAP context for the
specified principal. |
void |
setLdapContextFactory(LdapContextFactory ldapContextFactory)
Configures the LdapContextFactory implementation that is used to create LDAP connections for
authentication and authorization. |
void |
setPrincipalSuffix(String principalSuffix)
Used when initializing the default LdapContextFactory . |
void |
setSearchBase(String searchBase)
Used when initializing the default LdapContextFactory . |
void |
setSystemPassword(String systemPassword)
Used when initializing the default LdapContextFactory . |
void |
setSystemUsername(String systemUsername)
Used when initializing the default LdapContextFactory . |
void |
setUrl(String url)
Used when initializing the default LdapContextFactory . |
Methods inherited from class org.apache.shiro.realm.CachingRealm |
---|
clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.apache.shiro.util.Initializable |
---|
init |
Field Detail |
---|
protected String principalSuffix
protected String searchBase
protected String url
protected String systemUsername
protected String systemPassword
Constructor Detail |
---|
public AbstractLdapRealm()
Method Detail |
---|
public void setPrincipalSuffix(String principalSuffix)
LdapContextFactory
. This property is ignored if a custom
LdapContextFactory is specified.
principalSuffix
- the suffix.DefaultLdapContextFactory.setPrincipalSuffix(String)
public void setSearchBase(String searchBase)
LdapContextFactory
. This property is ignored if a custom
LdapContextFactory is specified.
searchBase
- the search base.DefaultLdapContextFactory.setSearchBase(String)
public void setUrl(String url)
LdapContextFactory
. This property is ignored if a custom
LdapContextFactory is specified.
url
- the LDAP url.DefaultLdapContextFactory.setUrl(String)
public void setSystemUsername(String systemUsername)
LdapContextFactory
. This property is ignored if a custom
LdapContextFactory is specified.
systemUsername
- the username to use when logging into the LDAP server for authorization.DefaultLdapContextFactory.setSystemUsername(String)
public void setSystemPassword(String systemPassword)
LdapContextFactory
. This property is ignored if a custom
LdapContextFactory is specified.
systemPassword
- the password to use when logging into the LDAP server for authorization.DefaultLdapContextFactory.setSystemPassword(String)
public void setLdapContextFactory(LdapContextFactory ldapContextFactory)
LdapContextFactory
implementation that is used to create LDAP connections for
authentication and authorization. If this is set, the LdapContextFactory
provided will be used.
Otherwise, a DefaultLdapContextFactory
instance will be created based on the properties specified
in this realm.
ldapContextFactory
- the factory to use - if not specified, a default factory will be created automatically.protected void onInit()
AuthorizingRealm
cache
property has been set, it will be
used to cache the AuthorizationInfo objects returned from AuthorizingRealm.getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
method invocations.
All future calls to getAuthorizationInfo
will attempt to use this cache first
to alleviate any potentially unnecessary calls to an underlying data store.cache
property has not been set,
the cacheManager
property will be checked.
If a cacheManager
has been set, it will be used to create an authorization
cache
, and this newly created cache which will be used as specified in #1.(org.apache.shiro.cache.Cache) cache
or cacheManager
properties are set, caching will be disabled and authorization look-ups will be delegated to
subclass implementations for each authorization check.
onInit
in class AuthorizingRealm
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException
AuthenticatingRealm
null
return value means that no account could be associated with the specified token.
doGetAuthenticationInfo
in class AuthenticatingRealm
token
- the authentication token containing the user's principal and credentials.
AuthenticationInfo
object containing account data resulting from the
authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.)
AuthenticationException
- if there is an error acquiring data or performing
realm-specific authentication logic for the specified tokenprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
AuthorizingRealm
SimpleAuthorizationInfo
, as it is suitable in most cases.
doGetAuthorizationInfo
in class AuthorizingRealm
principals
- the primary identifying principals of the AuthorizationInfo that should be retrieved.
SimpleAuthorizationInfo
protected abstract AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException
Abstract method that should be implemented by subclasses to builds an
AuthenticationInfo
object by querying the LDAP context for the
specified username.
token
- the authentication token given during authentication.ldapContextFactory
- factory used to retrieve LDAP connections.
AuthenticationInfo
instance containing information retrieved from the LDAP server.
NamingException
- if any LDAP errors occur during the search.protected abstract AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principal, LdapContextFactory ldapContextFactory) throws NamingException
Abstract method that should be implemented by subclasses to builds an
AuthorizationInfo
object by querying the LDAP context for the
specified principal.
principal
- the principal of the Subject whose AuthenticationInfo should be queried from the LDAP server.ldapContextFactory
- factory used to retrieve LDAP connections.
AuthorizationInfo
instance containing information retrieved from the LDAP server.
NamingException
- if any LDAP errors occur during the search.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |