public class JNDIRealm extends RealmBase
Implementation of Realm that works with a directory server accessed via the Java Naming and Directory Interface (JNDI) APIs. The following constraints are imposed on the data structure in the underlying directory server:
DirContext
that is accessed
via the connectionURL
property.connectURL
an attempt will be made to use the alternateURL
if it
exists.userPattern
property.userPattern
property is not
specified, a unique element can be located by searching the directory
context. In this case:
userSearch
pattern specifies the search filter
after substitution of the username.userBase
property can be set to the element that
is the base of the subtree containing users. If not specified,
the search base is the top-level context.userSubtree
property can be set to
true
if you wish to search the entire subtree of the
directory context. The default value of false
requests a search of only the current level.userPassword
property is not specified.userPassword
property is specified, in which case:
userPassword
property.
RealmBase.digest()
method (using the standard digest
support included in RealmBase
).
RealmBase.digest()
) are equal to the retrieved value
for the user password attribute.DirContext
that is accessed via the
connectionURL
property. This element has the following
characteristics:
roleSearch
property.roleSearch
pattern optionally includes pattern
replacements "{0}" for the distinguished name, and/or "{1}" for
the username, and/or "{2}" the value of an attribute from the
user's directory entry (the attribute is specified by the
userRoleAttribute
property), of the authenticated user
for which roles will be retrieved.roleBase
property can be set to the element that
is the base of the search for matching roles. If not specified,
the entire context will be searched.roleSubtree
property can be set to
true
if you wish to search the entire subtree of the
directory context. The default value of false
requests a search of only the current level.roleName
property) containing the name of the
role represented by this element.userRoleName
property.commonRole
property to the
name of this role. The role doesn't have to exist in the directory.roleNested
to true
.
The default value is false
, so role searches will not find
nested roles.<security-role-ref>
element in
the web application deployment descriptor allows applications to refer
to roles programmatically by names other than those used in the
directory server itself.TODO - Support connection pooling (including message
format objects) so that authenticate()
does not have to be
synchronized.
WARNING - There is a reported bug against the Netscape provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to successfully authenticated a non-existing user. The report is here: http://bz.apache.org/bugzilla/show_bug.cgi?id=11210 . With luck, Netscape has updated their provider code and this is not an issue.
Modifier and Type | Class and Description |
---|---|
protected static class |
JNDIRealm.User
A protected class representing a User
|
RealmBase.AllRolesMode
Lifecycle.SingleUse
Modifier and Type | Field and Description |
---|---|
protected boolean |
adCompat
Should we ignore PartialResultExceptions when iterating over NamingEnumerations?
|
protected String |
alternateURL
An alternate URL, to which, we should connect if connectionURL fails.
|
protected String |
authentication
The type of authentication to use
|
protected String |
commonRole
Add this role to every authenticated user
|
protected int |
connectionAttempt
The number of connection attempts.
|
protected String |
connectionName
The connection username for the server we will contact.
|
protected String |
connectionPassword
The connection password for the server we will contact.
|
protected String |
connectionTimeout
The timeout, in milliseconds, to use when trying to create a connection
to the directory.
|
protected String |
connectionURL
The connection URL for the server we will contact.
|
protected DirContext |
context
The directory context linking us to our directory server.
|
protected String |
contextFactory
The JNDI context factory used to acquire our InitialContext.
|
static String |
DEREF_ALIASES
Constant that holds the name of the environment property for specifying
the manner in which aliases should be dereferenced.
|
protected String |
derefAliases
How aliases should be dereferenced during search operations.
|
protected static String |
name
Descriptive information about this Realm implementation.
|
protected String |
protocol
The protocol that will be used in the communication with the
directory server.
|
protected String |
referrals
How should we handle referrals?
|
protected String |
roleBase
The base element for role searches.
|
protected MessageFormat |
roleBaseFormat
The MessageFormat object associated with the current
roleBase . |
protected MessageFormat |
roleFormat
The MessageFormat object associated with the current
roleSearch . |
protected String |
roleName
The name of the attribute containing roles held elsewhere
|
protected boolean |
roleNested
Should we look for nested group in order to determine roles?
|
protected String |
roleSearch
The message format used to select roles for a user, with "{0}" marking
the spot where the distinguished name of the user goes.
|
protected boolean |
roleSearchAsUser
When searching for user roles, should the search be performed as the user
currently being authenticated?
|
protected boolean |
roleSubtree
Should we search the entire subtree for matching memberships?
|
protected long |
sizeLimit
The sizeLimit (also known as the countLimit) to use when the realm is
configured with
userSearch . |
protected String |
spnegoDelegationQop
The QOP that should be used for the connection to the LDAP server after
authentication.
|
protected int |
timeLimit
The timeLimit (in milliseconds) to use when the realm is configured with
userSearch . |
protected boolean |
useDelegatedCredential
Should delegated credentials from the SPNEGO authenticator be used if
available
|
protected String |
userBase
The base element for user searches.
|
protected String |
userPassword
The attribute name used to retrieve the user password.
|
protected String |
userPattern
The message format used to form the distinguished name of a
user, with "{0}" marking the spot where the specified username
goes.
|
protected String[] |
userPatternArray
A string of LDAP user patterns or paths, ":"-separated
These will be used to form the distinguished name of a
user, with "{0}" marking the spot where the specified username
goes.
|
protected MessageFormat[] |
userPatternFormatArray
An array of MessageFormat objects associated with the current
userPatternArray . |
protected String |
userRoleAttribute
The name of the attribute inside the users
directory entry where the value will be
taken to search for roles
This attribute is not used during a nested search
|
protected String |
userRoleName
The name of an attribute in the user's entry containing
roles for that user
|
protected String |
userSearch
The message format used to search for a user, with "{0}" marking
the spot where the username goes.
|
protected MessageFormat |
userSearchFormat
The MessageFormat object associated with the current
userSearch . |
protected boolean |
userSubtree
Should we search the entire subtree for matching users?
|
allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassName
mserver
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
Constructor and Description |
---|
JNDIRealm() |
Modifier and Type | Method and Description |
---|---|
Principal |
authenticate(DirContext context,
String username,
String credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return
null . |
Principal |
authenticate(String username,
String credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return
null . |
protected boolean |
bindAsUser(DirContext context,
JNDIRealm.User user,
String credentials)
Check credentials by binding to the directory as the user
|
protected boolean |
checkCredentials(DirContext context,
JNDIRealm.User user,
String credentials)
Check whether the given User can be authenticated with the
given credentials.
|
protected void |
close(DirContext context)
Close any open connection to the directory server for this Realm.
|
protected boolean |
compareCredentials(DirContext context,
JNDIRealm.User info,
String credentials)
Check whether the credentials presented by the user match those
retrieved from the directory.
|
protected String |
doRFC2254Encoding(String inString)
Given an LDAP search string, returns the string with certain characters
escaped according to RFC 2254 guidelines.
|
boolean |
getAdCompat() |
String |
getAlternateURL()
Getter for property alternateURL.
|
String |
getAuthentication() |
String |
getCommonRole() |
String |
getConnectionName() |
String |
getConnectionPassword() |
String |
getConnectionTimeout() |
String |
getConnectionURL() |
String |
getContextFactory() |
String |
getDerefAliases() |
protected Hashtable<String,String> |
getDirectoryContextEnvironment()
Create our directory context configuration.
|
protected String |
getDistinguishedName(DirContext context,
String base,
SearchResult result)
Returns the distinguished name of a search result.
|
HostnameVerifier |
getHostnameVerifier() |
String |
getHostnameVerifierClassName() |
protected String |
getName() |
protected String |
getPassword(String username)
Get the password for the specified user.
|
protected Principal |
getPrincipal(DirContext context,
String username,
GSSCredential gssCredential)
Get the principal associated with the specified certificate.
|
protected Principal |
getPrincipal(String username)
Get the principal associated with the specified certificate.
|
protected Principal |
getPrincipal(String username,
GSSCredential gssCredential) |
String |
getProtocol() |
String |
getReferrals() |
String |
getRoleBase() |
String |
getRoleName() |
boolean |
getRoleNested() |
protected List<String> |
getRoles(DirContext context,
JNDIRealm.User user)
Return a List of roles associated with the given User.
|
String |
getRoleSearch() |
boolean |
getRoleSubtree() |
long |
getSizeLimit() |
String |
getSpnegoDelegationQop() |
int |
getTimeLimit() |
protected JNDIRealm.User |
getUser(DirContext context,
String username)
Return a User object containing information about the user
with the specified username, if found in the directory;
otherwise return
null . |
protected JNDIRealm.User |
getUser(DirContext context,
String username,
String credentials)
Return a User object containing information about the user
with the specified username, if found in the directory;
otherwise return
null . |
protected JNDIRealm.User |
getUser(DirContext context,
String username,
String credentials,
int curUserPattern)
Return a User object containing information about the user
with the specified username, if found in the directory;
otherwise return
null . |
String |
getUserBase() |
protected JNDIRealm.User |
getUserByPattern(DirContext context,
String username,
String[] attrIds,
String dn)
Use the distinguished name to locate the directory
entry for the user with the specified username and
return a User object; otherwise return
null . |
protected JNDIRealm.User |
getUserByPattern(DirContext context,
String username,
String credentials,
String[] attrIds,
int curUserPattern)
Use the
UserPattern configuration attribute to
locate the directory entry for the user with the specified
username and return a User object; otherwise return
null . |
protected JNDIRealm.User |
getUserBySearch(DirContext context,
String username,
String[] attrIds)
Search the directory to return a User object containing
information about the user with the specified username, if
found in the directory; otherwise return
null . |
String |
getUserPassword() |
String |
getUserPattern() |
String |
getUserRoleAttribute() |
String |
getUserRoleName() |
String |
getUserSearch() |
boolean |
getUserSubtree() |
boolean |
getUseStartTls() |
boolean |
isRoleSearchAsUser() |
boolean |
isUseDelegatedCredential() |
boolean |
isUserSearchAsUser() |
protected DirContext |
open()
Open (if necessary) and return a connection to the configured
directory server for this Realm.
|
protected String[] |
parseUserPatternString(String userPatternString)
Given a string containing LDAP patterns for user locations (separated by
parentheses in a pseudo-LDAP search string format -
"(location1)(location2)", returns an array of those paths.
|
protected void |
release(DirContext context)
Release our use of this connection so that it can be recycled.
|
void |
setAdCompat(boolean adCompat)
How do we handle PartialResultExceptions?
|
void |
setAlternateURL(String alternateURL)
Setter for property alternateURL.
|
void |
setAuthentication(String authentication)
Set the type of authentication to use.
|
void |
setCipherSuites(String suites)
Set the allowed cipher suites when opening a connection using StartTLS.
|
void |
setCommonRole(String commonRole)
Set the common role
|
void |
setConnectionName(String connectionName)
Set the connection username for this Realm.
|
void |
setConnectionPassword(String connectionPassword)
Set the connection password for this Realm.
|
void |
setConnectionTimeout(String timeout)
Set the connection timeout.
|
void |
setConnectionURL(String connectionURL)
Set the connection URL for this Realm.
|
void |
setContextFactory(String contextFactory)
Set the JNDI context factory for this Realm.
|
void |
setDerefAliases(String derefAliases)
Set the value for derefAliases to be used when searching the directory.
|
void |
setHostnameVerifierClassName(String verifierClassName)
Set the
HostnameVerifier to be used when opening connections
using StartTLS. |
void |
setProtocol(String protocol)
Set the protocol for this Realm.
|
void |
setReferrals(String referrals)
How do we handle JNDI referrals?
|
void |
setRoleBase(String roleBase)
Set the base element for role searches.
|
void |
setRoleName(String roleName)
Set the role name attribute name for this Realm.
|
void |
setRoleNested(boolean roleNested)
Set the "search subtree for roles" flag.
|
void |
setRoleSearch(String roleSearch)
Set the message format pattern for selecting roles in this Realm.
|
void |
setRoleSearchAsUser(boolean roleSearchAsUser) |
void |
setRoleSubtree(boolean roleSubtree)
Set the "search subtree for roles" flag.
|
void |
setSizeLimit(long sizeLimit) |
void |
setSpnegoDelegationQop(String spnegoDelegationQop) |
void |
setSslProtocol(String protocol)
Set the ssl protocol to be used for connections using StartTLS.
|
void |
setSslSocketFactoryClassName(String factoryClassName)
Set the
SSLSocketFactory to be used when opening connections
using StartTLS. |
void |
setTimeLimit(int timeLimit) |
void |
setUseDelegatedCredential(boolean useDelegatedCredential) |
void |
setUserBase(String userBase)
Set the base element for user searches.
|
void |
setUserPassword(String userPassword)
Set the password attribute used to retrieve the user password.
|
void |
setUserPattern(String userPattern)
Set the message format pattern for selecting users in this Realm.
|
void |
setUserRoleAttribute(String userRoleAttribute) |
void |
setUserRoleName(String userRoleName)
Set the user role name attribute name for this Realm.
|
void |
setUserSearch(String userSearch)
Set the message format pattern for selecting users in this Realm.
|
void |
setUserSearchAsUser(boolean userSearchAsUser) |
void |
setUserSubtree(boolean userSubtree)
Set the "search subtree for users" flag.
|
void |
setUseStartTls(boolean useStartTls)
Flag whether StartTLS should be used when connecting to the ldap server
|
protected void |
startInternal()
Prepare for the beginning of active use of the public methods of this
component and implement the requirements of
LifecycleBase.startInternal() . |
protected void |
stopInternal()
Gracefully terminate the active use of the public methods of this
component and implement the requirements of
LifecycleBase.stopInternal() . |
addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, Digest, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRole, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setContainer, setCredentialHandler, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, toString
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop
protected String authentication
protected String connectionName
protected String connectionPassword
protected String connectionURL
protected DirContext context
protected String contextFactory
protected String derefAliases
public static final String DEREF_ALIASES
protected static final String name
protected String protocol
protected boolean adCompat
protected String referrals
protected String userBase
protected String userSearch
protected MessageFormat userSearchFormat
userSearch
.protected boolean userSubtree
protected String userPassword
protected String userRoleAttribute
protected String[] userPatternArray
protected String userPattern
protected MessageFormat[] userPatternFormatArray
userPatternArray
.protected String roleBase
protected MessageFormat roleBaseFormat
roleBase
.protected MessageFormat roleFormat
roleSearch
.protected String userRoleName
protected String roleName
protected String roleSearch
protected boolean roleSubtree
protected boolean roleNested
protected boolean roleSearchAsUser
connectionName
and
connectionPassword
will be used if specified, else an anonymous
connection will be used.protected String alternateURL
protected int connectionAttempt
protected String commonRole
protected String connectionTimeout
protected long sizeLimit
userSearch
. Zero for no limit.protected int timeLimit
userSearch
. Zero for no limit.protected boolean useDelegatedCredential
protected String spnegoDelegationQop
javax.security.sasl.qop
environment property for the LDAP
connection.public String getAuthentication()
public void setAuthentication(String authentication)
authentication
- The authenticationpublic String getConnectionName()
public void setConnectionName(String connectionName)
connectionName
- The new connection usernamepublic String getConnectionPassword()
public void setConnectionPassword(String connectionPassword)
connectionPassword
- The new connection passwordpublic String getConnectionURL()
public void setConnectionURL(String connectionURL)
connectionURL
- The new connection URLpublic String getContextFactory()
public void setContextFactory(String contextFactory)
contextFactory
- The new context factorypublic String getDerefAliases()
public void setDerefAliases(String derefAliases)
derefAliases
- New value of property derefAliases.public String getProtocol()
public void setProtocol(String protocol)
protocol
- The new protocol.public boolean getAdCompat()
public void setAdCompat(boolean adCompat)
adCompat
- true
to ignore partial resultspublic String getReferrals()
public void setReferrals(String referrals)
referrals
- The referral handlingpublic String getUserBase()
public void setUserBase(String userBase)
userBase
- The new base elementpublic String getUserSearch()
public void setUserSearch(String userSearch)
userSearch
- The new user search patternpublic boolean isUserSearchAsUser()
public void setUserSearchAsUser(boolean userSearchAsUser)
public boolean getUserSubtree()
public void setUserSubtree(boolean userSubtree)
userSubtree
- The new search flagpublic String getUserRoleName()
public void setUserRoleName(String userRoleName)
userRoleName
- The new userRole name attribute namepublic String getRoleBase()
public void setRoleBase(String roleBase)
roleBase
- The new base elementpublic String getRoleName()
public void setRoleName(String roleName)
roleName
- The new role name attribute namepublic String getRoleSearch()
public void setRoleSearch(String roleSearch)
roleSearch
- The new role search patternpublic boolean isRoleSearchAsUser()
public void setRoleSearchAsUser(boolean roleSearchAsUser)
public boolean getRoleSubtree()
public void setRoleSubtree(boolean roleSubtree)
roleSubtree
- The new search flagpublic boolean getRoleNested()
public void setRoleNested(boolean roleNested)
roleNested
- The nested group search flagpublic String getUserPassword()
public void setUserPassword(String userPassword)
userPassword
- The new password attributepublic String getUserRoleAttribute()
public void setUserRoleAttribute(String userRoleAttribute)
public String getUserPattern()
public void setUserPattern(String userPattern)
userPattern
- The new user patternpublic String getAlternateURL()
public void setAlternateURL(String alternateURL)
alternateURL
- New value of property alternateURL.public String getCommonRole()
public void setCommonRole(String commonRole)
commonRole
- The common rolepublic String getConnectionTimeout()
public void setConnectionTimeout(String timeout)
timeout
- The new connection timeoutpublic long getSizeLimit()
public void setSizeLimit(long sizeLimit)
public int getTimeLimit()
public void setTimeLimit(int timeLimit)
public boolean isUseDelegatedCredential()
public void setUseDelegatedCredential(boolean useDelegatedCredential)
public String getSpnegoDelegationQop()
public void setSpnegoDelegationQop(String spnegoDelegationQop)
public boolean getUseStartTls()
public void setUseStartTls(boolean useStartTls)
useStartTls
- true
when StartTLS should be used. Default is
false
.public void setCipherSuites(String suites)
suites
- comma separated list of allowed cipher suitespublic String getHostnameVerifierClassName()
HostnameVerifier
class used for connections
using StartTLS, or the empty string, if the default verifier
should be used.public void setHostnameVerifierClassName(String verifierClassName)
HostnameVerifier
to be used when opening connections
using StartTLS. An instance of the given class name will be constructed
using the default constructor.verifierClassName
- class name of the HostnameVerifier
to be constructedpublic HostnameVerifier getHostnameVerifier()
HostnameVerifier
to use for peer certificate
verification when opening connections using StartTLS.public void setSslSocketFactoryClassName(String factoryClassName)
SSLSocketFactory
to be used when opening connections
using StartTLS. An instance of the factory with the given name will be
created using the default constructor. The SSLSocketFactory can also be
set using setSslProtocol(String)
.factoryClassName
- class name of the factory to be constructedpublic void setSslProtocol(String protocol)
protocol
- one of the allowed ssl protocol namespublic Principal authenticate(String username, String credentials)
null
.
If there are any errors with the JDBC connection, executing
the query or anything we return null (don't authenticate). This
event is also logged, and the connection will be closed so that
a subsequent request will automatically re-open it.authenticate
in interface Realm
authenticate
in class RealmBase
username
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this usernamenull
if there is none.public Principal authenticate(DirContext context, String username, String credentials) throws NamingException
null
.context
- The directory contextusername
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this usernamenull
if there is none.NamingException
- if a directory server error occursprotected JNDIRealm.User getUser(DirContext context, String username) throws NamingException
null
.context
- The directory contextusername
- Username to be looked upNamingException
- if a directory server error occursgetUser(DirContext, String, String, int)
protected JNDIRealm.User getUser(DirContext context, String username, String credentials) throws NamingException
null
.context
- The directory contextusername
- Username to be looked upcredentials
- User credentials (optional)NamingException
- if a directory server error occursgetUser(DirContext, String, String, int)
protected JNDIRealm.User getUser(DirContext context, String username, String credentials, int curUserPattern) throws NamingException
null
.
If the userPassword
configuration attribute is
specified, the value of that attribute is retrieved from the
user's directory entry. If the userRoleName
configuration attribute is specified, all values of that
attribute are retrieved from the directory entry.context
- The directory contextusername
- Username to be looked upcredentials
- User credentials (optional)curUserPattern
- Index into userPatternFormatArrayNamingException
- if a directory server error occursprotected JNDIRealm.User getUserByPattern(DirContext context, String username, String[] attrIds, String dn) throws NamingException
null
.context
- The directory contextusername
- The usernameattrIds
- String[]containing names of attributes todn
- Distinguished name of the user
retrieve.NamingException
- if a directory server error occursprotected JNDIRealm.User getUserByPattern(DirContext context, String username, String credentials, String[] attrIds, int curUserPattern) throws NamingException
UserPattern
configuration attribute to
locate the directory entry for the user with the specified
username and return a User object; otherwise return
null
.context
- The directory contextusername
- The usernamecredentials
- User credentials (optional)attrIds
- String[]containing names of attributes tocurUserPattern
- Index into userPatternFormatArrayNamingException
- if a directory server error occursgetUserByPattern(DirContext, String, String[], String)
protected JNDIRealm.User getUserBySearch(DirContext context, String username, String[] attrIds) throws NamingException
null
.context
- The directory contextusername
- The usernameattrIds
- String[]containing names of attributes to retrieve.NamingException
- if a directory server error occursprotected boolean checkCredentials(DirContext context, JNDIRealm.User user, String credentials) throws NamingException
userPassword
configuration attribute is specified, the credentials
previously retrieved from the directory are compared explicitly
with those presented by the user. Otherwise the presented
credentials are checked by binding to the directory as the
user.context
- The directory contextuser
- The User to be authenticatedcredentials
- The credentials presented by the usertrue
if the credentials are validatedNamingException
- if a directory server error occursprotected boolean compareCredentials(DirContext context, JNDIRealm.User info, String credentials) throws NamingException
context
- The directory contextinfo
- The User to be authenticatedcredentials
- Authentication credentialstrue
if the credentials are validatedNamingException
- if a directory server error occursprotected boolean bindAsUser(DirContext context, JNDIRealm.User user, String credentials) throws NamingException
context
- The directory contextuser
- The User to be authenticatedcredentials
- Authentication credentialstrue
if the credentials are validatedNamingException
- if a directory server error occursprotected List<String> getRoles(DirContext context, JNDIRealm.User user) throws NamingException
context
- The directory context we are searchinguser
- The User to be checkedNamingException
- if a directory server error occursprotected void close(DirContext context)
context
- The directory context to be closedprotected String getName()
protected String getPassword(String username)
getPassword
in class RealmBase
username
- The user nameprotected Principal getPrincipal(String username)
getPrincipal
in class RealmBase
username
- The user nameprotected Principal getPrincipal(String username, GSSCredential gssCredential)
getPrincipal
in class RealmBase
protected Principal getPrincipal(DirContext context, String username, GSSCredential gssCredential) throws NamingException
context
- The directory contextusername
- The user namegssCredential
- The credentialsNamingException
- if a directory server error occursprotected DirContext open() throws NamingException
NamingException
- if a directory server error occursprotected Hashtable<String,String> getDirectoryContextEnvironment()
protected void release(DirContext context)
context
- The directory context to releaseprotected void startInternal() throws LifecycleException
LifecycleBase.startInternal()
.startInternal
in class RealmBase
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedprotected void stopInternal() throws LifecycleException
LifecycleBase.stopInternal()
.stopInternal
in class RealmBase
LifecycleException
- if this component detects a fatal error
that needs to be reportedprotected String[] parseUserPatternString(String userPatternString)
userPatternString
- - a string LDAP search paths surrounded by
parenthesesprotected String doRFC2254Encoding(String inString)
inString
- string to escape according to RFC 2254 guidelinesprotected String getDistinguishedName(DirContext context, String base, SearchResult result) throws NamingException
context
- Our DirContextbase
- The base DNresult
- The search resultNamingException
- if a directory server error occursCopyright © 2000-2016 Apache Software Foundation. All Rights Reserved.