Class SearchFirstActiveDirectoryRealm
java.lang.Object
org.apache.shiro.realm.CachingRealm
org.apache.shiro.realm.AuthenticatingRealm
org.apache.shiro.realm.AuthorizingRealm
org.apache.shiro.realm.ldap.AbstractLdapRealm
org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
com.linecorp.centraldogma.server.auth.shiro.realm.SearchFirstActiveDirectoryRealm
- All Implemented Interfaces:
org.apache.shiro.authc.LogoutAware,org.apache.shiro.authz.Authorizer,org.apache.shiro.authz.permission.PermissionResolverAware,org.apache.shiro.authz.permission.RolePermissionResolverAware,org.apache.shiro.cache.CacheManagerAware,org.apache.shiro.realm.Realm,org.apache.shiro.util.Initializable,org.apache.shiro.util.Nameable
public class SearchFirstActiveDirectoryRealm
extends org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
A variant of
ActiveDirectoryRealm that binds first with the privileged credential to search for
the DN of a user from a username before the actual authentication. This Realm is useful when
there is no simple rule to convert a username into a DN.
The INI configuration might be specified as follows:
[main]
adRealm = com.linecorp.centraldogma.server.support.shiro.SearchFirstActiveDirectoryRealm
adRealm.url = ldap://hostname:port
adRealm.systemUsername = admin
adRealm.systemPassword = admin
adRealm.searchBase = ...
adRealm.searchFilter = cn={0}
adRealm.searchTimeoutMillis = 10000
-
Field Summary
Fields inherited from class org.apache.shiro.realm.ldap.AbstractLdapRealm
principalSuffix, searchBase, systemPassword, systemUsername, url -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected StringfindUserDn(org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory, String username) Finds a distinguished name(DN) of a user by querying the active directory LDAP context for the specified username.protected StringReturns a search filter string.intReturns a timeout(ms) for LDAP search.protected org.apache.shiro.authc.AuthenticationInfoqueryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory) Builds anAuthenticationInfoobject by querying the active directory LDAP context for the specified username.protected voidsetSearchFilter(String searchFilter) Sets a search filter string.protected voidsetSearchTimeoutMillis(int searchTimeoutMillis) Sets a timeout(ms) for LDAP search.Methods inherited from class org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
buildAuthenticationInfo, buildAuthorizationInfo, getRoleNamesForGroups, queryForAuthorizationInfo, setGroupRolesMapMethods inherited from class org.apache.shiro.realm.ldap.AbstractLdapRealm
doGetAuthenticationInfo, doGetAuthorizationInfo, onInit, setLdapContextFactory, setPrincipalSuffix, setSearchBase, setSystemPassword, setSystemUsername, setUrlMethods inherited from class org.apache.shiro.realm.AuthorizingRealm
afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolverMethods inherited from class org.apache.shiro.realm.AuthenticatingRealm
assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supportsMethods inherited from class org.apache.shiro.realm.CachingRealm
clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabledMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.shiro.util.Initializable
init
-
Constructor Details
-
SearchFirstActiveDirectoryRealm
public SearchFirstActiveDirectoryRealm()
-
-
Method Details
-
getSearchFilter
Returns a search filter string. -
setSearchFilter
Sets a search filter string. -
getSearchTimeoutMillis
public int getSearchTimeoutMillis()Returns a timeout(ms) for LDAP search. -
setSearchTimeoutMillis
protected void setSearchTimeoutMillis(int searchTimeoutMillis) Sets a timeout(ms) for LDAP search. -
queryForAuthenticationInfo
@Nullable protected org.apache.shiro.authc.AuthenticationInfo queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory) throws NamingException Builds anAuthenticationInfoobject by querying the active directory LDAP context for the specified username.- Overrides:
queryForAuthenticationInfoin classorg.apache.shiro.realm.activedirectory.ActiveDirectoryRealm- Throws:
NamingException
-
findUserDn
@Nullable protected String findUserDn(org.apache.shiro.realm.ldap.LdapContextFactory ldapContextFactory, String username) throws NamingException Finds a distinguished name(DN) of a user by querying the active directory LDAP context for the specified username.- Returns:
- the DN of the user, or
nullif there's no such user - Throws:
NamingException
-