Class UserPwdDirAuthentication
java.lang.Object
com.netscape.cms.authentication.DirBasedAuthentication
com.netscape.cms.authentication.UserPwdDirAuthentication
- All Implemented Interfaces:
IExtendedPluginInfo,ProfileAuthenticator,AuthManager
public class UserPwdDirAuthentication
extends DirBasedAuthentication
implements ProfileAuthenticator
uid/pwd directory based authentication manager
- Version:
- $Revision$, $Date$
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic org.slf4j.Loggerprotected Stringprotected Stringprotected static String[]protected String[]Fields inherited from class com.netscape.cms.authentication.DirBasedAuthentication
DEFAULT_DNPATTERN, mBaseDN, mBoundConnEnable, mConfig, mConnFactory, mExtendedPluginInfo, mGroupObjectClass, mGroups, mGroupsBaseDN, mGroupsEnable, mGroupUserIDName, mImplName, mLdapAttrs, mLdapByteAttrs, mLdapConfig, mLdapStringAttrs, mName, mPattern, mSearchGroupUserByUserdn, mTag, mUserIDName, PROP_DNPATTERN, PROP_GROUP_OBJECT_CLASS, PROP_GROUP_USERID_NAME, PROP_GROUPS, PROP_GROUPS_BASEDN, PROP_GROUPS_ENABLE, PROP_LDAP_BOUND_CONN, PROP_LDAPBYTEATTRS, PROP_LDAPSTRINGATTRS, PROP_SEARCH_GROUP_USER_BY_USERDN, PROP_USERID_NAME, USER_DNFields inherited from interface org.dogtagpki.server.authentication.AuthManager
CRED_CERT_SERIAL_TO_REVOKE, CRED_CMC_SELF_SIGNED, CRED_CMC_SIGNING_CERT, CRED_HOST_NAME, CRED_SESSION_ID, CRED_SSL_CLIENT_CERTFields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKENFields inherited from interface com.netscape.cms.profile.ProfileAuthenticator
AUTHENTICATED_NAME -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected Stringauthenticate(netscape.ldap.LDAPConnection conn, IAuthCredentials authCreds, AuthToken token) Authenticates a user based on attr, pwd in the directory.String[]Returns a list of configuration parameter names.Retrieves the localizable name of this policy.String[]Returns array of required credentials for this authentication manager.Retrieves the localizable description of this policy.getValueDescriptor(Locale locale, String name) Retrieves the descriptor of the given value parameter by name.Retrieves a list of names of the value parameter.voidinit(Profile profile, IConfigStore config) Initializes this default policy.voidinit(String name, String implName, AuthManagerConfig config) Initializes the UserPwdDirAuthentication auth manager.booleanChecks if this authenticator requires SSL client authentication.booleanisValueWriteable(String name) Checks if the value of the given property should be serializable into the request.voidpopulate(IAuthToken token, IRequest request) Populates authentication specific information into the request for auditing purposes.Methods inherited from class com.netscape.cms.authentication.DirBasedAuthentication
authenticate, formCertInfo, formSubjectName, getConfigStore, getExtendedPluginInfo, getImplName, getLdapAttrs, getLdapByteAttrs, getName, init, setAuthTokenByteValue, setAuthTokenStringValue, setAuthTokenValues, shutdownMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.dogtagpki.server.authentication.AuthManager
authenticate, getImplName, getName, shutdownMethods inherited from interface com.netscape.cms.profile.ProfileAuthenticator
getConfigStore
-
Field Details
-
logger
public static org.slf4j.Logger logger -
CRED_UID
- See Also:
-
CRED_PWD
- See Also:
-
mAttr
-
mRequiredCreds
-
mAttrName
-
mAttrDesc
-
mConfigParams
-
-
Constructor Details
-
UserPwdDirAuthentication
public UserPwdDirAuthentication()Default constructor, initialization must follow.
-
-
Method Details
-
init
Initializes the UserPwdDirAuthentication auth manager.- Specified by:
initin interfaceAuthManager- Overrides:
initin classDirBasedAuthentication- Parameters:
name- - The name for this authentication manager instance.implName- - The name of the authentication manager plugin.config- - The configuration store for this instance.- Throws:
EBaseException- If an error occurs during initialization.
-
authenticate
protected String authenticate(netscape.ldap.LDAPConnection conn, IAuthCredentials authCreds, AuthToken token) throws EBaseException Authenticates a user based on attr, pwd in the directory.- Specified by:
authenticatein classDirBasedAuthentication- Parameters:
authCreds- The authentication credentials.- Returns:
- The user's ldap entry dn.
- Throws:
EInvalidCredentials- If the attr and password are not validEBaseException- If an internal error occurs.
-
getConfigParams
Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.- Specified by:
getConfigParamsin interfaceAuthManager- Specified by:
getConfigParamsin classDirBasedAuthentication- Returns:
- String array of configuration parameter names.
-
getRequiredCreds
Returns array of required credentials for this authentication manager.- Specified by:
getRequiredCredsin interfaceAuthManager- Specified by:
getRequiredCredsin classDirBasedAuthentication- Returns:
- Array of required credentials.
-
init
Description copied from interface:ProfileAuthenticatorInitializes this default policy.- Specified by:
initin interfaceProfileAuthenticator- Parameters:
profile- owner of this authenticatorconfig- configuration store- Throws:
EProfileException- failed to initialize
-
getName
Retrieves the localizable name of this policy.- Specified by:
getNamein interfaceProfileAuthenticator- Parameters:
locale- end user locale- Returns:
- localized authenticator name
-
getText
Retrieves the localizable description of this policy.- Specified by:
getTextin interfaceProfileAuthenticator- Parameters:
locale- end user locale- Returns:
- localized authenticator description
-
getValueNames
Retrieves a list of names of the value parameter.- Specified by:
getValueNamesin interfaceProfileAuthenticator- Returns:
- a list of property names
-
isValueWriteable
Description copied from interface:ProfileAuthenticatorChecks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.- Specified by:
isValueWriteablein interfaceProfileAuthenticator- Parameters:
name- property name- Returns:
- true if the property is not security related
-
getValueDescriptor
Retrieves the descriptor of the given value parameter by name.- Specified by:
getValueDescriptorin interfaceProfileAuthenticator- Parameters:
locale- user localename- property name- Returns:
- descriptor of the requested property
-
populate
Description copied from interface:ProfileAuthenticatorPopulates authentication specific information into the request for auditing purposes.- Specified by:
populatein interfaceProfileAuthenticator- Parameters:
token- authentication tokenrequest- request- Throws:
EProfileException- failed to populate
-
isSSLClientRequired
public boolean isSSLClientRequired()Description copied from interface:ProfileAuthenticatorChecks if this authenticator requires SSL client authentication.- Specified by:
isSSLClientRequiredin interfaceProfileAuthenticator- Returns:
- client authentication required or not
-