Package com.netscape.cms.authentication
Class UserPwdDirAuthentication
java.lang.Object
org.dogtagpki.server.authentication.AuthManager
com.netscape.cms.authentication.DirBasedAuthentication
com.netscape.cms.authentication.UserPwdDirAuthentication
- All Implemented Interfaces:
IExtendedPluginInfo
uid/pwd directory based authentication manager
- Version:
- $Revision$, $Date$
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
static final String
static org.slf4j.Logger
protected String
protected String
protected String[]
protected static String[]
protected String
protected boolean
protected String
protected String
protected String[]
protected UGSubsystem
Fields inherited from class com.netscape.cms.authentication.DirBasedAuthentication
DEFAULT_DNPATTERN, mBaseDN, mBoundConnEnable, mConnFactory, mExtendedPluginInfo, mGroupObjectClass, mGroups, mGroupsBaseDN, mGroupsEnable, mGroupUserIDName, mLdapAttrs, mLdapByteAttrs, mLdapConfig, mLdapStringAttrs, mPattern, mSearchGroupUserByUserdn, mTag, mUserIDName, PROP_DNPATTERN, PROP_GROUP_OBJECT_CLASS, PROP_GROUP_USERID_NAME, PROP_GROUPS, PROP_GROUPS_BASEDN, PROP_GROUPS_ENABLE, PROP_LDAP_BOUND_CONN, PROP_LDAPBYTEATTRS, PROP_LDAPSTRINGATTRS, PROP_SEARCH_GROUP_USER_BY_USERDN, PROP_USERID_NAME, USER_DN
Fields inherited from class org.dogtagpki.server.authentication.AuthManager
AUTHENTICATED_NAME, authenticationConfig, CRED_CERT_SERIAL_TO_REVOKE, CRED_CMC_SELF_SIGNED, CRED_CMC_SIGNING_CERT, CRED_HOST_NAME, CRED_SESSION_ID, CRED_SSL_CLIENT_CERT, engine, mConfig, mImplName, mName
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected String
authenticate
(netscape.ldap.LDAPConnection conn, AuthCredentials authCreds, AuthToken token) Authenticates a user based on attr, pwd in the directory.String[]
Returns a list of configuration parameter names.Retrieves the localizable name of this policy.String[]
Returns array of required credentials for this authentication manager.Retrieves the localizable description of this policy.getValueDescriptor
(Locale locale, String name) Retrieves the descriptor of the given value parameter by name.Retrieves a list of names of the value parameter.void
init
(ConfigStore config) Initializes this default policy.void
init
(AuthenticationConfig authenticationConfig, String name, String implName, AuthManagerConfig config) Initializes the UserPwdDirAuthentication auth manager.boolean
Checks if this authenticator requires SSL client authentication.boolean
isValueWriteable
(String name) Checks if the value of the given property should be serializable into the request.void
Populates authentication specific information into the request for auditing purposes.Methods inherited from class com.netscape.cms.authentication.DirBasedAuthentication
authenticate, formCertInfo, formSubjectName, getExtendedPluginInfo, getLdapAttrs, getLdapByteAttrs, init, setAuthTokenByteValue, setAuthTokenStringValue, setAuthTokenValues, shutdown
Methods inherited from class org.dogtagpki.server.authentication.AuthManager
getAuthenticationConfig, getCMSEngine, getConfigStore, getImplName, getName, setAuthenticationConfig, setCMSEngine
-
Field Details
-
logger
public static org.slf4j.Logger logger -
CRED_UID
- See Also:
-
CRED_PWD
- See Also:
-
mAttr
-
mRequiredCreds
-
mAttrName
-
mAttrDesc
-
mMemberAttrName
-
mMemberAttrValue
-
mInternalGroup
-
mInternalUserRequired
protected boolean mInternalUserRequired -
mUGS
-
mAttrs
-
mConfigParams
-
-
Constructor Details
-
UserPwdDirAuthentication
public UserPwdDirAuthentication()Default constructor, initialization must follow.
-
-
Method Details
-
init
public void init(AuthenticationConfig authenticationConfig, String name, String implName, AuthManagerConfig config) throws EBaseException Initializes the UserPwdDirAuthentication auth manager.- Overrides:
init
in classDirBasedAuthentication
- Parameters:
name
- - The name for this authentication manager instance.implName
- - The name of the authentication manager plugin.config
- - The configuration store for this instance.- Throws:
EBaseException
- If an error occurs during initialization.
-
authenticate
protected String authenticate(netscape.ldap.LDAPConnection conn, AuthCredentials authCreds, AuthToken token) throws EBaseException Authenticates a user based on attr, pwd in the directory.- Specified by:
authenticate
in classDirBasedAuthentication
- Parameters:
authCreds
- The authentication credentials.- Returns:
- The user's ldap entry dn.
- Throws:
EInvalidCredentials
- If the attr and password are not validEBaseException
- If an internal error occurs.
-
getConfigParams
Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.- Overrides:
getConfigParams
in classAuthManager
- Returns:
- String array of configuration parameter names.
-
getRequiredCreds
Returns array of required credentials for this authentication manager.- Specified by:
getRequiredCreds
in classDirBasedAuthentication
- Returns:
- Array of required credentials.
-
init
Description copied from class:AuthManager
Initializes this default policy.- Specified by:
init
in classAuthManager
- Parameters:
config
- configuration store- Throws:
EProfileException
- failed to initialize
-
getName
Retrieves the localizable name of this policy.- Overrides:
getName
in classAuthManager
- Parameters:
locale
- end user locale- Returns:
- localized authenticator name
-
getText
Retrieves the localizable description of this policy.- Overrides:
getText
in classDirBasedAuthentication
- Parameters:
locale
- end user locale- Returns:
- localized authenticator description
-
getValueNames
Retrieves a list of names of the value parameter.- Overrides:
getValueNames
in classDirBasedAuthentication
- Returns:
- a list of property names
-
isValueWriteable
Description copied from class:AuthManager
Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.- Overrides:
isValueWriteable
in classDirBasedAuthentication
- Parameters:
name
- property name- Returns:
- true if the property is not security related
-
getValueDescriptor
Retrieves the descriptor of the given value parameter by name.- Overrides:
getValueDescriptor
in classDirBasedAuthentication
- Parameters:
locale
- user localename
- property name- Returns:
- descriptor of the requested property
-
populate
Description copied from class:AuthManager
Populates authentication specific information into the request for auditing purposes.- Overrides:
populate
in classDirBasedAuthentication
- Parameters:
token
- authentication tokenrequest
- request- Throws:
EProfileException
- failed to populate
-
isSSLClientRequired
public boolean isSSLClientRequired()Description copied from class:AuthManager
Checks if this authenticator requires SSL client authentication.- Overrides:
isSSLClientRequired
in classDirBasedAuthentication
- Returns:
- client authentication required or not
-