Package net.shibboleth.idp.authn.config

Class LDAPAuthenticationFactoryBean

java.lang.Object
org.springframework.beans.factory.config.AbstractFactoryBean<Authenticator>
net.shibboleth.idp.authn.config.LDAPAuthenticationFactoryBean
All Implemented Interfaces:
Aware, BeanClassLoaderAware, BeanFactoryAware, DisposableBean, FactoryBean<Authenticator>, InitializingBean
public class LDAPAuthenticationFactoryBean extends AbstractFactoryBean<Authenticator>
LDAP Authentication configuration. See ldap-authn-config.xml

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • authenticatorType

      private LDAPAuthenticationFactoryBean.AuthenticatorType authenticatorType
      Type of authenticator to configure.

    • trustType

      private LDAPAuthenticationFactoryBean.TrustType trustType
      Type of trust model to configure.

    • connectionStrategyType

      private LDAPAuthenticationFactoryBean.ConnectionStrategyType connectionStrategyType
      Type of connection strategy to configure.

    • ldapUrl

      private String ldapUrl
      LDAP URL.

    • useStartTLS

      private boolean useStartTLS
      Whether to use startTLS for connections.

    • startTLSTimeout

      private Duration startTLSTimeout
      Wait time for startTLS responses.

    • disableHostnameVerification

      private boolean disableHostnameVerification
      Whether to use the allow-all hostname verifier.

    • connectTimeout

      private Duration connectTimeout
      Wait time for connects.

    • responseTimeout

      private Duration responseTimeout
      Wait time for operation responses.

    • autoReconnect

      private boolean autoReconnect
      Whether to automatically reconnect to the server when a connection is lost.

    • reconnectTimeout

      private Duration reconnectTimeout
      Wait time for reconnects.

    • trustCertificatesCredentialConfig

      private CredentialConfig trustCertificatesCredentialConfig
      Trust configuration when using certificate based trust.

    • truststoreCredentialConfig

      private CredentialConfig truststoreCredentialConfig
      Trust configuration when using truststore based trust.

    • disablePooling

      private boolean disablePooling
      Whether to disable connection pooling for both binds and searches.

    • blockWaitTime

      private Duration blockWaitTime
      Wait time for getting a connection from the pool.

    • minPoolSize

      private int minPoolSize
      Minimum pool size.

    • maxPoolSize

      private int maxPoolSize
      Maximum pool size.

    • validateOnCheckout

      private boolean validateOnCheckout
      Whether to validate connections when checked out from the pool.

    • validatePeriodically

      private boolean validatePeriodically
      Whether to validate connections periodically on a background thread.

    • validatePeriod

      private Duration validatePeriod
      Period at which to validate periodically.

    • validateDn

      private String validateDn
      DN to perform connection pool validation against.

    • validateFilter

      private String validateFilter
      Filter to execute against validateDn.

    • bindPoolPassivatorType

      private LDAPAuthenticationFactoryBean.PassivatorType bindPoolPassivatorType
      Type of passivator to configure for the bind pool.

    • prunePeriod

      private Duration prunePeriod
      Period at which to check and enforce the idle time.

    • idleTime

      private Duration idleTime
      Time at which a connection has been idle and should be removed from the pool.

    • dnFormat

      private String dnFormat
      Java format string used to construct an LDAP DN. See String.format(String, Object...).

    • baseDn

      private String baseDn
      Base DN used to search for users.

    • userFilter

      private String userFilter
      LDAP filter used to search for users.

    • subtreeSearch

      private boolean subtreeSearch
      Whether to use a SUBTREE search with the baseDn.

    • resolveEntryOnFailure

      private boolean resolveEntryOnFailure
      Whether to return the LDAP entry even if the user BIND fails.

    • resolveEntryWithBindDn

      private boolean resolveEntryWithBindDn
      Whether to resolve the user entry with the bind credentials.

    • velocityEngine

      private org.apache.velocity.app.VelocityEngine velocityEngine
      Velocity engine used to materialize the LDAP filter.

    • bindDn

      private String bindDn
      Privileged entry used to search for users.

    • bindDnCredential

      private String bindDnCredential
      Credential for the privileged entry.

    • usePasswordPolicy

      private boolean usePasswordPolicy
      Whether to use the password policy control with the BIND operation. See draft-behera-ldap-password-policy.

    • usePasswordExpiration

      private boolean usePasswordExpiration
      Whether to use the password expiration control with the BIND operation. See draft-vchu-ldap-pwd-policy.

    • isActiveDirectory

      private boolean isActiveDirectory
      Whether to use account state data as defined by active directory diagnostic messages.

    • isFreeIPA

      private boolean isFreeIPA
      Whether to use account state data as defined by the FreeIPA directory schema.

    • isEDirectory

      private boolean isEDirectory
      Whether to use account state data as defined by the EDirectory schema.

    • accountStateExpirationPeriod

      private Period accountStateExpirationPeriod
      Authentication handler account state expiration period.

    • accountStateWarningPeriod

      private Period accountStateWarningPeriod
      Authentication handler account state warning period.

    • accountStateLoginFailures

      private int accountStateLoginFailures
      Authentication handler account state login failures.

  • Constructor Details

    • LDAPAuthenticationFactoryBean

      public LDAPAuthenticationFactoryBean()

  • Method Details

    • setAuthenticatorType

      public void setAuthenticatorType(@Nonnull @NotEmpty String type)
      Set authenticatorType.
      Parameters:
      type - what to set

    • setTrustType

      public void setTrustType(@Nonnull @NotEmpty String type)
      Set trustType.
      Parameters:
      type - what to set

    • setConnectionStrategyType

      public void setConnectionStrategyType(@Nonnull @NotEmpty String type)
      Set connectionStrategyType.
      Parameters:
      type - what to set

    • setLdapUrl

      public void setLdapUrl(@Nullable @NotEmpty String url)
      Set ldapUrl.
      Parameters:
      url - what to set

    • setUseStartTLS

      public void setUseStartTLS(boolean b)
      Set useStartTLS.
      Parameters:
      b - what to set

    • setStartTLSTimeout

      public void setStartTLSTimeout(@Nullable Duration timeout)
      Set startTLSTimeout.
      Parameters:
      timeout - what to set

    • setDisableHostnameVerification

      public void setDisableHostnameVerification(boolean b)
      Set disableHostnameVerification.
      Parameters:
      b - what to set

    • setConnectTimeout

      public void setConnectTimeout(@Nullable Duration timeout)
      Set connectTimeout.
      Parameters:
      timeout - what to set

    • setResponseTimeout

      public void setResponseTimeout(@Nullable Duration timeout)
      Set responseTimeout.
      Parameters:
      timeout - what to set

    • setAutoReconnect

      public void setAutoReconnect(boolean b)
      Set autoReconnect.
      Parameters:
      b - what to set

    • setReconnectTimeout

      public void setReconnectTimeout(@Nullable Duration timeout)
      Set reconnectTimeout.
      Parameters:
      timeout - what to set

    • setTrustCertificatesCredentialConfig

      public void setTrustCertificatesCredentialConfig(CredentialConfig config)
      Set trustCertificatesCredentialConfig.
      Parameters:
      config - to set

    • setTruststoreCredentialConfig

      public void setTruststoreCredentialConfig(CredentialConfig config)
      Set truststoreCredentialConfig.
      Parameters:
      config - to set

    • setDisablePooling

      public void setDisablePooling(boolean b)
      Set disablePooling.
      Parameters:
      b - what to set

    • setBlockWaitTime

      public void setBlockWaitTime(@Nullable Duration time)
      Set blockWaitTime.
      Parameters:
      time - what to set

    • setMinPoolSize

      public void setMinPoolSize(int size)
      Set minPoolSize.
      Parameters:
      size - what to set

    • setMaxPoolSize

      public void setMaxPoolSize(int size)
      Set maxPoolSize.
      Parameters:
      size - what to set

    • setValidateOnCheckout

      public void setValidateOnCheckout(boolean b)
      Set validateOnCheckout.
      Parameters:
      b - what to set

    • setValidatePeriodically

      public void setValidatePeriodically(boolean b)
      Set validatePeriodically.
      Parameters:
      b - what to set

    • setValidatePeriod

      public void setValidatePeriod(@Nullable Duration period)
      Set validatePeriod.
      Parameters:
      period - what to set

    • setValidateDn

      public void setValidateDn(String dn)
      Set validateDn.
      Parameters:
      dn - what to set

    • setValidateFilter

      public void setValidateFilter(String filter)
      Set validateFilter.
      Parameters:
      filter - what to set

    • setBindPoolPassivatorType

      public void setBindPoolPassivatorType(@Nonnull @NotEmpty String type)
      Set bindPoolPassivatorType.
      Parameters:
      type - what to set

    • setPrunePeriod

      public void setPrunePeriod(@Nullable Duration period)
      Set prunePeriod.
      Parameters:
      period - what to set

    • setIdleTime

      public void setIdleTime(@Nullable Duration time)
      Set idleTime.
      Parameters:
      time - what to set

    • setDnFormat

      public void setDnFormat(String format)
      Set dnFormat.
      Parameters:
      format - what to set

    • setBaseDn

      public void setBaseDn(String dn)
      Set baseDn.
      Parameters:
      dn - what to set

    • setUserFilter

      public void setUserFilter(String filter)
      Set userFilter.
      Parameters:
      filter - what to set

    • getUserFilter

      @Nonnull private String getUserFilter()
      Get the userFilter.
      Returns:
      the userfilter

    • setSubtreeSearch

      public void setSubtreeSearch(boolean b)
      Set subtreeSearch.
      Parameters:
      b - what to set

    • setResolveEntryOnFailure

      public void setResolveEntryOnFailure(boolean b)
      Set resolveEntryOnFailure.
      Parameters:
      b - what to set

    • setResolveEntryWithBindDn

      public void setResolveEntryWithBindDn(boolean b)
      Set resolveEntryWithBindDn.
      Parameters:
      b - what to set

    • setVelocityEngine

      public void setVelocityEngine(org.apache.velocity.app.VelocityEngine engine)
      Set velocityEngine.
      Parameters:
      engine - what to set

    • getVelocityEngine

      @Nonnull private org.apache.velocity.app.VelocityEngine getVelocityEngine()
      Get the velocityEngine.
      Returns:
      the velocityEngine

    • setBindDn

      public void setBindDn(String dn)
      Set bindDn.
      Parameters:
      dn - what to set

    • setBindDnCredential

      public void setBindDnCredential(String credential)
      Set bindDnCredential.
      Parameters:
      credential - what to set

    • setUsePasswordPolicy

      public void setUsePasswordPolicy(boolean b)
      Set usePasswordExpiration.
      Parameters:
      b - what to set

    • setUsePasswordExpiration

      public void setUsePasswordExpiration(boolean b)
      Set usePasswordExpiration.
      Parameters:
      b - what to set

    • setActiveDirectory

      public void setActiveDirectory(boolean b)
      Set isActiveDirectory.
      Parameters:
      b - what to set

    • setFreeIPA

      public void setFreeIPA(boolean b)
      Set isFreeIPA.
      Parameters:
      b - what to set

    • setEDirectory

      public void setEDirectory(boolean b)
      Set isEDirectory.
      Parameters:
      b - what to set

    • setAccountStateExpirationPeriod

      public void setAccountStateExpirationPeriod(@Nullable Period period)
      Set accountStateExpirationPeriod.
      Parameters:
      period - what to set

    • setAccountStateWarningPeriod

      public void setAccountStateWarningPeriod(@Nullable Period period)
      Set accountStateWarningPeriod.
      Parameters:
      period - what to set

    • setAccountStateLoginFailures

      public void setAccountStateLoginFailures(int loginFailures)
      Set accountStateLoginFailures.
      Parameters:
      loginFailures - what to set

    • createSslConfig

      protected SslConfig createSslConfig()
      Returns a new SslConfig object derived from the configured trustType. Default uses JVM trust.
      Returns:
      new SslConfig

    • createConnectionConfig

      protected ConnectionConfig createConnectionConfig()
      Returns a new ConnectionConfig without a connection initializer.
      Returns:
      new ConnectionConfig

    • createConnectionConfig

      protected ConnectionConfig createConnectionConfig(@Nullable ConnectionInitializer initializer)
      Returns a new ConnectionConfig with the supplied connection initializer.
      Parameters:
      initializer - to configure or null
      Returns:
      new ConnectionConfig

    • createPooledConnectionFactory

      protected PooledConnectionFactory createPooledConnectionFactory(String name, ConnectionConfig config)
      Returns a new pooled connection factory. Wires a SearchConnectionValidator by default.
      Parameters:
      name - of the connection pool
      config - to assign to the pool
      Returns:
      new blocking connection pool

    • createPooledConnectionFactory

      protected PooledConnectionFactory createPooledConnectionFactory(String name, ConnectionConfig config, SearchConnectionValidator validator)
      Returns a new pooled connection factory using the supplied search validator.
      Parameters:
      name - of the connection pool
      config - to assign to the pool
      validator - pool validator
      Returns:
      new blocking connection pool

    • createPooledConnectionFactory

      protected PooledConnectionFactory createPooledConnectionFactory(String name, ConnectionConfig config, SearchConnectionValidator validator, ConnectionPassivator passivator)
      Returns a new pooled connection factory using the supplied search validator and passivator. Note that a LDAPAuthenticationFactoryBean.PassivatorType.BIND uses the configured bindDn and bindDnCredential.
      Parameters:
      name - of the connection pool
      config - to assign to the pool
      validator - pool validator
      passivator - pool passivator
      Returns:
      new blocking connection pool

    • createSearchConnectionValidator

      @Nonnull protected SearchConnectionValidator createSearchConnectionValidator(@Nullable String baseDn, @Nullable String filter)
      Create SearchConnectionValidator.
      Parameters:
      baseDn - base DN
      filter - search filter
      Returns:
      the validator

    • createConnectionPassivator

      @Nullable protected ConnectionPassivator createConnectionPassivator(@Nonnull LDAPAuthenticationFactoryBean.PassivatorType type)
      Creates ConnectionPassivator object.
      Parameters:
      type - type to create
      Returns:
      the created object

    • createInstance

      @Nonnull protected Authenticator createInstance() throws Exception
      Specified by:
      createInstance in class AbstractFactoryBean<Authenticator>
      Throws:
      Exception

    • destroyInstance

      protected void destroyInstance(@Nullable Authenticator instance)
      Overrides:
      destroyInstance in class AbstractFactoryBean<Authenticator>

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getObjectType

      public Class<?> getObjectType()
      Specified by:
      getObjectType in interface FactoryBean<Authenticator>
      Specified by:
      getObjectType in class AbstractFactoryBean<Authenticator>