Package net.shibboleth.idp.authn.impl
Class LDAPCredentialValidator
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent
net.shibboleth.idp.authn.AbstractCredentialValidator
net.shibboleth.idp.authn.AbstractUsernamePasswordCredentialValidator
net.shibboleth.idp.authn.impl.LDAPCredentialValidator
- All Implemented Interfaces:
CredentialValidator,PrincipalSupportingComponent,Component,DestructableComponent,IdentifiableComponent,IdentifiedComponent,InitializableComponent
@ThreadSafeAfterInit
public class LDAPCredentialValidator
extends AbstractUsernamePasswordCredentialValidator
A password validator that authenticates against LDAP natively.
- Since:
- 4.0.0
-
Nested Class Summary
Nested classes/interfaces inherited from interface net.shibboleth.idp.authn.CredentialValidator
CredentialValidator.ErrorHandler, CredentialValidator.WarningHandler -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate AuthenticatorLDAP authenticator.private final org.slf4j.LoggerClass logger.private Function<ProfileRequestContext,char[]> Optional strategy for obtaining/transforming the password.private String[]Attributes to return from authentication. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidprotected voidprotected SubjectdoValidate(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext, UsernamePasswordContext usernamePasswordContext, CredentialValidator.WarningHandler warningHandler, CredentialValidator.ErrorHandler errorHandler) Override method for subclasses to use to perform the actual validation.Returns the authenticator.String[]Returns the return attributes.protected SubjectpopulateSubject(UsernamePasswordContext usernamePasswordContext, AuthenticationResponse ldapResponse) Builds a newSubjectpopulated with the necessary data.voidSets the authenticator.voidsetPasswordLookupStrategy(Function<ProfileRequestContext, char[]> strategy) Set a strategy function to produce the password to bind with.voidsetReturnAttributes(String... attributes) Sets the return attributes.Methods inherited from class net.shibboleth.idp.authn.AbstractUsernamePasswordCredentialValidator
applyTransforms, doValidate, populateSubject, savePasswordToCredentialSet, setLowercase, setMatchExpression, setSavePasswordToCredentialSet, setTransforms, setTrim, setUppercase, setUsernamePasswordContextLookupStrategyMethods inherited from class net.shibboleth.idp.authn.AbstractCredentialValidator
getLogPrefix, getSupportedPrincipals, isAcceptable, populateSubject, setActivationCondition, setId, setSupportedPrincipals, validateMethods inherited from class net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent
ensureId, getId, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentExceptionMethods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.shared.component.IdentifiedComponent
getId
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
authenticator
LDAP authenticator. -
returnAttributes
Attributes to return from authentication. -
passwordLookupStrategy
Optional strategy for obtaining/transforming the password.
-
-
Constructor Details
-
LDAPCredentialValidator
public LDAPCredentialValidator()
-
-
Method Details
-
getAuthenticator
Returns the authenticator.- Returns:
- authenticator
-
setAuthenticator
Sets the authenticator.- Parameters:
auth- to authenticate with
-
getReturnAttributes
Returns the return attributes.- Returns:
- attribute names
-
setReturnAttributes
Sets the return attributes.- Parameters:
attributes- attribute names
-
setPasswordLookupStrategy
Set a strategy function to produce the password to bind with.- Parameters:
strategy- strategy function
-
doInitialize
- Overrides:
doInitializein classAbstractIdentifiedInitializableComponent- Throws:
ComponentInitializationException
-
doDestroy
protected void doDestroy()- Overrides:
doDestroyin classAbstractInitializableComponent
-
doValidate
@Nullable protected Subject doValidate(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nonnull UsernamePasswordContext usernamePasswordContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception Override method for subclasses to use to perform the actual validation.Any configured transforms will have been applied to populate the context with a transformed username prior to this method call.
- Specified by:
doValidatein classAbstractUsernamePasswordCredentialValidator- Parameters:
profileRequestContext- profile request contextauthenticationContext- authentication contextusernamePasswordContext- the username/password to validatewarningHandler- optional warning handler interfaceerrorHandler- optional error handler interface- Returns:
- the validated result, or null if inapplicable
- Throws:
Exception- if an error occurs
-
populateSubject
@Nonnull protected Subject populateSubject(@Nonnull UsernamePasswordContext usernamePasswordContext, @Nonnull AuthenticationResponse ldapResponse) Builds a newSubjectpopulated with the necessary data.- Parameters:
usernamePasswordContext- input contextldapResponse- LDAP response data- Returns:
- the subject to return
-