Package org.wildfly.security.auth.realm.ldap

Interface CredentialPersister

public interface CredentialPersister

Within LDAP credentials could be stored in different ways, splitting out a CredentialPersister allows different strategies to be plugged into the realm.

Author:

Jan Kalina

Method Summary

Modifier and Type	Method	Description
default void	addBinaryIdentityAttributes(Collection<String> attributes)	Construct set of LDAP attributes, which should be loaded as binary data.
default void	addRequiredIdentityAttributes(Collection<String> attributes)	Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.
IdentityCredentialPersister	forIdentity(DirContext dirContext, String distinguishedName, Attributes attributes)	Obtain an IdentityCredentialLoader to query the credentials for a specific identity.
SupportLevel	getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)	Determine whether a given credential is definitely supported, possibly supported (for some identities), or definitely not supported.

Method Detail

forIdentity

IdentityCredentialPersister forIdentity(DirContext dirContext,
                                        String distinguishedName,
                                        Attributes attributes)
                                 throws RealmUnavailableException

Obtain an IdentityCredentialLoader to query the credentials for a specific identity. Note: By this point referrals relating to the identity should have been resolved so the DirContextFactory should be suitable for use with the supplied distinguishedName

Parameters:

dirContext - the DirContext to use to connect to LDAP.

distinguishedName - the distinguished name of the identity.

attributes - the identity attributes requested by addRequiredIdentityAttributes(Collection)

Returns:

An IdentityCredentialLoader for the specified identity identified by their distinguished name.

Throws:

RealmUnavailableException

getCredentialAcquireSupport

SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType,
                                         String algorithmName,
                                         AlgorithmParameterSpec parameterSpec)
                                  throws RealmUnavailableException

Determine whether a given credential is definitely supported, possibly supported (for some identities), or definitely not supported.

A DirContextFactory is made available if the directory server is going to be queried but most likely this call will need to be generic as querying a whole directory is not realistic.

Note: The DirContextFactory approach will be evolved further for better referral support so it makes it easier for it to be passed in for each call.

Parameters:

credentialType - the credential type (must not be null)

algorithmName - the credential algorithm name

parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters

Returns:

the level of support for this credential type

Throws:

RealmUnavailableException

addRequiredIdentityAttributes

default void addRequiredIdentityAttributes(Collection<String> attributes)

Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.

Parameters:

attributes - output collection of attributes names, into which should be added

addBinaryIdentityAttributes

default void addBinaryIdentityAttributes(Collection<String> attributes)

Construct set of LDAP attributes, which should be loaded as binary data. Should be subset of CredentialLoader.addRequiredIdentityAttributes(java.util.Collection<java.lang.String>) output.

Parameters:

attributes - output collection of attributes names, into which should be added