Package org.wildfly.security.auth.realm.ldap

Interface CredentialPersister

  • public interface CredentialPersister
    Within LDAP credentials could be stored in different ways, splitting out a CredentialPersister allows different strategies to be plugged into the realm.
    Author:
    Jan Kalina

    • Method Detail

      • getCredentialAcquireSupport

        SupportLevel getCredentialAcquireSupport​(Class<? extends Credential> credentialType,
                                         String algorithmName,
                                         AlgorithmParameterSpec parameterSpec)
                                  throws RealmUnavailableException
        Determine whether a given credential is definitely supported, possibly supported (for some identities), or definitely not supported.

        A DirContextFactory is made available if the directory server is going to be queried but most likely this call will need to be generic as querying a whole directory is not realistic.

        Note: The DirContextFactory approach will be evolved further for better referral support so it makes it easier for it to be passed in for each call.

        Parameters:
        credentialType - the credential type (must not be null)
        algorithmName - the credential algorithm name
        parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
        Returns:
        the level of support for this credential type
        Throws:
        RealmUnavailableException

      • forIdentity

        default org.wildfly.security.auth.realm.ldap.IdentityCredentialLoader forIdentity​(DirContext dirContext,
                                                                                  String distinguishedName,
                                                                                  Attributes attributes,
                                                                                  Encoding hashEncoding)
                                                                           throws RealmUnavailableException
        Obtain an IdentityCredentialLoader to query the credentials for a specific identity.

        Note: By this point referrals relating to the identity should have been resolved so the DirContextFactory should be suitable for use with the supplied distinguishedName

        Parameters:
        dirContext - the DirContext to use to connect to LDAP.
        distinguishedName - the distinguished name of the identity.
        attributes - the identity attributes requested by addRequiredIdentityAttributes(Collection)
        hashEncoding - specifies the string format for the hashed password
        Returns:
        An IdentityCredentialLoader for the specified identity identified by their distinguished name.
        Throws:
        RealmUnavailableException

      • addRequiredIdentityAttributes

        default void addRequiredIdentityAttributes​(Collection<String> attributes)
        Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.
        Parameters:
        attributes - output collection of attributes names, into which should be added

      • addBinaryIdentityAttributes

        default void addBinaryIdentityAttributes​(Collection<String> attributes)
        Construct set of LDAP attributes, which should be loaded as binary data. Should be subset of CredentialLoader.addRequiredIdentityAttributes(java.util.Collection<java.lang.String>) output.
        Parameters:
        attributes - output collection of attributes names, into which should be added