com.raritantechnologies.security
Class LdapSecurityManager

java.lang.Object
  com.raritantechnologies.searchApp.SecurityManager
      com.raritantechnologies.security.LdapSecurityManager

All Implemented Interfaces:

ISecurityManager

public class LdapSecurityManager

extends SecurityManager

implements ISecurityManager

Performs LDAP user authentication.

XML Configuration Template:

  <SecurityManager name="MyLDAPManager" class="com.raritantechnologies.security.LdapSecurityManager"
                      usePasswordAuthentication="[true(default)|false]" >
    <params>
      <param name="PrimaryLDAPServer"         value="[the primary LDAP server uri]" />
      <param name="SecondaryLDAPServer"       value="[the secondary LDAP server]" />
      <param name="LDAP_SEARCH_DN"            value="[LDAP search domain name]" />
      <param name="LDAP_SEARCH_DN_USER"       value="[LDAP search domain name uid field]" />
      <param name="LDAP_SEARCH_FILTER"        value="[User defined LDAP search filter string]" />
      <param name="LDAP_ACCOUNT_DN"           value="[dn of LDAP account to use for seaching]" />
      <param name="LDAP_ACCOUNT_USERID"       value="[userid of LDAP account to use for seaching]" />
      <param name="LDAP_ACCOUNT_PASSWORD"     value="[password of LDAP account to use for seaching]" />
      <param name="LDAP_ACCOUNT_PASSWORD_ENC" value="[encrypted password of LDAP account to use for seaching]" />
      <param name="LDAP_GROUP_DN_ROOT"        value="[root/suffix under which LDAP groups are stored]" />
      <param name="LDAP_GROUP_SEARCH_STRING"  value="[search string w/i a DN to determine if a group]" />
      <param name="MUST_BE_IN_LDAP_GROUP"     value="[true|false]" />
      <param name="LDAP_USERID_ATTRIBUTE"     value="[uid/user/member attribute used to store user name within a group entry]" />
      <param name="alternateLoginName"        value="[ optional ILoginInfo attribute used as user name ]"/>
      <param name="LDAPVersion"               value="[LDAP version]" />
      <param name="LDAPPort"                  value="[LDAP port]" />
      <param name="usePasswordAuthentication" value="[true(default)|false - if true uses User Password to authenticate ]"
      <param name="SSLTrustCertificate"       value="[SSL TrustStore certificate]" 
      <param name="SSLTrustPassword"          value="[SSL TrustStore password]" />
      <param name="RetrievedLDAPAttributes"   value="[ comma separated list of LDAP attributes to add to user login as user attributes ]"
    </params>

  </SecurityManager>
 

Developed by Raritan Technologies .

Author:

Ted Sullivan, Glenn Robitaille

Field Summary

protected java.lang.String	alternateLoginName
protected java.lang.String	ldap_account_dn
protected java.lang.String	ldap_account_password
protected java.lang.String	ldap_account_userid
protected java.lang.String	ldap_group_dn_root
protected java.lang.String	ldap_group_search_string
protected java.lang.String	ldap_userid_attribute
protected int	LDAPPort
protected int	LDAPVersion
protected boolean	must_be_in_ldap_group
protected java.lang.String	primaryServer
protected java.lang.String	search_dn
protected java.lang.String	search_dn_user
protected java.lang.String	search_filter
protected java.lang.String	secondaryServer
protected java.lang.String	sUserDN
protected boolean	usePasswordAuthentication

Fields inherited from class com.raritantechnologies.searchApp.SecurityManager

defaultIsPublic

Constructor Summary

LdapSecurityManager()

Method Summary

SourceLoginInfo[]	getAvailableSources(ILoginInfo userInfo) Returns a list of available search sources for the user.
protected java.lang.String	getPassword(ILoginInfo userInfo)
SourceLoginInfo	getSourceLogin(ILoginInfo userInfo, java.lang.String sourceName, SecurityModel secMod) Returns source login info for a given user / source
ILoginInfo	getSourceLoginInfo(ILoginInfo userInfo, java.lang.String sourceName, SecurityModel secMod) returns valid source LoginInfo for the User or null if fails.
ILoginInfo	getUser(java.lang.String sessionID)
protected java.lang.String	getUserName(ILoginInfo userInfo)
void	initialize(org.w3c.dom.Element elem)
void	initialize(java.util.Map params)
void	registerUser(java.lang.String sessionID, ILoginInfo loginInfo)
void	removeUser(java.lang.String sessionID)
boolean	validate(ILoginInfo user) perform LDAP authentication

Methods inherited from class com.raritantechnologies.searchApp.SecurityManager

canAccess, filterResult, getCipherInputStream, getCipherOutputStream, getFullTextIndexKey, getStoredCertificate, getStoredKey, isPublic, setFullTextIndexKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.raritantechnologies.searchApp.ISecurityManager

canAccess, filterResult, getCipherInputStream, getCipherOutputStream, getStoredCertificate, getStoredKey, isPublic

Field Detail

primaryServer

protected java.lang.String primaryServer

secondaryServer

protected java.lang.String secondaryServer

LDAPPort

protected int LDAPPort

search_dn

protected java.lang.String search_dn

search_dn_user

protected java.lang.String search_dn_user

search_filter

protected java.lang.String search_filter

LDAPVersion

protected int LDAPVersion

ldap_account_dn

protected java.lang.String ldap_account_dn

ldap_account_userid

protected java.lang.String ldap_account_userid

ldap_account_password

protected java.lang.String ldap_account_password

ldap_group_dn_root

protected java.lang.String ldap_group_dn_root

ldap_group_search_string

protected java.lang.String ldap_group_search_string

must_be_in_ldap_group

protected boolean must_be_in_ldap_group

ldap_userid_attribute

protected java.lang.String ldap_userid_attribute

sUserDN

protected java.lang.String sUserDN

usePasswordAuthentication

protected boolean usePasswordAuthentication

alternateLoginName

protected java.lang.String alternateLoginName

Constructor Detail

LdapSecurityManager

public LdapSecurityManager()

Method Detail

initialize

public void initialize(java.util.Map params)

Specified by:

initialize in interface ISecurityManager

Overrides:

initialize in class SecurityManager

initialize

public void initialize(org.w3c.dom.Element elem)

Specified by:

initialize in interface ISecurityManager

Overrides:

initialize in class SecurityManager

validate

public boolean validate(ILoginInfo user)

perform LDAP authentication

Specified by:

validate in interface ISecurityManager

Parameters:

user - User information for user executing query

registerUser

public void registerUser(java.lang.String sessionID,
                         ILoginInfo loginInfo)

Specified by:

registerUser in interface ISecurityManager

getUser

public ILoginInfo getUser(java.lang.String sessionID)

Specified by:

getUser in interface ISecurityManager

removeUser

public void removeUser(java.lang.String sessionID)

Specified by:

removeUser in interface ISecurityManager

getAvailableSources

public SourceLoginInfo[] getAvailableSources(ILoginInfo userInfo)

Returns a list of available search sources for the user. The returned objects contain security information needed to validate the user against each source.

Specified by:

getAvailableSources in interface ISecurityManager

getSourceLogin

public SourceLoginInfo getSourceLogin(ILoginInfo userInfo,
                                      java.lang.String sourceName,
                                      SecurityModel secMod)

Returns source login info for a given user / source

Specified by:

getSourceLogin in interface ISecurityManager

getSourceLoginInfo

public ILoginInfo getSourceLoginInfo(ILoginInfo userInfo,
                                     java.lang.String sourceName,
                                     SecurityModel secMod)

returns valid source LoginInfo for the User or null if fails.

Specified by:

getSourceLoginInfo in interface ISecurityManager

getUserName

protected java.lang.String getUserName(ILoginInfo userInfo)

getPassword

protected java.lang.String getPassword(ILoginInfo userInfo)