br.eti.arthurgregorio.shiroee.realm

Class LdapSecurityRealm

java.lang.Object

org.apache.shiro.realm.CachingRealm

org.apache.shiro.realm.AuthenticatingRealm

org.apache.shiro.realm.AuthorizingRealm

org.apache.shiro.realm.ldap.DefaultLdapRealm

br.eti.arthurgregorio.shiroee.realm.LdapSecurityRealm

All Implemented Interfaces:

org.apache.shiro.authc.LogoutAware, org.apache.shiro.authz.Authorizer, org.apache.shiro.authz.permission.PermissionResolverAware, org.apache.shiro.authz.permission.RolePermissionResolverAware, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.realm.Realm, org.apache.shiro.util.Initializable, org.apache.shiro.util.Nameable

public class LdapSecurityRealm
extends org.apache.shiro.realm.ldap.DefaultLdapRealm

The base implementation for authenticate users throug a LDAP/AD repository

Since:

1.0.0, 28/12/2017

Version:

1.0.0

Author:

Arthur Gregorio

Constructor Summary

Constructors

Constructor and Description
LdapSecurityRealm(LdapUserProvider ldapUserProvider, AuthenticationMechanism mechanism) The constructor

Method Summary

Modifier and Type	Method and Description
protected String	getUserDn(String principal)
protected org.apache.shiro.authc.AuthenticationInfo	queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.realm.ldap.LdapContextFactory factory)
protected org.apache.shiro.authz.AuthorizationInfo	queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection principalCollection, org.apache.shiro.realm.ldap.LdapContextFactory factory)

Methods inherited from class org.apache.shiro.realm.ldap.DefaultLdapRealm

createAuthenticationInfo, doGetAuthenticationInfo, doGetAuthorizationInfo, getContextFactory, getLdapPrincipal, getUserDnPrefix, getUserDnSuffix, getUserDnTemplate, setContextFactory, setUserDnTemplate

Methods inherited from class org.apache.shiro.realm.AuthorizingRealm

afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, onInit, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver

Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm

assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports

Methods inherited from class org.apache.shiro.realm.CachingRealm

clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shiro.util.Initializable

init

Constructor Detail

LdapSecurityRealm

public LdapSecurityRealm(LdapUserProvider ldapUserProvider,
                         AuthenticationMechanism mechanism)

The constructor

Parameters:

ldapUserProvider - the provider used to bind users on the LDAP/AD

mechanism - the authentication mechanism used to verify the accounts before sending them to authenticate throug LDAP/AD. With this mechanism you can implement the two factor implementation where you have a bind account in your local database and use them to create in your application the permissions for the user. If this parameter is null a EmptyAuthenticationMechanism is used.

Method Detail

queryForAuthenticationInfo

protected org.apache.shiro.authc.AuthenticationInfo queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token,
                                                                               org.apache.shiro.realm.ldap.LdapContextFactory factory)
                                                                        throws NamingException

Overrides:

queryForAuthenticationInfo in class org.apache.shiro.realm.ldap.DefaultLdapRealm

Parameters:

token -

factory -

Returns:

Throws:

NamingException

queryForAuthorizationInfo

protected org.apache.shiro.authz.AuthorizationInfo queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection principalCollection,
                                                                             org.apache.shiro.realm.ldap.LdapContextFactory factory)
                                                                      throws NamingException

Overrides:

queryForAuthorizationInfo in class org.apache.shiro.realm.ldap.DefaultLdapRealm

Parameters:

principalCollection -

factory -

Returns:

Throws:

NamingException

getUserDn

protected String getUserDn(String principal)

Overrides:

getUserDn in class org.apache.shiro.realm.ldap.DefaultLdapRealm

Parameters:

principal -

Returns: