Class LDAPCredentialValidator

All Implemented Interfaces:
CredentialValidator, PrincipalSupportingComponent, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent

@ThreadSafeAfterInit
public class LDAPCredentialValidator
extends AbstractUsernamePasswordCredentialValidator
A password validator that authenticates against LDAP natively.
Since:
4.0.0
  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.
    • authenticator

      @Nonnull private Authenticator authenticator
      LDAP authenticator.
    • returnAttributes

      @Nullable private String[] returnAttributes
      Attributes to return from authentication.
    • passwordLookupStrategy

      @Nullable private Function<ProfileRequestContext,​char[]> passwordLookupStrategy
      Optional strategy for obtaining/transforming the password.
  • Constructor Details

    • LDAPCredentialValidator

      public LDAPCredentialValidator()
  • Method Details

    • getAuthenticator

      @NonnullAfterInit public Authenticator getAuthenticator()
      Returns the authenticator.
      Returns:
      authenticator
    • setAuthenticator

      public void setAuthenticator​(@Nonnull Authenticator auth)
      Sets the authenticator.
      Parameters:
      auth - to authenticate with
    • getReturnAttributes

      @Nullable public String[] getReturnAttributes()
      Returns the return attributes.
      Returns:
      attribute names
    • setReturnAttributes

      public void setReturnAttributes​(@Nullable String... attributes)
      Sets the return attributes.
      Parameters:
      attributes - attribute names
    • setPasswordLookupStrategy

      public void setPasswordLookupStrategy​(@Nullable Function<ProfileRequestContext,​char[]> strategy)
      Set a strategy function to produce the password to bind with.
      Parameters:
      strategy - strategy function
    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractIdentifiedInitializableComponent
      Throws:
      ComponentInitializationException
    • doValidate

      @Nullable protected Subject doValidate​(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nonnull UsernamePasswordContext usernamePasswordContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception
      Override method for subclasses to use to perform the actual validation.

      Any configured transforms will have been applied to populate the context with a transformed username prior to this method call.

      Specified by:
      doValidate in class AbstractUsernamePasswordCredentialValidator
      Parameters:
      profileRequestContext - profile request context
      authenticationContext - authentication context
      usernamePasswordContext - the username/password to validate
      warningHandler - optional warning handler interface
      errorHandler - optional error handler interface
      Returns:
      the validated result, or null if inapplicable
      Throws:
      Exception - if an error occurs
    • populateSubject

      @Nonnull protected Subject populateSubject​(@Nonnull UsernamePasswordContext usernamePasswordContext, @Nonnull AuthenticationResponse ldapResponse)
      Builds a new Subject populated with the necessary data.
      Parameters:
      usernamePasswordContext - input context
      ldapResponse - LDAP response data
      Returns:
      the subject to return