Class LDAPAuthenticationFactoryBean

All Implemented Interfaces:
Aware, BeanClassLoaderAware, BeanFactoryAware, DisposableBean, FactoryBean<Authenticator>, InitializingBean

public class LDAPAuthenticationFactoryBean extends AbstractFactoryBean<Authenticator>
LDAP Authentication configuration. See ldap-authn-config.xml
  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.
    • authenticatorType

      Type of authenticator to configure.
    • trustType

      Type of trust model to configure.
    • connectionStrategyType

      Type of connection strategy to configure.
    • ldapUrl

      private String ldapUrl
      LDAP URL.
    • useStartTLS

      private boolean useStartTLS
      Whether to use startTLS for connections.
    • useSSL

      private boolean useSSL
      Whether to use LDAPS for connections.
    • disableHostnameVerification

      private boolean disableHostnameVerification
      Whether to use the allow-all hostname verifier.
    • connectTimeout

      private Duration connectTimeout
      Wait time for connects.
    • responseTimeout

      private Duration responseTimeout
      Wait time for operation responses.
    • trustCertificatesCredentialConfig

      private CredentialConfig trustCertificatesCredentialConfig
      Trust configuration when using certificate based trust.
    • truststoreCredentialConfig

      private CredentialConfig truststoreCredentialConfig
      Trust configuration when using truststore based trust.
    • disablePooling

      private boolean disablePooling
      Whether to disable connection pooling for both binds and searches.
    • blockWaitTime

      private Duration blockWaitTime
      Wait time for getting a connection from the pool.
    • minPoolSize

      private int minPoolSize
      Minimum pool size.
    • maxPoolSize

      private int maxPoolSize
      Maximum pool size.
    • validateOnCheckout

      private boolean validateOnCheckout
      Whether to validate connections when checked out from the pool.
    • validatePeriodically

      private boolean validatePeriodically
      Whether to validate connections periodically on a background thread.
    • validatePeriod

      private Duration validatePeriod
      Period at which to validate periodically.
    • validateDn

      private String validateDn
      DN to perform connection pool validation against.
    • validateFilter

      private String validateFilter
      Filter to execute against validateDn.
    • bindPoolPassivatorType

      private LDAPAuthenticationFactoryBean.PassivatorType bindPoolPassivatorType
      Type of passivator to configure for the bind pool.
    • prunePeriod

      private Duration prunePeriod
      Period at which to check and enforce the idle time.
    • idleTime

      private Duration idleTime
      Time at which a connection has been idle and should be removed from the pool.
    • dnFormat

      private String dnFormat
      Java format string used to construct an LDAP DN. See String.format(String, Object...).
    • baseDn

      private String baseDn
      Base DN used to search for users.
    • userFilter

      private String userFilter
      LDAP filter used to search for users.
    • subtreeSearch

      private boolean subtreeSearch
      Whether to use a SUBTREE search with the baseDn.
    • resolveEntryOnFailure

      private boolean resolveEntryOnFailure
      Whether to return the LDAP entry even if the user BIND fails.
    • resolveEntryWithBindDn

      private boolean resolveEntryWithBindDn
      Whether to resolve the user entry with the bind credentials.
    • velocityEngine

      private velocityEngine
      Velocity engine used to materialize the LDAP filter.
    • bindDn

      private String bindDn
      Privileged entry used to search for users.
    • bindDnCredential

      private String bindDnCredential
      Credential for the privileged entry.
    • usePasswordPolicy

      private boolean usePasswordPolicy
      Whether to use the password policy control with the BIND operation. See draft-behera-ldap-password-policy.
    • usePasswordExpiration

      private boolean usePasswordExpiration
      Whether to use the password expiration control with the BIND operation. See draft-vchu-ldap-pwd-policy.
    • isActiveDirectory

      private boolean isActiveDirectory
      Whether to use account state data as defined by active directory diagnostic messages.
    • isFreeIPA

      private boolean isFreeIPA
      Whether to use account state data as defined by the FreeIPA directory schema.
    • isEDirectory

      private boolean isEDirectory
      Whether to use account state data as defined by the EDirectory schema.
    • accountStateExpirationPeriod

      private Period accountStateExpirationPeriod
      Authentication handler account state expiration period.
    • accountStateWarningPeriod

      private Period accountStateWarningPeriod
      Authentication handler account state warning period.
    • accountStateLoginFailures

      private int accountStateLoginFailures
      Authentication handler account state login failures.
  • Constructor Details

    • LDAPAuthenticationFactoryBean

      public LDAPAuthenticationFactoryBean()
  • Method Details

    • setAuthenticatorType

      public void setAuthenticatorType(@Nonnull @NotEmpty String type)
    • setTrustType

      public void setTrustType(@Nonnull @NotEmpty String type)
    • setConnectionStrategyType

      public void setConnectionStrategyType(@Nonnull @NotEmpty String type)
    • setLdapUrl

      public void setLdapUrl(@Nullable @NotEmpty String url)
    • setUseStartTLS

      public void setUseStartTLS(boolean b)
    • setUseSSL

      public void setUseSSL(boolean b)
    • setDisableHostnameVerification

      public void setDisableHostnameVerification(boolean b)
    • setConnectTimeout

      public void setConnectTimeout(@Nullable Duration timeout)
    • setResponseTimeout

      public void setResponseTimeout(@Nullable Duration timeout)
    • setTrustCertificatesCredentialConfig

      public void setTrustCertificatesCredentialConfig(CredentialConfig config)
    • setTruststoreCredentialConfig

      public void setTruststoreCredentialConfig(CredentialConfig config)
    • setDisablePooling

      public void setDisablePooling(boolean b)
    • setBlockWaitTime

      public void setBlockWaitTime(@Nullable Duration time)
    • setMinPoolSize

      public void setMinPoolSize(int size)
    • setMaxPoolSize

      public void setMaxPoolSize(int size)
    • setValidateOnCheckout

      public void setValidateOnCheckout(boolean b)
    • setValidatePeriodically

      public void setValidatePeriodically(boolean b)
    • setValidatePeriod

      public void setValidatePeriod(@Nullable Duration period)
    • setValidateDn

      public void setValidateDn(String dn)
    • setValidateFilter

      public void setValidateFilter(String filter)
    • setBindPoolPassivatorType

      public void setBindPoolPassivatorType(@Nonnull @NotEmpty String type)
    • setPrunePeriod

      public void setPrunePeriod(@Nullable Duration period)
    • setIdleTime

      public void setIdleTime(@Nullable Duration time)
    • setDnFormat

      public void setDnFormat(String format)
    • setBaseDn

      public void setBaseDn(String dn)
    • setUserFilter

      public void setUserFilter(String filter)
    • setSubtreeSearch

      public void setSubtreeSearch(boolean b)
    • setResolveEntryOnFailure

      public void setResolveEntryOnFailure(boolean b)
    • setResolveEntryWithBindDn

      public void setResolveEntryWithBindDn(boolean b)
    • setVelocityEngine

      public void setVelocityEngine( engine)
    • setBindDn

      public void setBindDn(String dn)
    • setBindDnCredential

      public void setBindDnCredential(String credential)
    • setUsePasswordPolicy

      public void setUsePasswordPolicy(boolean b)
    • setUsePasswordExpiration

      public void setUsePasswordExpiration(boolean b)
    • setActiveDirectory

      public void setActiveDirectory(boolean b)
    • setFreeIPA

      public void setFreeIPA(boolean b)
    • setEDirectory

      public void setEDirectory(boolean b)
    • setAccountStateExpirationPeriod

      public void setAccountStateExpirationPeriod(@Nullable Period period)
    • setAccountStateWarningPeriod

      public void setAccountStateWarningPeriod(@Nullable Period period)
    • setAccountStateLoginFailures

      public void setAccountStateLoginFailures(int loginFailures)
    • createSslConfig

      protected SslConfig createSslConfig()
      Returns a new SslConfig object derived from the configured trustType. Default uses JVM trust.
      new SslConfig
    • createConnectionConfig

      protected ConnectionConfig createConnectionConfig()
      Returns a new ConnectionConfig without a connection initializer.
      new ConnectionConfig
    • createConnectionConfig

      protected ConnectionConfig createConnectionConfig(@Nullable ConnectionInitializer initializer)
      Returns a new ConnectionConfig with the supplied connection initializer.
      initializer - to configure or null
      new ConnectionConfig
    • createConnectionPool

      protected BlockingConnectionPool createConnectionPool(String name, ConnectionConfig config)
      Returns a new blocking connection pool. Wires a SearchValidator by default.
      name - of the connection pool
      config - to assign to the pool
      new blocking connection pool
    • createConnectionPool

      protected BlockingConnectionPool createConnectionPool(String name, ConnectionConfig config, SearchValidator validator)
      Returns a new blocking connection pool using the supplied search validator.
      name - of the connection pool
      config - to assign to the pool
      validator - pool validator
      new blocking connection pool
    • createConnectionPool

      protected BlockingConnectionPool createConnectionPool(String name, ConnectionConfig config, SearchValidator validator, Passivator passivator)
      Returns a new blocking connection pool using the supplied search validator and passivator type. Note that a LDAPAuthenticationFactoryBean.PassivatorType.BIND uses the configured bindDn and bindDnCredential.
      name - of the connection pool
      config - to assign to the pool
      validator - pool validator
      passivator - pool passivator
      new blocking connection pool
    • createSearchValidator

      protected SearchValidator createSearchValidator(String baseDn, String filter)
    • createPoolPassivator

      protected Passivator createPoolPassivator(LDAPAuthenticationFactoryBean.PassivatorType type)
    • createInstance

      protected Authenticator createInstance() throws Exception
      Specified by:
      createInstance in class AbstractFactoryBean<Authenticator>
    • toString

      public String toString()
      toString in class Object
    • getObjectType

      public Class<?> getObjectType()
      Specified by:
      getObjectType in interface FactoryBean<Authenticator>
      Specified by:
      getObjectType in class AbstractFactoryBean<Authenticator>