Package net.shibboleth.idp.authn.config

Class LDAPAuthenticationFactoryBean

java.lang.Object
org.springframework.beans.factory.config.AbstractFactoryBean<Authenticator>
net.shibboleth.idp.authn.config.LDAPAuthenticationFactoryBean
All Implemented Interfaces:
Aware, BeanClassLoaderAware, BeanFactoryAware, DisposableBean, FactoryBean<Authenticator>, InitializingBean
public class LDAPAuthenticationFactoryBean extends AbstractFactoryBean<Authenticator>
LDAP Authentication configuration. See ldap-authn-config.xml

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • authenticatorType

      private LDAPAuthenticationFactoryBean.AuthenticatorType authenticatorType
      Type of authenticator to configure.

    • trustType

      private LDAPAuthenticationFactoryBean.TrustType trustType
      Type of trust model to configure.

    • connectionStrategyType

      private LDAPAuthenticationFactoryBean.ConnectionStrategyType connectionStrategyType
      Type of connection strategy to configure.

    • ldapUrl

      private String ldapUrl
      LDAP URL.

    • useStartTLS

      private boolean useStartTLS
      Whether to use startTLS for connections.

    • useSSL

      private boolean useSSL
      Whether to use LDAPS for connections.

    • disableHostnameVerification

      private boolean disableHostnameVerification
      Whether to use the allow-all hostname verifier.

    • connectTimeout

      private Duration connectTimeout
      Wait time for connects.

    • responseTimeout

      private Duration responseTimeout
      Wait time for operation responses.

    • trustCertificatesCredentialConfig

      private CredentialConfig trustCertificatesCredentialConfig
      Trust configuration when using certificate based trust.

    • truststoreCredentialConfig

      private CredentialConfig truststoreCredentialConfig
      Trust configuration when using truststore based trust.

    • disablePooling

      private boolean disablePooling
      Whether to disable connection pooling for both binds and searches.

    • blockWaitTime

      private Duration blockWaitTime
      Wait time for getting a connection from the pool.

    • minPoolSize

      private int minPoolSize
      Minimum pool size.

    • maxPoolSize

      private int maxPoolSize
      Maximum pool size.

    • validateOnCheckout

      private boolean validateOnCheckout
      Whether to validate connections when checked out from the pool.

    • validatePeriodically

      private boolean validatePeriodically
      Whether to validate connections periodically on a background thread.

    • validatePeriod

      private Duration validatePeriod
      Period at which to validate periodically.

    • validateDn

      private String validateDn
      DN to perform connection pool validation against.

    • validateFilter

      private String validateFilter
      Filter to execute against validateDn.

    • bindPoolPassivatorType

      private LDAPAuthenticationFactoryBean.PassivatorType bindPoolPassivatorType
      Type of passivator to configure for the bind pool.

    • prunePeriod

      private Duration prunePeriod
      Period at which to check and enforce the idle time.

    • idleTime

      private Duration idleTime
      Time at which a connection has been idle and should be removed from the pool.

    • dnFormat

      private String dnFormat
      Java format string used to construct an LDAP DN. See String.format(String, Object...).

    • baseDn

      private String baseDn
      Base DN used to search for users.

    • userFilter

      private String userFilter
      LDAP filter used to search for users.

    • subtreeSearch

      private boolean subtreeSearch
      Whether to use a SUBTREE search with the baseDn.

    • resolveEntryOnFailure

      private boolean resolveEntryOnFailure
      Whether to return the LDAP entry even if the user BIND fails.

    • resolveEntryWithBindDn

      private boolean resolveEntryWithBindDn
      Whether to resolve the user entry with the bind credentials.

    • velocityEngine

      private org.apache.velocity.app.VelocityEngine velocityEngine
      Velocity engine used to materialize the LDAP filter.

    • bindDn

      private String bindDn
      Privileged entry used to search for users.

    • bindDnCredential

      private String bindDnCredential
      Credential for the privileged entry.

    • usePasswordPolicy

      private boolean usePasswordPolicy
      Whether to use the password policy control with the BIND operation. See draft-behera-ldap-password-policy.

    • usePasswordExpiration

      private boolean usePasswordExpiration
      Whether to use the password expiration control with the BIND operation. See draft-vchu-ldap-pwd-policy.

    • isActiveDirectory

      private boolean isActiveDirectory
      Whether to use account state data as defined by active directory diagnostic messages.

    • isFreeIPA

      private boolean isFreeIPA
      Whether to use account state data as defined by the FreeIPA directory schema.

    • isEDirectory

      private boolean isEDirectory
      Whether to use account state data as defined by the EDirectory schema.

    • accountStateExpirationPeriod

      private Period accountStateExpirationPeriod
      Authentication handler account state expiration period.

    • accountStateWarningPeriod

      private Period accountStateWarningPeriod
      Authentication handler account state warning period.

    • accountStateLoginFailures

      private int accountStateLoginFailures
      Authentication handler account state login failures.

  • Constructor Details

    • LDAPAuthenticationFactoryBean

      public LDAPAuthenticationFactoryBean()

  • Method Details

    • setAuthenticatorType

      public void setAuthenticatorType(@Nonnull @NotEmpty String type)

    • setTrustType

      public void setTrustType(@Nonnull @NotEmpty String type)

    • setConnectionStrategyType

      public void setConnectionStrategyType(@Nonnull @NotEmpty String type)

    • setLdapUrl

      public void setLdapUrl(@Nullable @NotEmpty String url)

    • setUseStartTLS

      public void setUseStartTLS(boolean b)

    • setUseSSL

      public void setUseSSL(boolean b)

    • setDisableHostnameVerification

      public void setDisableHostnameVerification(boolean b)

    • setConnectTimeout

      public void setConnectTimeout(@Nullable Duration timeout)

    • setResponseTimeout

      public void setResponseTimeout(@Nullable Duration timeout)

    • setTrustCertificatesCredentialConfig

      public void setTrustCertificatesCredentialConfig(CredentialConfig config)

    • setTruststoreCredentialConfig

      public void setTruststoreCredentialConfig(CredentialConfig config)

    • setDisablePooling

      public void setDisablePooling(boolean b)

    • setBlockWaitTime

      public void setBlockWaitTime(@Nullable Duration time)

    • setMinPoolSize

      public void setMinPoolSize(int size)

    • setMaxPoolSize

      public void setMaxPoolSize(int size)

    • setValidateOnCheckout

      public void setValidateOnCheckout(boolean b)

    • setValidatePeriodically

      public void setValidatePeriodically(boolean b)

    • setValidatePeriod

      public void setValidatePeriod(@Nullable Duration period)

    • setValidateDn

      public void setValidateDn(String dn)

    • setValidateFilter

      public void setValidateFilter(String filter)

    • setBindPoolPassivatorType

      public void setBindPoolPassivatorType(@Nonnull @NotEmpty String type)

    • setPrunePeriod

      public void setPrunePeriod(@Nullable Duration period)

    • setIdleTime

      public void setIdleTime(@Nullable Duration time)

    • setDnFormat

      public void setDnFormat(String format)

    • setBaseDn

      public void setBaseDn(String dn)

    • setUserFilter

      public void setUserFilter(String filter)

    • setSubtreeSearch

      public void setSubtreeSearch(boolean b)

    • setResolveEntryOnFailure

      public void setResolveEntryOnFailure(boolean b)

    • setResolveEntryWithBindDn

      public void setResolveEntryWithBindDn(boolean b)

    • setVelocityEngine

      public void setVelocityEngine(org.apache.velocity.app.VelocityEngine engine)

    • setBindDn

      public void setBindDn(String dn)

    • setBindDnCredential

      public void setBindDnCredential(String credential)

    • setUsePasswordPolicy

      public void setUsePasswordPolicy(boolean b)

    • setUsePasswordExpiration

      public void setUsePasswordExpiration(boolean b)

    • setActiveDirectory

      public void setActiveDirectory(boolean b)

    • setFreeIPA

      public void setFreeIPA(boolean b)

    • setEDirectory

      public void setEDirectory(boolean b)

    • setAccountStateExpirationPeriod

      public void setAccountStateExpirationPeriod(@Nullable Period period)

    • setAccountStateWarningPeriod

      public void setAccountStateWarningPeriod(@Nullable Period period)

    • setAccountStateLoginFailures

      public void setAccountStateLoginFailures(int loginFailures)

    • createSslConfig

      protected SslConfig createSslConfig()
      Returns a new SslConfig object derived from the configured trustType. Default uses JVM trust.
      Returns:
      new SslConfig

    • createConnectionConfig

      protected ConnectionConfig createConnectionConfig()
      Returns a new ConnectionConfig without a connection initializer.
      Returns:
      new ConnectionConfig

    • createConnectionConfig

      protected ConnectionConfig createConnectionConfig(@Nullable ConnectionInitializer initializer)
      Returns a new ConnectionConfig with the supplied connection initializer.
      Parameters:
      initializer - to configure or null
      Returns:
      new ConnectionConfig

    • createConnectionPool

      protected BlockingConnectionPool createConnectionPool(String name, ConnectionConfig config)
      Returns a new blocking connection pool. Wires a SearchValidator by default.
      Parameters:
      name - of the connection pool
      config - to assign to the pool
      Returns:
      new blocking connection pool

    • createConnectionPool

      protected BlockingConnectionPool createConnectionPool(String name, ConnectionConfig config, SearchValidator validator)
      Returns a new blocking connection pool using the supplied search validator.
      Parameters:
      name - of the connection pool
      config - to assign to the pool
      validator - pool validator
      Returns:
      new blocking connection pool

    • createConnectionPool

      protected BlockingConnectionPool createConnectionPool(String name, ConnectionConfig config, SearchValidator validator, Passivator passivator)
      Returns a new blocking connection pool using the supplied search validator and passivator type. Note that a LDAPAuthenticationFactoryBean.PassivatorType.BIND uses the configured bindDn and bindDnCredential.
      Parameters:
      name - of the connection pool
      config - to assign to the pool
      validator - pool validator
      passivator - pool passivator
      Returns:
      new blocking connection pool

    • createSearchValidator

      protected SearchValidator createSearchValidator(String baseDn, String filter)

    • createPoolPassivator

      protected Passivator createPoolPassivator(LDAPAuthenticationFactoryBean.PassivatorType type)

    • createInstance

      protected Authenticator createInstance() throws Exception
      Specified by:
      createInstance in class AbstractFactoryBean<Authenticator>
      Throws:
      Exception

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getObjectType

      public Class<?> getObjectType()
      Specified by:
      getObjectType in interface FactoryBean<Authenticator>
      Specified by:
      getObjectType in class AbstractFactoryBean<Authenticator>