org.jasig.cas.adaptors.ldap

Class BindLdapAuthenticationHandler

java.lang.Object

org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler

org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler

org.jasig.cas.adaptors.ldap.AbstractLdapUsernamePasswordAuthenticationHandler

org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler

All Implemented Interfaces:

AuthenticationHandler, NamedAuthenticationHandler, org.springframework.beans.factory.InitializingBean

public class BindLdapAuthenticationHandler
extends AbstractLdapUsernamePasswordAuthenticationHandler

Performs LDAP authentication via two distinct steps:

1. Search for an LDAP DN using arbitrary search filter.
2. Bind using DN in first step with password provided by login Webflow.

The search step is typically performed anonymously or using a constant authenticated context such as an administrator username/password or client certificate. This step is suitable for LDAP connection pooling to improve efficiency and performance.

Since:

3.0.3

Version:

$Revision$ $Date$

Author:

Scott Battaglia

Field Summary

Fields inherited from class org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler

log

Constructor Summary

Constructors

Constructor and Description
BindLdapAuthenticationHandler()

Method Summary

Methods

Modifier and Type	Method and Description
protected boolean	authenticateUsernamePasswordInternal(UsernamePasswordCredentials credentials)
protected String	composeCompleteDnToCheck(String dn, UsernamePasswordCredentials credentials)
protected int	getMaxNumberResults() Method to return the max number of results allowed.
protected int	getScope() Method to return the scope.
protected String	getSearchBase() Method to return the search base.
protected int	getTimeout() Method to return the timeout.
protected boolean	isAllowMultipleAccounts() Method to return whether multiple accounts are allowed.
void	setAllowMultipleAccounts(boolean allowMultipleAccounts)
void	setMaxNumberResults(int maxNumberResults)
void	setScope(int scope)
void	setSearchBase(String searchBase)
void	setSearchContextSource(org.springframework.ldap.core.ContextSource contextSource) Sets the context source for LDAP searches.
void	setTimeout(int timeout)

Methods inherited from class org.jasig.cas.adaptors.ldap.AbstractLdapUsernamePasswordAuthenticationHandler

afterPropertiesSet, afterPropertiesSetInternal, getContextSource, getFilter, getLdapTemplate, handleLdapError, setContextSource, setFilter, setIgnorePartialResultException, setLdapErrorDefinitions, setLdapTemplate

Methods inherited from class org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler

doAuthentication, getPasswordEncoder, getPrincipalNameTransformer, setClassToSupport, setPasswordEncoder, setPrincipalNameTransformer, setSupportSubClasses, supports

Methods inherited from class org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler

authenticate, getName, postAuthenticate, preAuthenticate, setName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BindLdapAuthenticationHandler

public BindLdapAuthenticationHandler()

Method Detail

authenticateUsernamePasswordInternal

protected final boolean authenticateUsernamePasswordInternal(UsernamePasswordCredentials credentials)
                                                      throws AuthenticationException

Specified by:

authenticateUsernamePasswordInternal in class AbstractUsernamePasswordAuthenticationHandler

Throws:

AuthenticationException

composeCompleteDnToCheck

protected String composeCompleteDnToCheck(String dn,
                              UsernamePasswordCredentials credentials)

isAllowMultipleAccounts

protected boolean isAllowMultipleAccounts()

Method to return whether multiple accounts are allowed.

Returns:

true if multiple accounts are allowed, false otherwise.

getMaxNumberResults

protected int getMaxNumberResults()

Method to return the max number of results allowed.

Returns:

the maximum number of results.

getScope

protected int getScope()

Method to return the scope.

Returns:

the scope

getSearchBase

protected String getSearchBase()

Method to return the search base.

Returns:

the search base.

getTimeout

protected int getTimeout()

Method to return the timeout.

Returns:

the timeout.

setScope

public final void setScope(int scope)

setAllowMultipleAccounts

public void setAllowMultipleAccounts(boolean allowMultipleAccounts)

Parameters:

allowMultipleAccounts - The allowMultipleAccounts to set.

setMaxNumberResults

public final void setMaxNumberResults(int maxNumberResults)

Parameters:

maxNumberResults - The maxNumberResults to set.

setSearchBase

public final void setSearchBase(String searchBase)

Parameters:

searchBase - The searchBase to set.

setTimeout

public final void setTimeout(int timeout)

Parameters:

timeout - The timeout to set.

setSearchContextSource

public final void setSearchContextSource(org.springframework.ldap.core.ContextSource contextSource)

Sets the context source for LDAP searches. This method may be used to support use cases like the following:

• Pooling of LDAP connections used for searching (e.g. via instance of PoolingContextSource).
• Searching with client certificate credentials.

If this is not defined, the context source defined by AbstractLdapUsernamePasswordAuthenticationHandler.setContextSource(ContextSource) is used.

Parameters:

contextSource - LDAP context source.