Class LDAPAuthenticationSchemeImpl
- java.lang.Object
-
- org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
-
- org.apache.derby.impl.jdbc.authentication.LDAPAuthenticationSchemeImpl
-
- All Implemented Interfaces:
UserAuthenticator
public final class LDAPAuthenticationSchemeImpl extends JNDIAuthenticationSchemeBase
This is the Derby LDAP authentication scheme implementation. JNDI system/environment properties can be set at the database level as database properties. They will be picked-up and set in the JNDI initial context if any are found. We do connect first to the LDAP server in order to retrieve the user's distinguished name (DN) and then we reconnect and try to authenticate with the user's DN and passed-in password. In 2.0 release, we first connect to do a search (user full DN lookup). This initial lookup can be done through anonymous bind or using special LDAP search credentials that the user may have configured on the LDAP settings for the database or the system. It is a typical operation with LDAP servers where sometimes it is hard to tell/guess in advance a users' full DN's. NOTE: In a future release, we will cache/maintain the user DN within the the Derby database or system to avoid the initial lookup. Also note that LDAP search/retrieval operations are usually very fast. The default LDAP url is ldap:/// (ldap://localhost:389/)- See Also:
UserAuthenticator
-
-
Field Summary
Fields Modifier and Type Field Description private static java.lang.String[]
attrDN
private static java.lang.String
dfltLDAPURL
private static java.lang.String
LDAP_LOCAL_USER_DN
private static java.lang.String
LDAP_SEARCH_AUTH_DN
private static java.lang.String
LDAP_SEARCH_AUTH_PW
private static java.lang.String
LDAP_SEARCH_BASE
private static java.lang.String
LDAP_SEARCH_FILTER
private static java.lang.String
LDAP_SEARCH_FILTER_USERNAME
private java.lang.String
leftSearchFilter
private java.lang.String
rightSearchFilter
private java.lang.String
searchAuthDN
private java.lang.String
searchAuthPW
private java.lang.String
searchBaseDN
private boolean
useUserPropertyAsDN
-
Fields inherited from class org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
authenticationService, initDirContextEnv, providerURL
-
-
Constructor Summary
Constructors Constructor Description LDAPAuthenticationSchemeImpl(JNDIAuthenticationService as, java.util.Properties dbProperties)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
authenticateUser(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName, java.util.Properties info)
Authenticate the passed-in user's credentials.protected java.lang.String
doFilterEscaping(java.lang.String inString)
Given an LDAP search string, returns the string with certain characters escaped according to RFC 2254 guidelines.private java.lang.String
getDNFromUID(java.lang.String uid)
Search for the full user's DN in the LDAP server.private javax.naming.directory.DirContext
privInitialDirContext(java.util.Properties env)
Call new InitialDirContext in a privilege blockprotected void
setJNDIProviderProperties()
This method basically tests and sets default/expected JNDI properties for the JNDI provider scheme (here it is LDAP).-
Methods inherited from class org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
getLoginSQLException
-
-
-
-
Field Detail
-
dfltLDAPURL
private static final java.lang.String dfltLDAPURL
- See Also:
- Constant Field Values
-
searchBaseDN
private java.lang.String searchBaseDN
-
leftSearchFilter
private java.lang.String leftSearchFilter
-
rightSearchFilter
private java.lang.String rightSearchFilter
-
useUserPropertyAsDN
private boolean useUserPropertyAsDN
-
searchAuthDN
private java.lang.String searchAuthDN
-
searchAuthPW
private java.lang.String searchAuthPW
-
attrDN
private static final java.lang.String[] attrDN
-
LDAP_SEARCH_BASE
private static final java.lang.String LDAP_SEARCH_BASE
- See Also:
- Constant Field Values
-
LDAP_SEARCH_FILTER
private static final java.lang.String LDAP_SEARCH_FILTER
- See Also:
- Constant Field Values
-
LDAP_SEARCH_AUTH_DN
private static final java.lang.String LDAP_SEARCH_AUTH_DN
- See Also:
- Constant Field Values
-
LDAP_SEARCH_AUTH_PW
private static final java.lang.String LDAP_SEARCH_AUTH_PW
- See Also:
- Constant Field Values
-
LDAP_LOCAL_USER_DN
private static final java.lang.String LDAP_LOCAL_USER_DN
- See Also:
- Constant Field Values
-
LDAP_SEARCH_FILTER_USERNAME
private static final java.lang.String LDAP_SEARCH_FILTER_USERNAME
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
LDAPAuthenticationSchemeImpl
public LDAPAuthenticationSchemeImpl(JNDIAuthenticationService as, java.util.Properties dbProperties)
-
-
Method Detail
-
authenticateUser
public boolean authenticateUser(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName, java.util.Properties info) throws java.sql.SQLException
Authenticate the passed-in user's credentials. We authenticate against a LDAP Server.- Parameters:
userName
- The user's name used to connect to JBMS systemuserPassword
- The user's password used to connect to JBMS systemdatabaseName
- The database which the user wants to connect to.info
- Additional jdbc connection info.- Returns:
- false if the connection request should be denied, true if the connection request should proceed. If false is returned the connection attempt will receive a SQLException with SQL State 08004.
- Throws:
java.sql.SQLException
- An exception processing the request, connection request will be denied. The SQL exception will be returned to the connection attempt.
-
doFilterEscaping
protected java.lang.String doFilterEscaping(java.lang.String inString)
Given an LDAP search string, returns the string with certain characters escaped according to RFC 2254 guidelines. Cribbed from org.apache.catalina.realm.JNDIRealm. The character mapping is as follows: char -> Replacement --------------------------- * -> \2a ( -> \28 ) -> \29 \ -> \5c \0 -> \00- Parameters:
inString
- string to escape according to RFC 2254 guidelines- Returns:
- String the escaped/encoded result
-
privInitialDirContext
private javax.naming.directory.DirContext privInitialDirContext(java.util.Properties env) throws javax.naming.NamingException
Call new InitialDirContext in a privilege block- Parameters:
env
- environment used to create the initial DirContext. Null indicates an empty environment.- Returns:
- an initial DirContext using the supplied environment.
- Throws:
javax.naming.NamingException
-
setJNDIProviderProperties
protected void setJNDIProviderProperties()
This method basically tests and sets default/expected JNDI properties for the JNDI provider scheme (here it is LDAP).- Specified by:
setJNDIProviderProperties
in classJNDIAuthenticationSchemeBase
-
getDNFromUID
private java.lang.String getDNFromUID(java.lang.String uid) throws javax.naming.NamingException
Search for the full user's DN in the LDAP server. LDAP server bind may or not be anonymous. If the admin does not want us to do anonymous bind/search, then we must have been given principal/credentials in order to successfully bind to perform the user's DN search.- Throws:
javax.naming.NamingException
- if could not retrieve the user DN.
-
-