public class JNDIRealm extends RealmBase
Implementation of Realm that works with a directory server accessed via the Java Naming and Directory Interface (JNDI) APIs. The following constraints are imposed on the data structure in the underlying directory server:
DirContext that is accessed
     via the connectionURL property.connectURL
     an attempt will be made to use the alternateURL if it
     exists.userPattern property.userPattern property is not
     specified, a unique element can be located by searching the directory
     context. In this case:
     userSearch pattern specifies the search filter
         after substitution of the username.userBase property can be set to the element that
         is the base of the subtree containing users.  If not specified,
         the search base is the top-level context.userSubtree property can be set to
         true if you wish to search the entire subtree of the
         directory context.  The default value of false
         requests a search of only the current level.userPassword property is not specified.userPassword
     property is specified, in which case:
     userPassword property.
     RealmBase.digest() method (using the standard digest
         support included in RealmBase).
     RealmBase.digest()) are equal to the retrieved value
         for the user password attribute.DirContext that is accessed via the
     connectionURL property.  This element has the following
     characteristics:
     roleSearch
         property.roleSearch pattern optionally includes pattern
         replacements "{0}" for the distinguished name, and/or "{1}" for
         the username, and/or "{2}" the value of an attribute from the
         user's directory entry (the attribute is specified by the
         userRoleAttribute property), of the authenticated user
         for which roles will be retrieved.roleBase property can be set to the element that
         is the base of the search for matching roles.  If not specified,
         the entire context will be searched.roleSubtree property can be set to
         true if you wish to search the entire subtree of the
         directory context.  The default value of false
         requests a search of only the current level.roleName property) containing the name of the
         role represented by this element.userRoleName property.commonRole property to the
 name of this role. The role doesn't have to exist in the directory.roleNested to true.
 The default value is false, so role searches will not find
 nested roles.<security-role-ref> element in
     the web application deployment descriptor allows applications to refer
     to roles programmatically by names other than those used in the
     directory server itself.WARNING - There is a reported bug against the Netscape provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to successfully authenticated a non-existing user. The report is here: https://bz.apache.org/bugzilla/show_bug.cgi?id=11210 . With luck, Netscape has updated their provider code and this is not an issue.
| Modifier and Type | Class and Description | 
|---|---|
| protected static class  | JNDIRealm.JNDIConnectionClass holding the connection to the directory plus the associated
 non thread safe message formats. | 
| protected static class  | JNDIRealm.UserA protected class representing a User | 
RealmBase.AllRolesModeLifecycle.SingleUse| Modifier and Type | Field and Description | 
|---|---|
| protected boolean | adCompatShould we ignore PartialResultExceptions when iterating over NamingEnumerations? | 
| protected String | alternateURLAn alternate URL, to which, we should connect if connectionURL fails. | 
| protected String | authenticationThe type of authentication to use | 
| protected String | commonRoleAdd this role to every authenticated user | 
| protected int | connectionAttemptThe number of connection attempts. | 
| protected String | connectionNameThe connection username for the server we will contact. | 
| protected String | connectionPasswordThe connection password for the server we will contact. | 
| protected SynchronizedStack<JNDIRealm.JNDIConnection> | connectionPoolConnection pool. | 
| protected int | connectionPoolSizeThe pool size limit. | 
| protected String | connectionTimeoutThe timeout, in milliseconds, to use when trying to create a connection
 to the directory. | 
| protected String | connectionURLThe connection URL for the server we will contact. | 
| protected String | contextFactoryThe JNDI context factory used to acquire our InitialContext. | 
| static String | DEREF_ALIASESConstant that holds the name of the environment property for specifying
 the manner in which aliases should be dereferenced. | 
| protected String | derefAliasesHow aliases should be dereferenced during search operations. | 
| protected static String | nameDeprecated. 
 This will be removed in Tomcat 9 onwards. | 
| protected String | protocolThe protocol that will be used in the communication with the
 directory server. | 
| protected String | readTimeoutThe timeout, in milliseconds, to use when trying to read from a connection
 to the directory. | 
| protected String | referralsHow should we handle referrals? | 
| protected String | roleBaseThe base element for role searches. | 
| protected String | roleNameThe name of the attribute containing roles held elsewhere | 
| protected boolean | roleNestedShould we look for nested group in order to determine roles? | 
| protected String | roleSearchThe message format used to select roles for a user, with "{0}" marking
 the spot where the distinguished name of the user goes. | 
| protected boolean | roleSearchAsUserWhen searching for user roles, should the search be performed as the user
 currently being authenticated? | 
| protected boolean | roleSubtreeShould we search the entire subtree for matching memberships? | 
| protected JNDIRealm.JNDIConnection | singleConnectionNon pooled connection to our directory server. | 
| protected Lock | singleConnectionLockThe lock to ensure single connection thread safety. | 
| protected long | sizeLimitThe sizeLimit (also known as the countLimit) to use when the realm is
 configured with  userSearch. | 
| protected String | spnegoDelegationQopThe QOP that should be used for the connection to the LDAP server after
 authentication. | 
| protected int | timeLimitThe timeLimit (in milliseconds) to use when the realm is configured with
  userSearch. | 
| protected boolean | useContextClassLoaderWhether to use context ClassLoader or default ClassLoader. | 
| protected boolean | useDelegatedCredentialShould delegated credentials from the SPNEGO authenticator be used if
 available | 
| protected String | userBaseThe base element for user searches. | 
| protected String | userPasswordThe attribute name used to retrieve the user password. | 
| protected String | userPatternThe message format used to form the distinguished name of a
 user, with "{0}" marking the spot where the specified username
 goes. | 
| protected String[] | userPatternArrayA string of LDAP user patterns or paths, ":"-separated
 These will be used to form the distinguished name of a
 user, with "{0}" marking the spot where the specified username
 goes. | 
| protected String | userRoleAttributeThe name of the attribute inside the users
 directory entry where the value will be
 taken to search for roles
 This attribute is not used during a nested search | 
| protected String | userRoleNameThe name of an attribute in the user's entry containing
 roles for that user | 
| protected String | userSearchThe message format used to search for a user, with "{0}" marking
 the spot where the username goes. | 
| protected boolean | userSubtreeShould we search the entire subtree for matching users? | 
allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassNamemserverAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT| Constructor and Description | 
|---|
| JNDIRealm() | 
| Modifier and Type | Method and Description | 
|---|---|
| Principal | authenticate(JNDIRealm.JNDIConnection connection,
            String username,
            String credentials)Return the Principal associated with the specified username and
 credentials, if there is one; otherwise return  null. | 
| Principal | authenticate(String username,
            String credentials)Return the Principal associated with the specified username and
 credentials, if there is one; otherwise return  null. | 
| protected boolean | bindAsUser(DirContext context,
          JNDIRealm.User user,
          String credentials)Check credentials by binding to the directory as the user | 
| protected boolean | checkCredentials(DirContext context,
                JNDIRealm.User user,
                String credentials)Check whether the given User can be authenticated with the
 given credentials. | 
| protected void | close(JNDIRealm.JNDIConnection connection)Close any open connection to the directory server for this Realm. | 
| protected void | closePooledConnections()Close all pooled connections. | 
| protected boolean | compareCredentials(DirContext context,
                  JNDIRealm.User info,
                  String credentials)Check whether the credentials presented by the user match those
 retrieved from the directory. | 
| protected static String | convertToHexEscape(String input) | 
| protected JNDIRealm.JNDIConnection | create()Create a new connection wrapper, along with the
 message formats. | 
| protected String | doAttributeValueEscaping(String input)Implements the necessary escaping to represent an attribute value as a
 String as per RFC 4514. | 
| protected String | doFilterEscaping(String inString)Given an LDAP search string, returns the string with certain characters
 escaped according to RFC 2254 guidelines. | 
| protected String | doRFC2254Encoding(String inString)Deprecated. 
 Will be removed in Tomcat 10.1.x onwards | 
| protected JNDIRealm.JNDIConnection | get()Open (if necessary) and return a connection to the configured
 directory server for this Realm. | 
| boolean | getAdCompat() | 
| String | getAlternateURL()Getter for property alternateURL. | 
| String | getAuthentication() | 
| String | getCommonRole() | 
| String | getConnectionName() | 
| String | getConnectionPassword() | 
| int | getConnectionPoolSize() | 
| String | getConnectionTimeout() | 
| String | getConnectionURL() | 
| String | getContextFactory() | 
| String | getDerefAliases() | 
| protected Hashtable<String,String> | getDirectoryContextEnvironment()Create our directory context configuration. | 
| protected String | getDistinguishedName(DirContext context,
                    String base,
                    SearchResult result)Returns the distinguished name of a search result. | 
| boolean | getForceDnHexEscape() | 
| HostnameVerifier | getHostnameVerifier() | 
| String | getHostnameVerifierClassName() | 
| protected String | getName()Deprecated.  | 
| protected String | getPassword(String username)Get the password for the specified user. | 
| protected Principal | getPrincipal(GSSName gssName,
            GSSCredential gssCredential)Get the principal associated with the specified  GSSName. | 
| protected Principal | getPrincipal(JNDIRealm.JNDIConnection connection,
            String username,
            GSSCredential gssCredential)Get the principal associated with the specified certificate. | 
| protected Principal | getPrincipal(String username)Get the principal associated with the specified certificate. | 
| protected Principal | getPrincipal(String username,
            GSSCredential gssCredential)Get the principal associated with the specified user name. | 
| String | getProtocol() | 
| String | getReadTimeout() | 
| String | getReferrals() | 
| String | getRoleBase() | 
| String | getRoleName() | 
| boolean | getRoleNested() | 
| protected List<String> | getRoles(JNDIRealm.JNDIConnection connection,
        JNDIRealm.User user)Return a List of roles associated with the given User. | 
| String | getRoleSearch() | 
| boolean | getRoleSubtree() | 
| long | getSizeLimit() | 
| String | getSpnegoDelegationQop() | 
| int | getTimeLimit() | 
| protected JNDIRealm.User | getUser(JNDIRealm.JNDIConnection connection,
       String username)Return a User object containing information about the user
 with the specified username, if found in the directory;
 otherwise return  null. | 
| protected JNDIRealm.User | getUser(JNDIRealm.JNDIConnection connection,
       String username,
       String credentials)Return a User object containing information about the user
 with the specified username, if found in the directory;
 otherwise return  null. | 
| protected JNDIRealm.User | getUser(JNDIRealm.JNDIConnection connection,
       String username,
       String credentials,
       int curUserPattern)Return a User object containing information about the user
 with the specified username, if found in the directory;
 otherwise return  null. | 
| String | getUserBase() | 
| protected JNDIRealm.User | getUserByPattern(DirContext context,
                String username,
                String[] attrIds,
                String dn)Use the distinguished name to locate the directory
 entry for the user with the specified username and
 return a User object; otherwise return  null. | 
| protected JNDIRealm.User | getUserByPattern(JNDIRealm.JNDIConnection connection,
                String username,
                String credentials,
                String[] attrIds,
                int curUserPattern)Use the  UserPatternconfiguration attribute to
 locate the directory entry for the user with the specified
 username and return a User object; otherwise returnnull. | 
| protected JNDIRealm.User | getUserBySearch(JNDIRealm.JNDIConnection connection,
               String username,
               String[] attrIds)Search the directory to return a User object containing
 information about the user with the specified username, if
 found in the directory; otherwise return  null. | 
| String | getUserPassword() | 
| String | getUserPattern() | 
| String | getUserRoleAttribute() | 
| String | getUserRoleName() | 
| String | getUserSearch() | 
| boolean | getUserSubtree() | 
| boolean | getUseStartTls() | 
| boolean | isAvailable()Return the availability of the realm for authentication. | 
| boolean | isRoleSearchAsUser() | 
| boolean | isUseContextClassLoader()Returns whether to use the context or default ClassLoader. | 
| boolean | isUseDelegatedCredential() | 
| boolean | isUserSearchAsUser() | 
| protected void | open(JNDIRealm.JNDIConnection connection)Create a new connection to the directory server. | 
| protected String[] | parseUserPatternString(String userPatternString)Given a string containing LDAP patterns for user locations (separated by
 parentheses in a pseudo-LDAP search string format -
 "(location1)(location2)", returns an array of those paths. | 
| protected void | release(JNDIRealm.JNDIConnection connection)Release our use of this connection so that it can be recycled. | 
| void | setAdCompat(boolean adCompat)How do we handle PartialResultExceptions? | 
| void | setAlternateURL(String alternateURL)Setter for property alternateURL. | 
| void | setAuthentication(String authentication)Set the type of authentication to use. | 
| void | setCipherSuites(String suites)Set the allowed cipher suites when opening a connection using StartTLS. | 
| void | setCommonRole(String commonRole)Set the common role | 
| void | setConnectionName(String connectionName)Set the connection username for this Realm. | 
| void | setConnectionPassword(String connectionPassword)Set the connection password for this Realm. | 
| void | setConnectionPoolSize(int connectionPoolSize)Set the connection pool size | 
| void | setConnectionTimeout(String timeout)Set the connection timeout. | 
| void | setConnectionURL(String connectionURL)Set the connection URL for this Realm. | 
| void | setContextFactory(String contextFactory)Set the JNDI context factory for this Realm. | 
| void | setDerefAliases(String derefAliases)Set the value for derefAliases to be used when searching the directory. | 
| void | setForceDnHexEscape(boolean forceDnHexEscape) | 
| void | setHostnameVerifierClassName(String verifierClassName)Set the  HostnameVerifierto be used when opening connections
 using StartTLS. | 
| void | setProtocol(String protocol)Set the protocol for this Realm. | 
| void | setReadTimeout(String timeout)Set the read timeout. | 
| void | setReferrals(String referrals)How do we handle JNDI referrals? | 
| void | setRoleBase(String roleBase)Set the base element for role searches. | 
| void | setRoleName(String roleName)Set the role name attribute name for this Realm. | 
| void | setRoleNested(boolean roleNested)Set the "search subtree for roles" flag. | 
| void | setRoleSearch(String roleSearch)Set the message format pattern for selecting roles in this Realm. | 
| void | setRoleSearchAsUser(boolean roleSearchAsUser) | 
| void | setRoleSubtree(boolean roleSubtree)Set the "search subtree for roles" flag. | 
| void | setSizeLimit(long sizeLimit) | 
| void | setSpnegoDelegationQop(String spnegoDelegationQop) | 
| void | setSslProtocol(String protocol)Set the ssl protocol to be used for connections using StartTLS. | 
| void | setSslSocketFactoryClassName(String factoryClassName)Set the  SSLSocketFactoryto be used when opening connections
 using StartTLS. | 
| void | setTimeLimit(int timeLimit) | 
| void | setUseContextClassLoader(boolean useContext)Sets whether to use the context or default ClassLoader. | 
| void | setUseDelegatedCredential(boolean useDelegatedCredential) | 
| void | setUserBase(String userBase)Set the base element for user searches. | 
| void | setUserPassword(String userPassword)Set the password attribute used to retrieve the user password. | 
| void | setUserPattern(String userPattern)Set the message format pattern for selecting users in this Realm. | 
| void | setUserRoleAttribute(String userRoleAttribute) | 
| void | setUserRoleName(String userRoleName)Set the user role name attribute name for this Realm. | 
| void | setUserSearch(String userSearch)Set the message format pattern for selecting users in this Realm. | 
| void | setUserSearchAsUser(boolean userSearchAsUser) | 
| void | setUserSubtree(boolean userSubtree)Set the "search subtree for users" flag. | 
| void | setUseStartTls(boolean useStartTls)Flag whether StartTLS should be used when connecting to the ldap server | 
| protected void | startInternal()Prepare for the beginning of active use of the public methods of this
 component and implement the requirements of
  LifecycleBase.startInternal(). | 
| protected void | stopInternal()Gracefully terminate the active use of the public methods of this
 component and implement the requirements of
  LifecycleBase.stopInternal(). | 
addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, authenticate, backgroundProcess, Digest, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRole, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setContainer, setCredentialHandler, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, toStringdestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregisteraddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stopprotected String authentication
protected String connectionName
protected String connectionPassword
protected String connectionURL
protected String contextFactory
protected String derefAliases
public static final String DEREF_ALIASES
@Deprecated protected static final String name
protected String protocol
protected boolean adCompat
protected String referrals
protected String userBase
protected String userSearch
protected boolean userSubtree
protected String userPassword
protected String userRoleAttribute
protected String[] userPatternArray
protected String userPattern
protected String roleBase
protected String userRoleName
protected String roleName
protected String roleSearch
protected boolean roleSubtree
protected boolean roleNested
protected boolean roleSearchAsUser
connectionName and
 connectionPassword will be used if specified, else an anonymous
 connection will be used.protected String alternateURL
protected int connectionAttempt
protected String commonRole
protected String connectionTimeout
protected String readTimeout
protected long sizeLimit
userSearch. Zero for no limit.protected int timeLimit
userSearch. Zero for no limit.protected boolean useDelegatedCredential
protected String spnegoDelegationQop
javax.security.sasl.qop environment property for the LDAP
 connection.protected JNDIRealm.JNDIConnection singleConnection
protected final Lock singleConnectionLock
protected SynchronizedStack<JNDIRealm.JNDIConnection> connectionPool
protected int connectionPoolSize
protected boolean useContextClassLoader
public boolean getForceDnHexEscape()
public void setForceDnHexEscape(boolean forceDnHexEscape)
public String getAuthentication()
public void setAuthentication(String authentication)
authentication - The authenticationpublic String getConnectionName()
public void setConnectionName(String connectionName)
connectionName - The new connection usernamepublic String getConnectionPassword()
public void setConnectionPassword(String connectionPassword)
connectionPassword - The new connection passwordpublic String getConnectionURL()
public void setConnectionURL(String connectionURL)
connectionURL - The new connection URLpublic String getContextFactory()
public void setContextFactory(String contextFactory)
contextFactory - The new context factorypublic String getDerefAliases()
public void setDerefAliases(String derefAliases)
derefAliases - New value of property derefAliases.public String getProtocol()
public void setProtocol(String protocol)
protocol - The new protocol.public boolean getAdCompat()
public void setAdCompat(boolean adCompat)
adCompat - true to ignore partial resultspublic String getReferrals()
public void setReferrals(String referrals)
referrals - The referral handlingpublic String getUserBase()
public void setUserBase(String userBase)
userBase - The new base elementpublic String getUserSearch()
public void setUserSearch(String userSearch)
userSearch - The new user search patternpublic boolean isUserSearchAsUser()
public void setUserSearchAsUser(boolean userSearchAsUser)
public boolean getUserSubtree()
public void setUserSubtree(boolean userSubtree)
userSubtree - The new search flagpublic String getUserRoleName()
public void setUserRoleName(String userRoleName)
userRoleName - The new userRole name attribute namepublic String getRoleBase()
public void setRoleBase(String roleBase)
roleBase - The new base elementpublic String getRoleName()
public void setRoleName(String roleName)
roleName - The new role name attribute namepublic String getRoleSearch()
public void setRoleSearch(String roleSearch)
roleSearch - The new role search patternpublic boolean isRoleSearchAsUser()
public void setRoleSearchAsUser(boolean roleSearchAsUser)
public boolean getRoleSubtree()
public void setRoleSubtree(boolean roleSubtree)
roleSubtree - The new search flagpublic boolean getRoleNested()
public void setRoleNested(boolean roleNested)
roleNested - The nested group search flagpublic String getUserPassword()
public void setUserPassword(String userPassword)
userPassword - The new password attributepublic String getUserRoleAttribute()
public void setUserRoleAttribute(String userRoleAttribute)
public String getUserPattern()
public void setUserPattern(String userPattern)
userPattern - The new user patternpublic String getAlternateURL()
public void setAlternateURL(String alternateURL)
alternateURL - New value of property alternateURL.public String getCommonRole()
public void setCommonRole(String commonRole)
commonRole - The common rolepublic String getConnectionTimeout()
public void setConnectionTimeout(String timeout)
timeout - The new connection timeoutpublic String getReadTimeout()
public void setReadTimeout(String timeout)
timeout - The new read timeoutpublic long getSizeLimit()
public void setSizeLimit(long sizeLimit)
public int getTimeLimit()
public void setTimeLimit(int timeLimit)
public boolean isUseDelegatedCredential()
public void setUseDelegatedCredential(boolean useDelegatedCredential)
public String getSpnegoDelegationQop()
public void setSpnegoDelegationQop(String spnegoDelegationQop)
public boolean getUseStartTls()
public void setUseStartTls(boolean useStartTls)
useStartTls - true when StartTLS should be used. Default is
            false.public void setCipherSuites(String suites)
suites - comma separated list of allowed cipher suitespublic int getConnectionPoolSize()
public void setConnectionPoolSize(int connectionPoolSize)
connectionPoolSize - the new pool sizepublic String getHostnameVerifierClassName()
HostnameVerifier class used for connections
         using StartTLS, or the empty string, if the default verifier
         should be used.public void setHostnameVerifierClassName(String verifierClassName)
HostnameVerifier to be used when opening connections
 using StartTLS. An instance of the given class name will be constructed
 using the default constructor.verifierClassName - class name of the HostnameVerifier to be constructedpublic HostnameVerifier getHostnameVerifier()
HostnameVerifier to use for peer certificate
         verification when opening connections using StartTLS.public void setSslSocketFactoryClassName(String factoryClassName)
SSLSocketFactory to be used when opening connections
 using StartTLS. An instance of the factory with the given name will be
 created using the default constructor. The SSLSocketFactory can also be
 set using setSslProtocol(String).factoryClassName - class name of the factory to be constructedpublic void setSslProtocol(String protocol)
protocol - one of the allowed ssl protocol namespublic void setUseContextClassLoader(boolean useContext)
useContext - True means use context ClassLoaderpublic boolean isUseContextClassLoader()
public Principal authenticate(String username, String credentials)
null.
 If there are any errors with the JDBC connection, executing
 the query or anything we return null (don't authenticate). This
 event is also logged, and the connection will be closed so that
 a subsequent request will automatically re-open it.authenticate in interface Realmauthenticate in class RealmBaseusername - Username of the Principal to look upcredentials - Password or other credentials to use in
  authenticating this usernamenull if there is none.public Principal authenticate(JNDIRealm.JNDIConnection connection, String username, String credentials) throws NamingException
null.connection - The directory contextusername - Username of the Principal to look upcredentials - Password or other credentials to use in
  authenticating this usernamenull if there is none.NamingException - if a directory server error occursprotected JNDIRealm.User getUser(JNDIRealm.JNDIConnection connection, String username) throws NamingException
null.connection - The directory contextusername - Username to be looked upNamingException - if a directory server error occursgetUser(JNDIConnection, String, String, int)protected JNDIRealm.User getUser(JNDIRealm.JNDIConnection connection, String username, String credentials) throws NamingException
null.connection - The directory contextusername - Username to be looked upcredentials - User credentials (optional)NamingException - if a directory server error occursgetUser(JNDIConnection, String, String, int)protected JNDIRealm.User getUser(JNDIRealm.JNDIConnection connection, String username, String credentials, int curUserPattern) throws NamingException
null.
 If the userPassword configuration attribute is
 specified, the value of that attribute is retrieved from the
 user's directory entry. If the userRoleName
 configuration attribute is specified, all values of that
 attribute are retrieved from the directory entry.connection - The directory contextusername - Username to be looked upcredentials - User credentials (optional)curUserPattern - Index into userPatternFormatArrayNamingException - if a directory server error occursprotected JNDIRealm.User getUserByPattern(DirContext context, String username, String[] attrIds, String dn) throws NamingException
null.context - The directory contextusername - The usernameattrIds - String[]containing names of attributes todn - Distinguished name of the user
 retrieve.NamingException - if a directory server error occursprotected JNDIRealm.User getUserByPattern(JNDIRealm.JNDIConnection connection, String username, String credentials, String[] attrIds, int curUserPattern) throws NamingException
UserPattern configuration attribute to
 locate the directory entry for the user with the specified
 username and return a User object; otherwise return
 null.connection - The directory contextusername - The usernamecredentials - User credentials (optional)attrIds - String[]containing names of attributes tocurUserPattern - Index into userPatternFormatArrayNamingException - if a directory server error occursgetUserByPattern(DirContext, String, String[], String)protected JNDIRealm.User getUserBySearch(JNDIRealm.JNDIConnection connection, String username, String[] attrIds) throws NamingException
null.connection - The directory contextusername - The usernameattrIds - String[]containing names of attributes to retrieve.NamingException - if a directory server error occursprotected boolean checkCredentials(DirContext context, JNDIRealm.User user, String credentials) throws NamingException
userPassword
 configuration attribute is specified, the credentials
 previously retrieved from the directory are compared explicitly
 with those presented by the user. Otherwise the presented
 credentials are checked by binding to the directory as the
 user.context - The directory contextuser - The User to be authenticatedcredentials - The credentials presented by the usertrue if the credentials are validatedNamingException - if a directory server error occursprotected boolean compareCredentials(DirContext context, JNDIRealm.User info, String credentials) throws NamingException
context - The directory contextinfo - The User to be authenticatedcredentials - Authentication credentialstrue if the credentials are validatedNamingException - if a directory server error occursprotected boolean bindAsUser(DirContext context, JNDIRealm.User user, String credentials) throws NamingException
context - The directory contextuser - The User to be authenticatedcredentials - Authentication credentialstrue if the credentials are validatedNamingException - if a directory server error occursprotected List<String> getRoles(JNDIRealm.JNDIConnection connection, JNDIRealm.User user) throws NamingException
connection - The directory context we are searchinguser - The User to be checkedNamingException - if a directory server error occursprotected void close(JNDIRealm.JNDIConnection connection)
connection - The directory context to be closedprotected void closePooledConnections()
@Deprecated protected String getName()
protected String getPassword(String username)
getPassword in class RealmBaseusername - The user nameprotected Principal getPrincipal(String username)
getPrincipal in class RealmBaseusername - The user nameprotected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential)
RealmBaseGSSName.getPrincipal in class RealmBasegssName - The GSS namegssCredential - the GSS credential of the principalprotected Principal getPrincipal(String username, GSSCredential gssCredential)
RealmBasegetPrincipal in class RealmBaseusername - The user namegssCredential - the GSS credential of the principalprotected Principal getPrincipal(JNDIRealm.JNDIConnection connection, String username, GSSCredential gssCredential) throws NamingException
connection - The directory contextusername - The user namegssCredential - The credentialsNamingException - if a directory server error occursprotected JNDIRealm.JNDIConnection get() throws NamingException
NamingException - if a directory server error occursprotected void release(JNDIRealm.JNDIConnection connection)
connection - The directory context to releaseprotected JNDIRealm.JNDIConnection create()
protected void open(JNDIRealm.JNDIConnection connection) throws NamingException
connection - The directory server connection wrapperNamingException - if a directory server error occurspublic boolean isAvailable()
RealmisAvailable in interface RealmisAvailable in class RealmBasetrue if the realm is able to perform authenticationprotected Hashtable<String,String> getDirectoryContextEnvironment()
protected void startInternal()
                      throws LifecycleException
LifecycleBase.startInternal().startInternal in class RealmBaseLifecycleException - if this component detects a fatal error
  that prevents this component from being usedprotected void stopInternal()
                     throws LifecycleException
LifecycleBase.stopInternal().stopInternal in class RealmBaseLifecycleException - if this component detects a fatal error
  that needs to be reportedprotected String[] parseUserPatternString(String userPatternString)
userPatternString - - a string LDAP search paths surrounded by
 parentheses@Deprecated protected String doRFC2254Encoding(String inString)
inString - string to escape according to RFC 2254 guidelinesprotected String doFilterEscaping(String inString)
inString - string to escape according to RFC 2254 guidelinesprotected String getDistinguishedName(DirContext context, String base, SearchResult result) throws NamingException
context - Our DirContextbase - The base DNresult - The search resultNamingException - if a directory server error occursprotected String doAttributeValueEscaping(String input)
input - The original attribute valueCopyright © 2000-2021 Apache Software Foundation. All Rights Reserved.