Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.10.0 / apidocs / org / apache / shiro / realm / ldap / DefaultLdapRealm.html
blob: ab6133e1ce2d81c5fb3ef438e87d7cd452d80618 [file] [log] [blame]
<!DOCTYPE HTML>
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc -->
<title>DefaultLdapRealm (Apache Shiro 1.10.0 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
try {
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="DefaultLdapRealm (Apache Shiro 1.10.0 API)";
}
}
catch(err) {
}
//-->
var data = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav"><!-- Matomo --> <script> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ /* We explicitly disable cookie tracking to avoid privacy issues */ _paq.push(['disableCookies']); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//matomo.privacy.apache.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '2']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Matomo Code -->
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a id="navbar.top">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/DefaultLdapRealm.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>
<!-- ======== START OF CLASS DATA ======== -->
<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.apache.shiro.realm.ldap</a></div>
<h2 title="Class DefaultLdapRealm" class="title">Class DefaultLdapRealm</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li><a href="../CachingRealm.html" title="class in org.apache.shiro.realm">org.apache.shiro.realm.CachingRealm</a></li>
<li>
<ul class="inheritance">
<li><a href="../AuthenticatingRealm.html" title="class in org.apache.shiro.realm">org.apache.shiro.realm.AuthenticatingRealm</a></li>
<li>
<ul class="inheritance">
<li><a href="../AuthorizingRealm.html" title="class in org.apache.shiro.realm">org.apache.shiro.realm.AuthorizingRealm</a></li>
<li>
<ul class="inheritance">
<li>org.apache.shiro.realm.ldap.DefaultLdapRealm</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code><a href="../../authc/LogoutAware.html" title="interface in org.apache.shiro.authc">LogoutAware</a></code>, <code><a href="../../authz/Authorizer.html" title="interface in org.apache.shiro.authz">Authorizer</a></code>, <code><a href="../../authz/permission/PermissionResolverAware.html" title="interface in org.apache.shiro.authz.permission">PermissionResolverAware</a></code>, <code><a href="../../authz/permission/RolePermissionResolverAware.html" title="interface in org.apache.shiro.authz.permission">RolePermissionResolverAware</a></code>, <code><a href="../../cache/CacheManagerAware.html" title="interface in org.apache.shiro.cache">CacheManagerAware</a></code>, <code><a href="../Realm.html" title="interface in org.apache.shiro.realm">Realm</a></code>, <code><a href="../../util/Initializable.html" title="interface in org.apache.shiro.util">Initializable</a></code>, <code><a href="../../util/Nameable.html" title="interface in org.apache.shiro.util">Nameable</a></code></dd>
</dl>
<dl>
<dt>Direct Known Subclasses:</dt>
<dd><code><a href="JndiLdapRealm.html" title="class in org.apache.shiro.realm.ldap">JndiLdapRealm</a></code></dd>
</dl>
<hr>
<pre>public class <a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.84">DefaultLdapRealm</a>
extends <a href="../AuthorizingRealm.html" title="class in org.apache.shiro.realm">AuthorizingRealm</a></pre>
<div class="block">An LDAP <a href="../Realm.html" title="interface in org.apache.shiro.realm"><code>Realm</code></a> implementation utilizing Sun's/Oracle's
<a href="http://download-llnw.oracle.com/javase/tutorial/jndi/ldap/jndi.html">JNDI API as an LDAP API</a>. This is
Shiro's default implementation for supporting LDAP, as using the JNDI API has been a common approach for Java LDAP
support for many years.
<p/>
This realm implementation and its backing <a href="JndiLdapContextFactory.html" title="class in org.apache.shiro.realm.ldap"><code>JndiLdapContextFactory</code></a> should cover 99% of all Shiro-related LDAP
authentication and authorization needs. However, if it does not suit your needs, you might want to look into
creating your own realm using an alternative, perhaps more robust, LDAP communication API, such as the
<a href="http://directory.apache.org/api/">Apache LDAP API</a>.
<h2>Authentication</h2>
During an authentication attempt, if the submitted <code>AuthenticationToken</code>'s
<a href="../../authc/AuthenticationToken.html#getPrincipal()"><code>principal</code></a> is a simple username, but the
LDAP directory expects a complete User Distinguished Name (User DN) to establish a connection, the
<a href="#setUserDnTemplate(java.lang.String)"><code>userDnTemplate</code></a> property must be configured. If not configured,
the property will pass the simple username directly as the User DN, which is often incorrect in most LDAP
environments (maybe Microsoft ActiveDirectory being the exception).
<h2>Authorization</h2>
By default, authorization is effectively disabled due to the default
<a href="#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)"><code>doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)</code></a> implementation returning <code>null</code>.
If you wish to perform authorization based on an LDAP schema, you must subclass this one
and override that method to reflect your organization's data model.
<h2>Configuration</h2>
This class primarily provides the <a href="#setUserDnTemplate(java.lang.String)"><code>userDnTemplate</code></a> property to allow you to specify
the your LDAP server's User DN format. Most other configuration is performed via the nested
<a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap"><code>contextFactory</code></a> property.
<p/>
For example, defining this realm in Shiro .ini:
<pre>
[main]
ldapRealm = org.apache.shiro.realm.ldap.DefaultLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,dc=mycompany,dc=com
ldapRealm.contextFactory.url = ldap://ldapHost:389
ldapRealm.contextFactory.authenticationMechanism = DIGEST-MD5
ldapRealm.contextFactory.environment[some.obscure.jndi.key] = some value
...
</pre>
The default <a href="#setContextFactory(org.apache.shiro.realm.ldap.LdapContextFactory)"><code>contextFactory</code></a> instance is a <a href="JndiLdapContextFactory.html" title="class in org.apache.shiro.realm.ldap"><code>JndiLdapContextFactory</code></a>. See that
class's JavaDoc for more information on configuring the LDAP connection as well as specifying JNDI environment
properties as necessary.</div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>1.3</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="JndiLdapContextFactory.html" title="class in org.apache.shiro.realm.ldap"><code>JndiLdapContextFactory</code></a></dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="#%3Cinit%3E()">DefaultLdapRealm</a></span>()</code></th>
<td class="colLast">
<div class="block">Default no-argument constructor that defaults the internal <a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap"><code>LdapContextFactory</code></a> instance to a
<a href="JndiLdapContextFactory.html" title="class in org.apache.shiro.realm.ldap"><code>JndiLdapContextFactory</code></a>.</div>
</td>
</tr>
</table>
</li>
</ul>
</section>
<!-- ========== METHOD SUMMARY =========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>protected <a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#createAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken,java.lang.Object,java.lang.Object,javax.naming.ldap.LdapContext)">createAuthenticationInfo</a></span>&#8203;(<a href="../../authc/AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;ldapPrincipal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;ldapCredentials,
<a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/ldap/LdapContext.html?is-external=true" title="class or interface in javax.naming.ldap" class="externalLink">LdapContext</a>&nbsp;ldapContext)</code></th>
<td class="colLast">
<div class="block">Returns the <a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> resulting from a Subject's successful LDAP authentication attempt.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>protected <a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)">doGetAuthenticationInfo</a></span>&#8203;(<a href="../../authc/AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token)</code></th>
<td class="colLast">
<div class="block">Delegates to <a href="#queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.realm.ldap.LdapContextFactory)"><code>queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, LdapContextFactory)</code></a>,
wrapping any <a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink"><code>NamingException</code></a>s in a Shiro <a href="../../authc/AuthenticationException.html" title="class in org.apache.shiro.authc"><code>AuthenticationException</code></a> to satisfy the parent method
signature.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>protected <a href="../../authz/AuthorizationInfo.html" title="interface in org.apache.shiro.authz">AuthorizationInfo</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)">doGetAuthorizationInfo</a></span>&#8203;(<a href="../../subject/PrincipalCollection.html" title="interface in org.apache.shiro.subject">PrincipalCollection</a>&nbsp;principals)</code></th>
<td class="colLast">
<div class="block">Retrieves the AuthorizationInfo for the given principals from the underlying data store.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code><a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap">LdapContextFactory</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getContextFactory()">getContextFactory</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the LdapContextFactory instance used to acquire connections to the LDAP directory during authentication
attempts and authorization queries.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getLdapPrincipal(org.apache.shiro.authc.AuthenticationToken)">getLdapPrincipal</a></span>&#8203;(<a href="../../authc/AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token)</code></th>
<td class="colLast">
<div class="block">Returns the principal to use when creating the LDAP connection for an authentication attempt.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getUserDn(java.lang.String)">getUserDn</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;principal)</code></th>
<td class="colLast">
<div class="block">Returns the LDAP User Distinguished Name (DN) to use when acquiring an
<a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/ldap/LdapContext.html?is-external=true" title="class or interface in javax.naming.ldap" class="externalLink"><code>LdapContext</code></a> from the <a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap"><code>LdapContextFactory</code></a>.</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getUserDnPrefix()">getUserDnPrefix</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the User DN prefix to use when building a runtime User DN value or <code>null</code> if no
<a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> has been configured.</div>
</td>
</tr>
<tr id="i7" class="rowColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getUserDnSuffix()">getUserDnSuffix</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the User DN suffix to use when building a runtime User DN value.</div>
</td>
</tr>
<tr id="i8" class="altColor">
<td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getUserDnTemplate()">getUserDnTemplate</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the User Distinguished Name (DN) template to use when creating User DNs at runtime - see the
<a href="#setUserDnTemplate(java.lang.String)"><code>setUserDnTemplate</code></a> JavaDoc for a full explanation.</div>
</td>
</tr>
<tr id="i9" class="rowColor">
<td class="colFirst"><code>protected <a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.realm.ldap.LdapContextFactory)">queryForAuthenticationInfo</a></span>&#8203;(<a href="../../authc/AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token,
<a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap">LdapContextFactory</a>&nbsp;ldapContextFactory)</code></th>
<td class="colLast">
<div class="block">This implementation opens an LDAP connection using the token's
<a href="#getLdapPrincipal(org.apache.shiro.authc.AuthenticationToken)"><code>discovered principal</code></a> and provided
<a href="../../authc/AuthenticationToken.html#getCredentials()"><code>credentials</code></a>.</div>
</td>
</tr>
<tr id="i10" class="altColor">
<td class="colFirst"><code>protected <a href="../../authz/AuthorizationInfo.html" title="interface in org.apache.shiro.authz">AuthorizationInfo</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection,org.apache.shiro.realm.ldap.LdapContextFactory)">queryForAuthorizationInfo</a></span>&#8203;(<a href="../../subject/PrincipalCollection.html" title="interface in org.apache.shiro.subject">PrincipalCollection</a>&nbsp;principals,
<a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap">LdapContextFactory</a>&nbsp;ldapContextFactory)</code></th>
<td class="colLast">
<div class="block">Method that should be implemented by subclasses to build an
<a href="../../authz/AuthorizationInfo.html" title="interface in org.apache.shiro.authz"><code>AuthorizationInfo</code></a> object by querying the LDAP context for the
specified principal.</div>
</td>
</tr>
<tr id="i11" class="rowColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setContextFactory(org.apache.shiro.realm.ldap.LdapContextFactory)">setContextFactory</a></span>&#8203;(<a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap">LdapContextFactory</a>&nbsp;contextFactory)</code></th>
<td class="colLast">
<div class="block">Sets the LdapContextFactory instance used to acquire connections to the LDAP directory during authentication
attempts and authorization queries.</div>
</td>
</tr>
<tr id="i12" class="altColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setUserDnTemplate(java.lang.String)">setUserDnTemplate</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;template)</code></th>
<td class="colLast">
<div class="block">Sets the User Distinguished Name (DN) template to use when creating User DNs at runtime.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.realm.AuthorizingRealm">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.realm.<a href="../AuthorizingRealm.html" title="class in org.apache.shiro.realm">AuthorizingRealm</a></h3>
<code><a href="../AuthorizingRealm.html#afterCacheManagerSet()">afterCacheManagerSet</a>, <a href="../AuthorizingRealm.html#checkPermission(org.apache.shiro.authz.Permission,org.apache.shiro.authz.AuthorizationInfo)">checkPermission</a>, <a href="../AuthorizingRealm.html#checkPermission(org.apache.shiro.subject.PrincipalCollection,java.lang.String)">checkPermission</a>, <a href="../AuthorizingRealm.html#checkPermission(org.apache.shiro.subject.PrincipalCollection,org.apache.shiro.authz.Permission)">checkPermission</a>, <a href="../AuthorizingRealm.html#checkPermissions(java.util.Collection,org.apache.shiro.authz.AuthorizationInfo)">checkPermissions</a>, <a href="../AuthorizingRealm.html#checkPermissions(org.apache.shiro.subject.PrincipalCollection,java.lang.String...)">checkPermissions</a>, <a href="../AuthorizingRealm.html#checkPermissions(org.apache.shiro.subject.PrincipalCollection,java.util.Collection)">checkPermissions</a>, <a href="../AuthorizingRealm.html#checkRole(java.lang.String,org.apache.shiro.authz.AuthorizationInfo)">checkRole</a>, <a href="../AuthorizingRealm.html#checkRole(org.apache.shiro.subject.PrincipalCollection,java.lang.String)">checkRole</a>, <a href="../AuthorizingRealm.html#checkRoles(java.util.Collection,org.apache.shiro.authz.AuthorizationInfo)">checkRoles</a>, <a href="../AuthorizingRealm.html#checkRoles(org.apache.shiro.subject.PrincipalCollection,java.lang.String...)">checkRoles</a>, <a href="../AuthorizingRealm.html#checkRoles(org.apache.shiro.subject.PrincipalCollection,java.util.Collection)">checkRoles</a>, <a href="../AuthorizingRealm.html#clearCachedAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)">clearCachedAuthorizationInfo</a>, <a href="../AuthorizingRealm.html#doClearCache(org.apache.shiro.subject.PrincipalCollection)">doClearCache</a>, <a href="../AuthorizingRealm.html#getAuthorizationCache()">getAuthorizationCache</a>, <a href="../AuthorizingRealm.html#getAuthorizationCacheKey(org.apache.shiro.subject.PrincipalCollection)">getAuthorizationCacheKey</a>, <a href="../AuthorizingRealm.html#getAuthorizationCacheName()">getAuthorizationCacheName</a>, <a href="../AuthorizingRealm.html#getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)">getAuthorizationInfo</a>, <a href="../AuthorizingRealm.html#getPermissionResolver()">getPermissionResolver</a>, <a href="../AuthorizingRealm.html#getPermissions(org.apache.shiro.authz.AuthorizationInfo)">getPermissions</a>, <a href="../AuthorizingRealm.html#getRolePermissionResolver()">getRolePermissionResolver</a>, <a href="../AuthorizingRealm.html#hasAllRoles(org.apache.shiro.subject.PrincipalCollection,java.util.Collection)">hasAllRoles</a>, <a href="../AuthorizingRealm.html#hasRole(java.lang.String,org.apache.shiro.authz.AuthorizationInfo)">hasRole</a>, <a href="../AuthorizingRealm.html#hasRole(org.apache.shiro.subject.PrincipalCollection,java.lang.String)">hasRole</a>, <a href="../AuthorizingRealm.html#hasRoles(java.util.List,org.apache.shiro.authz.AuthorizationInfo)">hasRoles</a>, <a href="../AuthorizingRealm.html#hasRoles(org.apache.shiro.subject.PrincipalCollection,java.util.List)">hasRoles</a>, <a href="../AuthorizingRealm.html#isAuthorizationCachingEnabled()">isAuthorizationCachingEnabled</a>, <a href="../AuthorizingRealm.html#isPermitted(java.util.List,org.apache.shiro.authz.AuthorizationInfo)">isPermitted</a>, <a href="../AuthorizingRealm.html#isPermitted(org.apache.shiro.authz.Permission,org.apache.shiro.authz.AuthorizationInfo)">isPermitted</a>, <a href="../AuthorizingRealm.html#isPermitted(org.apache.shiro.subject.PrincipalCollection,java.lang.String)">isPermitted</a>, <a href="../AuthorizingRealm.html#isPermitted(org.apache.shiro.subject.PrincipalCollection,java.lang.String...)">isPermitted</a>, <a href="../AuthorizingRealm.html#isPermitted(org.apache.shiro.subject.PrincipalCollection,java.util.List)">isPermitted</a>, <a href="../AuthorizingRealm.html#isPermitted(org.apache.shiro.subject.PrincipalCollection,org.apache.shiro.authz.Permission)">isPermitted</a>, <a href="../AuthorizingRealm.html#isPermittedAll(java.util.Collection,org.apache.shiro.authz.AuthorizationInfo)">isPermittedAll</a>, <a href="../AuthorizingRealm.html#isPermittedAll(org.apache.shiro.subject.PrincipalCollection,java.lang.String...)">isPermittedAll</a>, <a href="../AuthorizingRealm.html#isPermittedAll(org.apache.shiro.subject.PrincipalCollection,java.util.Collection)">isPermittedAll</a>, <a href="../AuthorizingRealm.html#onInit()">onInit</a>, <a href="../AuthorizingRealm.html#setAuthorizationCache(org.apache.shiro.cache.Cache)">setAuthorizationCache</a>, <a href="../AuthorizingRealm.html#setAuthorizationCacheName(java.lang.String)">setAuthorizationCacheName</a>, <a href="../AuthorizingRealm.html#setAuthorizationCachingEnabled(boolean)">setAuthorizationCachingEnabled</a>, <a href="../AuthorizingRealm.html#setName(java.lang.String)">setName</a>, <a href="../AuthorizingRealm.html#setPermissionResolver(org.apache.shiro.authz.permission.PermissionResolver)">setPermissionResolver</a>, <a href="../AuthorizingRealm.html#setRolePermissionResolver(org.apache.shiro.authz.permission.RolePermissionResolver)">setRolePermissionResolver</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.realm.AuthenticatingRealm">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.realm.<a href="../AuthenticatingRealm.html" title="class in org.apache.shiro.realm">AuthenticatingRealm</a></h3>
<code><a href="../AuthenticatingRealm.html#assertCredentialsMatch(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">assertCredentialsMatch</a>, <a href="../AuthenticatingRealm.html#clearCachedAuthenticationInfo(org.apache.shiro.subject.PrincipalCollection)">clearCachedAuthenticationInfo</a>, <a href="../AuthenticatingRealm.html#getAuthenticationCache()">getAuthenticationCache</a>, <a href="../AuthenticatingRealm.html#getAuthenticationCacheKey(org.apache.shiro.authc.AuthenticationToken)">getAuthenticationCacheKey</a>, <a href="../AuthenticatingRealm.html#getAuthenticationCacheKey(org.apache.shiro.subject.PrincipalCollection)">getAuthenticationCacheKey</a>, <a href="../AuthenticatingRealm.html#getAuthenticationCacheName()">getAuthenticationCacheName</a>, <a href="../AuthenticatingRealm.html#getAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)">getAuthenticationInfo</a>, <a href="../AuthenticatingRealm.html#getAuthenticationTokenClass()">getAuthenticationTokenClass</a>, <a href="../AuthenticatingRealm.html#getCredentialsMatcher()">getCredentialsMatcher</a>, <a href="../AuthenticatingRealm.html#init()">init</a>, <a href="../AuthenticatingRealm.html#isAuthenticationCachingEnabled()">isAuthenticationCachingEnabled</a>, <a href="../AuthenticatingRealm.html#isAuthenticationCachingEnabled(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">isAuthenticationCachingEnabled</a>, <a href="../AuthenticatingRealm.html#setAuthenticationCache(org.apache.shiro.cache.Cache)">setAuthenticationCache</a>, <a href="../AuthenticatingRealm.html#setAuthenticationCacheName(java.lang.String)">setAuthenticationCacheName</a>, <a href="../AuthenticatingRealm.html#setAuthenticationCachingEnabled(boolean)">setAuthenticationCachingEnabled</a>, <a href="../AuthenticatingRealm.html#setAuthenticationTokenClass(java.lang.Class)">setAuthenticationTokenClass</a>, <a href="../AuthenticatingRealm.html#setCredentialsMatcher(org.apache.shiro.authc.credential.CredentialsMatcher)">setCredentialsMatcher</a>, <a href="../AuthenticatingRealm.html#supports(org.apache.shiro.authc.AuthenticationToken)">supports</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.realm.CachingRealm">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.realm.<a href="../CachingRealm.html" title="class in org.apache.shiro.realm">CachingRealm</a></h3>
<code><a href="../CachingRealm.html#clearCache(org.apache.shiro.subject.PrincipalCollection)">clearCache</a>, <a href="../CachingRealm.html#getAvailablePrincipal(org.apache.shiro.subject.PrincipalCollection)">getAvailablePrincipal</a>, <a href="../CachingRealm.html#getCacheManager()">getCacheManager</a>, <a href="../CachingRealm.html#getName()">getName</a>, <a href="../CachingRealm.html#isCachingEnabled()">isCachingEnabled</a>, <a href="../CachingRealm.html#onLogout(org.apache.shiro.subject.PrincipalCollection)">onLogout</a>, <a href="../CachingRealm.html#setCacheManager(org.apache.shiro.cache.CacheManager)">setCacheManager</a>, <a href="../CachingRealm.html#setCachingEnabled(boolean)">setCachingEnabled</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></h3>
<code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang" class="externalLink">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang" class="externalLink">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang" class="externalLink">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang" class="externalLink">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang" class="externalLink">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang" class="externalLink">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang" class="externalLink">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString()" title="class or interface in java.lang" class="externalLink">toString</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long,int)" title="class or interface in java.lang" class="externalLink">wait</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.util.Initializable">
<!-- -->
</a>
<h3>Methods inherited from interface&nbsp;org.apache.shiro.util.<a href="../../util/Initializable.html" title="interface in org.apache.shiro.util">Initializable</a></h3>
<code><a href="../../util/Initializable.html#init()">init</a></code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;()">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>DefaultLdapRealm</h4>
<pre>public&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.111">DefaultLdapRealm</a>()</pre>
<div class="block">Default no-argument constructor that defaults the internal <a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap"><code>LdapContextFactory</code></a> instance to a
<a href="JndiLdapContextFactory.html" title="class in org.apache.shiro.realm.ldap"><code>JndiLdapContextFactory</code></a>.</div>
</li>
</ul>
</li>
</ul>
</section>
<!-- ============ METHOD DETAIL ========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a id="getUserDnPrefix()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getUserDnPrefix</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.131">getUserDnPrefix</a>()</pre>
<div class="block">Returns the User DN prefix to use when building a runtime User DN value or <code>null</code> if no
<a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> has been configured. If configured, this value is the text that
occurs before the <a href="#USERDN_SUBSTITUTION_TOKEN"><code>USERDN_SUBSTITUTION_TOKEN</code></a> in the <a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> value.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the the User DN prefix to use when building a runtime User DN value or <code>null</code> if no
<a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> has been configured.</dd>
</dl>
</li>
</ul>
<a id="getUserDnSuffix()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getUserDnSuffix</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.143">getUserDnSuffix</a>()</pre>
<div class="block">Returns the User DN suffix to use when building a runtime User DN value. or <code>null</code> if no
<a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> has been configured. If configured, this value is the text that
occurs after the <a href="#USERDN_SUBSTITUTION_TOKEN"><code>USERDN_SUBSTITUTION_TOKEN</code></a> in the <a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> value.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the User DN suffix to use when building a runtime User DN value or <code>null</code> if no
<a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> has been configured.</dd>
</dl>
</li>
</ul>
<a id="setUserDnTemplate(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setUserDnTemplate</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.181">setUserDnTemplate</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;template)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalArgumentException</a></pre>
<div class="block">Sets the User Distinguished Name (DN) template to use when creating User DNs at runtime. A User DN is an LDAP
fully-qualified unique user identifier which is required to establish a connection with the LDAP
directory to authenticate users and query for authorization information.
<h2>Usage</h2>
User DN formats are unique to the LDAP directory's schema, and each environment differs - you will need to
specify the format corresponding to your directory. You do this by specifying the full User DN as normal, but
but you use a <b><code>{0}</code></b> placeholder token in the string representing the location where the
user's submitted principal (usually a username or uid) will be substituted at runtime.
<p/>
For example, if your directory
uses an LDAP <code>uid</code> attribute to represent usernames, the User DN for the <code>jsmith</code> user may look like
this:
<p/>
<pre>uid=jsmith,ou=users,dc=mycompany,dc=com</pre>
<p/>
in which case you would set this property with the following template value:
<p/>
<pre>uid=<b>{0}</b>,ou=users,dc=mycompany,dc=com</pre>
<p/>
If no template is configured, the raw <code>AuthenticationToken</code>
<a href="../../authc/AuthenticationToken.html#getPrincipal()"><code>principal</code></a> will be used as the LDAP principal. This is likely
incorrect as most LDAP directories expect a fully-qualified User DN as opposed to the raw uid or username. So,
ensure you set this property to match your environment!</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>template</code> - the User Distinguished Name template to use for runtime substitution</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalArgumentException</a></code> - if the template is null, empty, or does not contain the
<code>{0}</code> substitution token.</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="LdapContextFactory.html#getLdapContext(java.lang.Object,java.lang.Object)"><code>LdapContextFactory.getLdapContext(Object,Object)</code></a></dd>
</dl>
</li>
</ul>
<a id="getUserDnTemplate()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getUserDnTemplate</h4>
<pre class="methodSignature">public&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.208">getUserDnTemplate</a>()</pre>
<div class="block">Returns the User Distinguished Name (DN) template to use when creating User DNs at runtime - see the
<a href="#setUserDnTemplate(java.lang.String)"><code>setUserDnTemplate</code></a> JavaDoc for a full explanation.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the User Distinguished Name (DN) template to use when creating User DNs at runtime.</dd>
</dl>
</li>
</ul>
<a id="getUserDn(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getUserDn</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.227">getUserDn</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;principal)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalArgumentException</a>,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalStateException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalStateException</a></pre>
<div class="block">Returns the LDAP User Distinguished Name (DN) to use when acquiring an
<a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/ldap/LdapContext.html?is-external=true" title="class or interface in javax.naming.ldap" class="externalLink"><code>LdapContext</code></a> from the <a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap"><code>LdapContextFactory</code></a>.
<p/>
If the the <a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> property has been set, this implementation will construct
the User DN by substituting the specified <code>principal</code> into the configured template. If the
<a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> has not been set, the method argument will be returned directly
(indicating that the submitted authentication token principal <em>is</em> the User DN).</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>principal</code> - the principal to substitute into the configured <a href="#getUserDnTemplate()"><code>userDnTemplate</code></a>.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the constructed User DN to use at runtime when acquiring an <a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/ldap/LdapContext.html?is-external=true" title="class or interface in javax.naming.ldap" class="externalLink"><code>LdapContext</code></a>.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalArgumentException</a></code> - if the method argument is null or empty</dd>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalStateException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalStateException</a></code> - if the <a href="#getUserDnTemplate()"><code>userDnTemplate</code></a> has not been set.</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="LdapContextFactory.html#getLdapContext(java.lang.Object,java.lang.Object)"><code>LdapContextFactory.getLdapContext(Object, Object)</code></a></dd>
</dl>
</li>
</ul>
<a id="setContextFactory(org.apache.shiro.realm.ldap.LdapContextFactory)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setContextFactory</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.261">setContextFactory</a>&#8203;(<a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap">LdapContextFactory</a>&nbsp;contextFactory)</pre>
<div class="block">Sets the LdapContextFactory instance used to acquire connections to the LDAP directory during authentication
attempts and authorization queries. Unless specified otherwise, the default is a <a href="JndiLdapContextFactory.html" title="class in org.apache.shiro.realm.ldap"><code>JndiLdapContextFactory</code></a>
instance.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>contextFactory</code> - the LdapContextFactory instance used to acquire connections to the LDAP directory during
authentication attempts and authorization queries</dd>
</dl>
</li>
</ul>
<a id="getContextFactory()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getContextFactory</h4>
<pre class="methodSignature">public&nbsp;<a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap">LdapContextFactory</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.274">getContextFactory</a>()</pre>
<div class="block">Returns the LdapContextFactory instance used to acquire connections to the LDAP directory during authentication
attempts and authorization queries. Unless specified otherwise, the default is a <a href="JndiLdapContextFactory.html" title="class in org.apache.shiro.realm.ldap"><code>JndiLdapContextFactory</code></a>
instance.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the LdapContextFactory instance used to acquire connections to the LDAP directory during
authentication attempts and authorization queries</dd>
</dl>
</li>
</ul>
<a id="doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doGetAuthenticationInfo</h4>
<pre class="methodSignature">protected&nbsp;<a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.292">doGetAuthenticationInfo</a>&#8203;(<a href="../../authc/AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token)
throws <a href="../../authc/AuthenticationException.html" title="class in org.apache.shiro.authc">AuthenticationException</a></pre>
<div class="block">Delegates to <a href="#queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.realm.ldap.LdapContextFactory)"><code>queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, LdapContextFactory)</code></a>,
wrapping any <a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink"><code>NamingException</code></a>s in a Shiro <a href="../../authc/AuthenticationException.html" title="class in org.apache.shiro.authc"><code>AuthenticationException</code></a> to satisfy the parent method
signature.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../AuthenticatingRealm.html#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)">doGetAuthenticationInfo</a></code>&nbsp;in class&nbsp;<code><a href="../AuthenticatingRealm.html" title="class in org.apache.shiro.realm">AuthenticatingRealm</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>token</code> - the authentication token containing the user's principal and credentials.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> acquired after a successful authentication attempt</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="../../authc/AuthenticationException.html" title="class in org.apache.shiro.authc">AuthenticationException</a></code> - if the authentication attempt fails or if a
<a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink"><code>NamingException</code></a> occurs.</dd>
</dl>
</li>
</ul>
<a id="doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doGetAuthorizationInfo</h4>
<pre class="methodSignature">protected&nbsp;<a href="../../authz/AuthorizationInfo.html" title="interface in org.apache.shiro.authz">AuthorizationInfo</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.310">doGetAuthorizationInfo</a>&#8203;(<a href="../../subject/PrincipalCollection.html" title="interface in org.apache.shiro.subject">PrincipalCollection</a>&nbsp;principals)</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from class:&nbsp;<code><a href="../AuthorizingRealm.html#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)">AuthorizingRealm</a></code></span></div>
<div class="block">Retrieves the AuthorizationInfo for the given principals from the underlying data store. When returning
an instance from this method, you might want to consider using an instance of
<a href="../../authz/SimpleAuthorizationInfo.html" title="class in org.apache.shiro.authz"><code>SimpleAuthorizationInfo</code></a>, as it is suitable in most cases.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../AuthorizingRealm.html#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)">doGetAuthorizationInfo</a></code>&nbsp;in class&nbsp;<code><a href="../AuthorizingRealm.html" title="class in org.apache.shiro.realm">AuthorizingRealm</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>principals</code> - the primary identifying principals of the AuthorizationInfo that should be retrieved.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the AuthorizationInfo associated with this principals.</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../authz/SimpleAuthorizationInfo.html" title="class in org.apache.shiro.authz"><code>SimpleAuthorizationInfo</code></a></dd>
</dl>
</li>
</ul>
<a id="getLdapPrincipal(org.apache.shiro.authc.AuthenticationToken)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getLdapPrincipal</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.338">getLdapPrincipal</a>&#8203;(<a href="../../authc/AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token)</pre>
<div class="block">Returns the principal to use when creating the LDAP connection for an authentication attempt.
<p/>
This implementation uses a heuristic: it checks to see if the specified token's
<a href="../../authc/AuthenticationToken.html#getPrincipal()"><code>principal</code></a> is a <code>String</code>, and if so,
<a href="#getUserDn(java.lang.String)"><code>converts it</code></a> from what is
assumed to be a raw uid or username <code>String</code> into a User DN <code>String</code>. Almost all LDAP directories
expect the authentication connection to present a User DN and not an unqualified username or uid.
<p/>
If the token's <code>principal</code> is not a String, it is assumed to already be in the format supported by the
underlying <a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap"><code>LdapContextFactory</code></a> implementation and the raw principal is returned directly.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>token</code> - the <a href="../../authc/AuthenticationToken.html" title="interface in org.apache.shiro.authc"><code>AuthenticationToken</code></a> submitted during the authentication process</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the User DN or raw principal to use to acquire the LdapContext.</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="LdapContextFactory.html#getLdapContext(java.lang.Object,java.lang.Object)"><code>LdapContextFactory.getLdapContext(Object, Object)</code></a></dd>
</dl>
</li>
</ul>
<a id="queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.realm.ldap.LdapContextFactory)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>queryForAuthenticationInfo</h4>
<pre class="methodSignature">protected&nbsp;<a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.362">queryForAuthenticationInfo</a>&#8203;(<a href="../../authc/AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token,
<a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap">LdapContextFactory</a>&nbsp;ldapContextFactory)
throws <a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink">NamingException</a></pre>
<div class="block">This implementation opens an LDAP connection using the token's
<a href="#getLdapPrincipal(org.apache.shiro.authc.AuthenticationToken)"><code>discovered principal</code></a> and provided
<a href="../../authc/AuthenticationToken.html#getCredentials()"><code>credentials</code></a>. If the connection opens successfully, the
authentication attempt is immediately considered successful and a new
<a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> instance is
<a href="#createAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken,java.lang.Object,java.lang.Object,javax.naming.ldap.LdapContext)"><code>created</code></a>
and returned. If the connection cannot be opened, either because LDAP authentication failed or some other
JNDI problem, an <a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink"><code>NamingException</code></a> will be thrown.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>token</code> - the submitted authentication token that triggered the authentication attempt.</dd>
<dd><code>ldapContextFactory</code> - factory used to retrieve LDAP connections.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>an <a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> instance representing the authenticated user's information.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink">NamingException</a></code> - if any LDAP errors occur.</dd>
</dl>
</li>
</ul>
<a id="createAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken,java.lang.Object,java.lang.Object,javax.naming.ldap.LdapContext)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>createAuthenticationInfo</h4>
<pre class="methodSignature">protected&nbsp;<a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.408">createAuthenticationInfo</a>&#8203;(<a href="../../authc/AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;ldapPrincipal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;ldapCredentials,
<a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/ldap/LdapContext.html?is-external=true" title="class or interface in javax.naming.ldap" class="externalLink">LdapContext</a>&nbsp;ldapContext)
throws <a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink">NamingException</a></pre>
<div class="block">Returns the <a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> resulting from a Subject's successful LDAP authentication attempt.
<p/>
This implementation ignores the <code>ldapPrincipal</code>, <code>ldapCredentials</code>, and the opened
<code>ldapContext</code> arguments and merely returns an <code>AuthenticationInfo</code> instance mirroring the
submitted token's principal and credentials. This is acceptable because this method is only ever invoked after
a successful authentication attempt, which means the provided principal and credentials were correct, and can
be used directly to populate the (now verified) <code>AuthenticationInfo</code>.
<p/>
Subclasses however are free to override this method for more advanced construction logic.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>token</code> - the submitted <code>AuthenticationToken</code> that resulted in a successful authentication</dd>
<dd><code>ldapPrincipal</code> - the LDAP principal used when creating the LDAP connection. Unlike the token's
<a href="../../authc/AuthenticationToken.html#getPrincipal()"><code>principal</code></a>, this value is usually a constructed
User DN and not a simple username or uid. The exact value is depending on the
configured
<a href="http://download-llnw.oracle.com/javase/tutorial/jndi/ldap/auth_mechs.html">
LDAP authentication mechanism</a> in use.</dd>
<dd><code>ldapCredentials</code> - the LDAP credentials used when creating the LDAP connection.</dd>
<dd><code>ldapContext</code> - the LdapContext created that resulted in a successful authentication. It can be used
further by subclasses for more complex operations. It does not need to be closed -
it will be closed automatically after this method returns.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../../authc/AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> resulting from a Subject's successful LDAP authentication attempt.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink">NamingException</a></code> - if there was any problem using the <code>LdapContext</code></dd>
</dl>
</li>
</ul>
<a id="queryForAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection,org.apache.shiro.realm.ldap.LdapContextFactory)">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>queryForAuthorizationInfo</h4>
<pre class="methodSignature">protected&nbsp;<a href="../../authz/AuthorizationInfo.html" title="interface in org.apache.shiro.authz">AuthorizationInfo</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/realm/ldap/DefaultLdapRealm.html#line.426">queryForAuthorizationInfo</a>&#8203;(<a href="../../subject/PrincipalCollection.html" title="interface in org.apache.shiro.subject">PrincipalCollection</a>&nbsp;principals,
<a href="LdapContextFactory.html" title="interface in org.apache.shiro.realm.ldap">LdapContextFactory</a>&nbsp;ldapContextFactory)
throws <a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink">NamingException</a></pre>
<div class="block">Method that should be implemented by subclasses to build an
<a href="../../authz/AuthorizationInfo.html" title="interface in org.apache.shiro.authz"><code>AuthorizationInfo</code></a> object by querying the LDAP context for the
specified principal.</p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>principals</code> - the principals of the Subject whose AuthenticationInfo should be queried from the LDAP server.</dd>
<dd><code>ldapContextFactory</code> - factory used to retrieve LDAP connections.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>an <a href="../../authz/AuthorizationInfo.html" title="interface in org.apache.shiro.authz"><code>AuthorizationInfo</code></a> instance containing information retrieved from the LDAP server.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/javax/naming/NamingException.html?is-external=true" title="class or interface in javax.naming" class="externalLink">NamingException</a></code> - if any LDAP errors occur during the search.</dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>
<!-- ========= END OF CLASS DATA ========= -->
<footer role="contentinfo">
<nav role="navigation">
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a id="navbar.bottom">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/DefaultLdapRealm.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</nav>
<p class="legalCopy"><small>Copyright &#169; 2004&#x2013;2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p>
</footer>
</body>
</html>