Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.5.2 / apidocs / src-html / org / apache / shiro / realm / ldap / DefaultLdapContextFactory.html
blob: c26903a2123629ef7fb4abb759282acf22ee9843 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Source code</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body>
<main role="main">
<div class="sourceContainer">
<pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
<span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
<span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a>
<span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
<span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a>
<span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
<span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
<span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a>
<span class="sourceLineNo">009</span><a id="line.9"> *</a>
<span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a>
<span class="sourceLineNo">011</span><a id="line.11"> *</a>
<span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
<span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
<span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
<span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a>
<span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
<span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
<span class="sourceLineNo">018</span><a id="line.18"> */</a>
<span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.realm.ldap;</a>
<span class="sourceLineNo">020</span><a id="line.20"></a>
<span class="sourceLineNo">021</span><a id="line.21">import java.util.Hashtable;</a>
<span class="sourceLineNo">022</span><a id="line.22">import java.util.Map;</a>
<span class="sourceLineNo">023</span><a id="line.23">import javax.naming.AuthenticationException;</a>
<span class="sourceLineNo">024</span><a id="line.24">import javax.naming.Context;</a>
<span class="sourceLineNo">025</span><a id="line.25">import javax.naming.NamingException;</a>
<span class="sourceLineNo">026</span><a id="line.26">import javax.naming.ldap.InitialLdapContext;</a>
<span class="sourceLineNo">027</span><a id="line.27">import javax.naming.ldap.LdapContext;</a>
<span class="sourceLineNo">028</span><a id="line.28"></a>
<span class="sourceLineNo">029</span><a id="line.29">import org.apache.shiro.util.StringUtils;</a>
<span class="sourceLineNo">030</span><a id="line.30">import org.slf4j.Logger;</a>
<span class="sourceLineNo">031</span><a id="line.31">import org.slf4j.LoggerFactory;</a>
<span class="sourceLineNo">032</span><a id="line.32"></a>
<span class="sourceLineNo">033</span><a id="line.33">/**</a>
<span class="sourceLineNo">034</span><a id="line.34"> * &lt;p&gt;Default implementation of {@link LdapContextFactory} that can be configured or extended to</a>
<span class="sourceLineNo">035</span><a id="line.35"> * customize the way {@link javax.naming.ldap.LdapContext} objects are retrieved.&lt;/p&gt;</a>
<span class="sourceLineNo">036</span><a id="line.36"> * &lt;p/&gt;</a>
<span class="sourceLineNo">037</span><a id="line.37"> * &lt;p&gt;This implementation of {@link LdapContextFactory} is used by the {@link AbstractLdapRealm} if a</a>
<span class="sourceLineNo">038</span><a id="line.38"> * factory is not explictly configured.&lt;/p&gt;</a>
<span class="sourceLineNo">039</span><a id="line.39"> * &lt;p/&gt;</a>
<span class="sourceLineNo">040</span><a id="line.40"> * &lt;p&gt;Connection pooling is enabled by default on this factory, but can be disabled using the</a>
<span class="sourceLineNo">041</span><a id="line.41"> * {@link #usePooling} property.&lt;/p&gt;</a>
<span class="sourceLineNo">042</span><a id="line.42"> *</a>
<span class="sourceLineNo">043</span><a id="line.43"> * @since 0.2</a>
<span class="sourceLineNo">044</span><a id="line.44"> * @deprecated replaced by the {@link JndiLdapContextFactory} implementation. This implementation will be removed</a>
<span class="sourceLineNo">045</span><a id="line.45"> * prior to Shiro 2.0</a>
<span class="sourceLineNo">046</span><a id="line.46"> */</a>
<span class="sourceLineNo">047</span><a id="line.47">@Deprecated</a>
<span class="sourceLineNo">048</span><a id="line.48">public class DefaultLdapContextFactory implements LdapContextFactory {</a>
<span class="sourceLineNo">049</span><a id="line.49"></a>
<span class="sourceLineNo">050</span><a id="line.50"> //TODO - complete JavaDoc</a>
<span class="sourceLineNo">051</span><a id="line.51"></a>
<span class="sourceLineNo">052</span><a id="line.52"> /*--------------------------------------------</a>
<span class="sourceLineNo">053</span><a id="line.53"> | C O N S T A N T S |</a>
<span class="sourceLineNo">054</span><a id="line.54"> ============================================*/</a>
<span class="sourceLineNo">055</span><a id="line.55"> /**</a>
<span class="sourceLineNo">056</span><a id="line.56"> * The Sun LDAP property used to enable connection pooling. This is used in the default implementation</a>
<span class="sourceLineNo">057</span><a id="line.57"> * to enable LDAP connection pooling.</a>
<span class="sourceLineNo">058</span><a id="line.58"> */</a>
<span class="sourceLineNo">059</span><a id="line.59"> protected static final String SUN_CONNECTION_POOLING_PROPERTY = "com.sun.jndi.ldap.connect.pool";</a>
<span class="sourceLineNo">060</span><a id="line.60"> private static final String SIMPLE_AUTHENTICATION_MECHANISM_NAME = "simple";</a>
<span class="sourceLineNo">061</span><a id="line.61"></a>
<span class="sourceLineNo">062</span><a id="line.62"> /*--------------------------------------------</a>
<span class="sourceLineNo">063</span><a id="line.63"> | I N S T A N C E V A R I A B L E S |</a>
<span class="sourceLineNo">064</span><a id="line.64"> ============================================*/</a>
<span class="sourceLineNo">065</span><a id="line.65"></a>
<span class="sourceLineNo">066</span><a id="line.66"> private static final Logger log = LoggerFactory.getLogger(DefaultLdapContextFactory.class);</a>
<span class="sourceLineNo">067</span><a id="line.67"></a>
<span class="sourceLineNo">068</span><a id="line.68"> protected String authentication = SIMPLE_AUTHENTICATION_MECHANISM_NAME;</a>
<span class="sourceLineNo">069</span><a id="line.69"></a>
<span class="sourceLineNo">070</span><a id="line.70"> protected String principalSuffix = null;</a>
<span class="sourceLineNo">071</span><a id="line.71"></a>
<span class="sourceLineNo">072</span><a id="line.72"> protected String searchBase = null;</a>
<span class="sourceLineNo">073</span><a id="line.73"></a>
<span class="sourceLineNo">074</span><a id="line.74"> protected String contextFactoryClassName = "com.sun.jndi.ldap.LdapCtxFactory";</a>
<span class="sourceLineNo">075</span><a id="line.75"></a>
<span class="sourceLineNo">076</span><a id="line.76"> protected String url = null;</a>
<span class="sourceLineNo">077</span><a id="line.77"></a>
<span class="sourceLineNo">078</span><a id="line.78"> protected String referral = "follow";</a>
<span class="sourceLineNo">079</span><a id="line.79"></a>
<span class="sourceLineNo">080</span><a id="line.80"> protected String systemUsername = null;</a>
<span class="sourceLineNo">081</span><a id="line.81"></a>
<span class="sourceLineNo">082</span><a id="line.82"> protected String systemPassword = null;</a>
<span class="sourceLineNo">083</span><a id="line.83"></a>
<span class="sourceLineNo">084</span><a id="line.84"> private boolean usePooling = true;</a>
<span class="sourceLineNo">085</span><a id="line.85"></a>
<span class="sourceLineNo">086</span><a id="line.86"> private Map&lt;String, String&gt; additionalEnvironment;</a>
<span class="sourceLineNo">087</span><a id="line.87"></a>
<span class="sourceLineNo">088</span><a id="line.88"> /*--------------------------------------------</a>
<span class="sourceLineNo">089</span><a id="line.89"> | C O N S T R U C T O R S |</a>
<span class="sourceLineNo">090</span><a id="line.90"> ============================================*/</a>
<span class="sourceLineNo">091</span><a id="line.91"></a>
<span class="sourceLineNo">092</span><a id="line.92"> /*--------------------------------------------</a>
<span class="sourceLineNo">093</span><a id="line.93"> | A C C E S S O R S / M O D I F I E R S |</a>
<span class="sourceLineNo">094</span><a id="line.94"> ============================================*/</a>
<span class="sourceLineNo">095</span><a id="line.95"></a>
<span class="sourceLineNo">096</span><a id="line.96"> /**</a>
<span class="sourceLineNo">097</span><a id="line.97"> * Sets the type of LDAP authentication to perform when connecting to the LDAP server. Defaults to "simple"</a>
<span class="sourceLineNo">098</span><a id="line.98"> *</a>
<span class="sourceLineNo">099</span><a id="line.99"> * @param authentication the type of LDAP authentication to perform.</a>
<span class="sourceLineNo">100</span><a id="line.100"> */</a>
<span class="sourceLineNo">101</span><a id="line.101"> public void setAuthentication(String authentication) {</a>
<span class="sourceLineNo">102</span><a id="line.102"> this.authentication = authentication;</a>
<span class="sourceLineNo">103</span><a id="line.103"> }</a>
<span class="sourceLineNo">104</span><a id="line.104"></a>
<span class="sourceLineNo">105</span><a id="line.105"> /**</a>
<span class="sourceLineNo">106</span><a id="line.106"> * A suffix appended to the username. This is typically for</a>
<span class="sourceLineNo">107</span><a id="line.107"> * domain names. (e.g. "@MyDomain.local")</a>
<span class="sourceLineNo">108</span><a id="line.108"> *</a>
<span class="sourceLineNo">109</span><a id="line.109"> * @param principalSuffix the suffix.</a>
<span class="sourceLineNo">110</span><a id="line.110"> */</a>
<span class="sourceLineNo">111</span><a id="line.111"> public void setPrincipalSuffix(String principalSuffix) {</a>
<span class="sourceLineNo">112</span><a id="line.112"> this.principalSuffix = principalSuffix;</a>
<span class="sourceLineNo">113</span><a id="line.113"> }</a>
<span class="sourceLineNo">114</span><a id="line.114"></a>
<span class="sourceLineNo">115</span><a id="line.115"> /**</a>
<span class="sourceLineNo">116</span><a id="line.116"> * The search base for the search to perform in the LDAP server.</a>
<span class="sourceLineNo">117</span><a id="line.117"> * (e.g. OU=OrganizationName,DC=MyDomain,DC=local )</a>
<span class="sourceLineNo">118</span><a id="line.118"> *</a>
<span class="sourceLineNo">119</span><a id="line.119"> * @param searchBase the search base.</a>
<span class="sourceLineNo">120</span><a id="line.120"> * @deprecated this attribute existed, but was never used in Shiro 1.x. It will be removed prior to Shiro 2.0.</a>
<span class="sourceLineNo">121</span><a id="line.121"> */</a>
<span class="sourceLineNo">122</span><a id="line.122"> @Deprecated</a>
<span class="sourceLineNo">123</span><a id="line.123"> public void setSearchBase(String searchBase) {</a>
<span class="sourceLineNo">124</span><a id="line.124"> this.searchBase = searchBase;</a>
<span class="sourceLineNo">125</span><a id="line.125"> }</a>
<span class="sourceLineNo">126</span><a id="line.126"></a>
<span class="sourceLineNo">127</span><a id="line.127"> /**</a>
<span class="sourceLineNo">128</span><a id="line.128"> * The context factory to use. This defaults to the SUN LDAP JNDI implementation</a>
<span class="sourceLineNo">129</span><a id="line.129"> * but can be overridden to use custom LDAP factories.</a>
<span class="sourceLineNo">130</span><a id="line.130"> *</a>
<span class="sourceLineNo">131</span><a id="line.131"> * @param contextFactoryClassName the context factory that should be used.</a>
<span class="sourceLineNo">132</span><a id="line.132"> */</a>
<span class="sourceLineNo">133</span><a id="line.133"> public void setContextFactoryClassName(String contextFactoryClassName) {</a>
<span class="sourceLineNo">134</span><a id="line.134"> this.contextFactoryClassName = contextFactoryClassName;</a>
<span class="sourceLineNo">135</span><a id="line.135"> }</a>
<span class="sourceLineNo">136</span><a id="line.136"></a>
<span class="sourceLineNo">137</span><a id="line.137"> /**</a>
<span class="sourceLineNo">138</span><a id="line.138"> * The LDAP url to connect to. (e.g. ldap://&lt;ldapDirectoryHostname&gt;:&lt;port&gt;)</a>
<span class="sourceLineNo">139</span><a id="line.139"> *</a>
<span class="sourceLineNo">140</span><a id="line.140"> * @param url the LDAP url.</a>
<span class="sourceLineNo">141</span><a id="line.141"> */</a>
<span class="sourceLineNo">142</span><a id="line.142"> public void setUrl(String url) {</a>
<span class="sourceLineNo">143</span><a id="line.143"> this.url = url;</a>
<span class="sourceLineNo">144</span><a id="line.144"> }</a>
<span class="sourceLineNo">145</span><a id="line.145"></a>
<span class="sourceLineNo">146</span><a id="line.146"> /**</a>
<span class="sourceLineNo">147</span><a id="line.147"> * Sets the LDAP referral property. Defaults to "follow"</a>
<span class="sourceLineNo">148</span><a id="line.148"> *</a>
<span class="sourceLineNo">149</span><a id="line.149"> * @param referral the referral property.</a>
<span class="sourceLineNo">150</span><a id="line.150"> */</a>
<span class="sourceLineNo">151</span><a id="line.151"> public void setReferral(String referral) {</a>
<span class="sourceLineNo">152</span><a id="line.152"> this.referral = referral;</a>
<span class="sourceLineNo">153</span><a id="line.153"> }</a>
<span class="sourceLineNo">154</span><a id="line.154"></a>
<span class="sourceLineNo">155</span><a id="line.155"> /**</a>
<span class="sourceLineNo">156</span><a id="line.156"> * The system username that will be used when connecting to the LDAP server to retrieve authorization</a>
<span class="sourceLineNo">157</span><a id="line.157"> * information about a user. This must be specified for LDAP authorization to work, but is not required for</a>
<span class="sourceLineNo">158</span><a id="line.158"> * only authentication.</a>
<span class="sourceLineNo">159</span><a id="line.159"> *</a>
<span class="sourceLineNo">160</span><a id="line.160"> * @param systemUsername the username to use when logging into the LDAP server for authorization.</a>
<span class="sourceLineNo">161</span><a id="line.161"> */</a>
<span class="sourceLineNo">162</span><a id="line.162"> public void setSystemUsername(String systemUsername) {</a>
<span class="sourceLineNo">163</span><a id="line.163"> this.systemUsername = systemUsername;</a>
<span class="sourceLineNo">164</span><a id="line.164"> }</a>
<span class="sourceLineNo">165</span><a id="line.165"></a>
<span class="sourceLineNo">166</span><a id="line.166"></a>
<span class="sourceLineNo">167</span><a id="line.167"> /**</a>
<span class="sourceLineNo">168</span><a id="line.168"> * The system password that will be used when connecting to the LDAP server to retrieve authorization</a>
<span class="sourceLineNo">169</span><a id="line.169"> * information about a user. This must be specified for LDAP authorization to work, but is not required for</a>
<span class="sourceLineNo">170</span><a id="line.170"> * only authentication.</a>
<span class="sourceLineNo">171</span><a id="line.171"> *</a>
<span class="sourceLineNo">172</span><a id="line.172"> * @param systemPassword the password to use when logging into the LDAP server for authorization.</a>
<span class="sourceLineNo">173</span><a id="line.173"> */</a>
<span class="sourceLineNo">174</span><a id="line.174"> public void setSystemPassword(String systemPassword) {</a>
<span class="sourceLineNo">175</span><a id="line.175"> this.systemPassword = systemPassword;</a>
<span class="sourceLineNo">176</span><a id="line.176"> }</a>
<span class="sourceLineNo">177</span><a id="line.177"></a>
<span class="sourceLineNo">178</span><a id="line.178"> /**</a>
<span class="sourceLineNo">179</span><a id="line.179"> * Determines whether or not LdapContext pooling is enabled for connections made using the system</a>
<span class="sourceLineNo">180</span><a id="line.180"> * user account. In the default implementation, this simply</a>
<span class="sourceLineNo">181</span><a id="line.181"> * sets the &lt;tt&gt;com.sun.jndi.ldap.connect.pool&lt;/tt&gt; property in the LDAP context environment. If you use an</a>
<span class="sourceLineNo">182</span><a id="line.182"> * LDAP Context Factory that is not Sun's default implementation, you will need to override the</a>
<span class="sourceLineNo">183</span><a id="line.183"> * default behavior to use this setting in whatever way your underlying LDAP ContextFactory</a>
<span class="sourceLineNo">184</span><a id="line.184"> * supports. By default, pooling is enabled.</a>
<span class="sourceLineNo">185</span><a id="line.185"> *</a>
<span class="sourceLineNo">186</span><a id="line.186"> * @param usePooling true to enable pooling, or false to disable it.</a>
<span class="sourceLineNo">187</span><a id="line.187"> */</a>
<span class="sourceLineNo">188</span><a id="line.188"> public void setUsePooling(boolean usePooling) {</a>
<span class="sourceLineNo">189</span><a id="line.189"> this.usePooling = usePooling;</a>
<span class="sourceLineNo">190</span><a id="line.190"> }</a>
<span class="sourceLineNo">191</span><a id="line.191"></a>
<span class="sourceLineNo">192</span><a id="line.192"> /**</a>
<span class="sourceLineNo">193</span><a id="line.193"> * These entries are added to the environment map before initializing the LDAP context.</a>
<span class="sourceLineNo">194</span><a id="line.194"> *</a>
<span class="sourceLineNo">195</span><a id="line.195"> * @param additionalEnvironment additional environment entries to be configured on the LDAP context.</a>
<span class="sourceLineNo">196</span><a id="line.196"> */</a>
<span class="sourceLineNo">197</span><a id="line.197"> public void setAdditionalEnvironment(Map&lt;String, String&gt; additionalEnvironment) {</a>
<span class="sourceLineNo">198</span><a id="line.198"> this.additionalEnvironment = additionalEnvironment;</a>
<span class="sourceLineNo">199</span><a id="line.199"> }</a>
<span class="sourceLineNo">200</span><a id="line.200"></a>
<span class="sourceLineNo">201</span><a id="line.201"> /*--------------------------------------------</a>
<span class="sourceLineNo">202</span><a id="line.202"> | M E T H O D S |</a>
<span class="sourceLineNo">203</span><a id="line.203"> ============================================*/</a>
<span class="sourceLineNo">204</span><a id="line.204"> public LdapContext getSystemLdapContext() throws NamingException {</a>
<span class="sourceLineNo">205</span><a id="line.205"> return getLdapContext(systemUsername, systemPassword);</a>
<span class="sourceLineNo">206</span><a id="line.206"> }</a>
<span class="sourceLineNo">207</span><a id="line.207"></a>
<span class="sourceLineNo">208</span><a id="line.208"> /**</a>
<span class="sourceLineNo">209</span><a id="line.209"> * Deprecated - use {@link #getLdapContext(Object, Object)} instead. This will be removed before Apache Shiro 2.0.</a>
<span class="sourceLineNo">210</span><a id="line.210"> *</a>
<span class="sourceLineNo">211</span><a id="line.211"> * @param username the username to use when creating the connection.</a>
<span class="sourceLineNo">212</span><a id="line.212"> * @param password the password to use when creating the connection.</a>
<span class="sourceLineNo">213</span><a id="line.213"> * @return a {@code LdapContext} bound using the given username and password.</a>
<span class="sourceLineNo">214</span><a id="line.214"> * @throws javax.naming.NamingException if there is an error creating the context.</a>
<span class="sourceLineNo">215</span><a id="line.215"> * @deprecated the {@link #getLdapContext(Object, Object)} method should be used in all cases to ensure more than</a>
<span class="sourceLineNo">216</span><a id="line.216"> * String principals and credentials can be used. Shiro no longer calls this method - it will be</a>
<span class="sourceLineNo">217</span><a id="line.217"> * removed before the 2.0 release.</a>
<span class="sourceLineNo">218</span><a id="line.218"> */</a>
<span class="sourceLineNo">219</span><a id="line.219"> @Deprecated</a>
<span class="sourceLineNo">220</span><a id="line.220"> public LdapContext getLdapContext(String username, String password) throws NamingException {</a>
<span class="sourceLineNo">221</span><a id="line.221"> if (username != null &amp;&amp; principalSuffix != null) {</a>
<span class="sourceLineNo">222</span><a id="line.222"> username += principalSuffix;</a>
<span class="sourceLineNo">223</span><a id="line.223"> }</a>
<span class="sourceLineNo">224</span><a id="line.224"> return getLdapContext((Object) username, password);</a>
<span class="sourceLineNo">225</span><a id="line.225"> }</a>
<span class="sourceLineNo">226</span><a id="line.226"></a>
<span class="sourceLineNo">227</span><a id="line.227"> public LdapContext getLdapContext(Object principal, Object credentials) throws NamingException {</a>
<span class="sourceLineNo">228</span><a id="line.228"> if (url == null) {</a>
<span class="sourceLineNo">229</span><a id="line.229"> throw new IllegalStateException("An LDAP URL must be specified of the form ldap://&lt;hostname&gt;:&lt;port&gt;");</a>
<span class="sourceLineNo">230</span><a id="line.230"> }</a>
<span class="sourceLineNo">231</span><a id="line.231"></a>
<span class="sourceLineNo">232</span><a id="line.232"> Hashtable&lt;String, Object&gt; env = new Hashtable&lt;String, Object&gt;();</a>
<span class="sourceLineNo">233</span><a id="line.233"></a>
<span class="sourceLineNo">234</span><a id="line.234"> env.put(Context.SECURITY_AUTHENTICATION, authentication);</a>
<span class="sourceLineNo">235</span><a id="line.235"> if (principal != null) {</a>
<span class="sourceLineNo">236</span><a id="line.236"> env.put(Context.SECURITY_PRINCIPAL, principal);</a>
<span class="sourceLineNo">237</span><a id="line.237"> }</a>
<span class="sourceLineNo">238</span><a id="line.238"> if (credentials!= null) {</a>
<span class="sourceLineNo">239</span><a id="line.239"> env.put(Context.SECURITY_CREDENTIALS, credentials);</a>
<span class="sourceLineNo">240</span><a id="line.240"> }</a>
<span class="sourceLineNo">241</span><a id="line.241"> env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactoryClassName);</a>
<span class="sourceLineNo">242</span><a id="line.242"> env.put(Context.PROVIDER_URL, url);</a>
<span class="sourceLineNo">243</span><a id="line.243"> env.put(Context.REFERRAL, referral);</a>
<span class="sourceLineNo">244</span><a id="line.244"></a>
<span class="sourceLineNo">245</span><a id="line.245"> // Only pool connections for system contexts</a>
<span class="sourceLineNo">246</span><a id="line.246"> if (usePooling &amp;&amp; principal != null &amp;&amp; principal.equals(systemUsername)) {</a>
<span class="sourceLineNo">247</span><a id="line.247"> // Enable connection pooling</a>
<span class="sourceLineNo">248</span><a id="line.248"> env.put(SUN_CONNECTION_POOLING_PROPERTY, "true");</a>
<span class="sourceLineNo">249</span><a id="line.249"> }</a>
<span class="sourceLineNo">250</span><a id="line.250"></a>
<span class="sourceLineNo">251</span><a id="line.251"> if (additionalEnvironment != null) {</a>
<span class="sourceLineNo">252</span><a id="line.252"> env.putAll(additionalEnvironment);</a>
<span class="sourceLineNo">253</span><a id="line.253"> }</a>
<span class="sourceLineNo">254</span><a id="line.254"></a>
<span class="sourceLineNo">255</span><a id="line.255"> if (log.isDebugEnabled()) {</a>
<span class="sourceLineNo">256</span><a id="line.256"> log.debug("Initializing LDAP context using URL [" + url + "] and username [" + systemUsername + "] " +</a>
<span class="sourceLineNo">257</span><a id="line.257"> "with pooling [" + (usePooling ? "enabled" : "disabled") + "]");</a>
<span class="sourceLineNo">258</span><a id="line.258"> }</a>
<span class="sourceLineNo">259</span><a id="line.259"></a>
<span class="sourceLineNo">260</span><a id="line.260"> // validate the config before creating the context</a>
<span class="sourceLineNo">261</span><a id="line.261"> validateAuthenticationInfo(env);</a>
<span class="sourceLineNo">262</span><a id="line.262"></a>
<span class="sourceLineNo">263</span><a id="line.263"> return createLdapContext(env);</a>
<span class="sourceLineNo">264</span><a id="line.264"> }</a>
<span class="sourceLineNo">265</span><a id="line.265"></a>
<span class="sourceLineNo">266</span><a id="line.266"> /**</a>
<span class="sourceLineNo">267</span><a id="line.267"> * Creates and returns a new {@link javax.naming.ldap.InitialLdapContext} instance. This method exists primarily</a>
<span class="sourceLineNo">268</span><a id="line.268"> * to support testing where a mock LdapContext can be returned instead of actually creating a connection, but</a>
<span class="sourceLineNo">269</span><a id="line.269"> * subclasses are free to provide a different implementation if necessary.</a>
<span class="sourceLineNo">270</span><a id="line.270"> *</a>
<span class="sourceLineNo">271</span><a id="line.271"> * @param env the JNDI environment settings used to create the LDAP connection</a>
<span class="sourceLineNo">272</span><a id="line.272"> * @return an LdapConnection</a>
<span class="sourceLineNo">273</span><a id="line.273"> * @throws NamingException if a problem occurs creating the connection</a>
<span class="sourceLineNo">274</span><a id="line.274"> */</a>
<span class="sourceLineNo">275</span><a id="line.275"> protected LdapContext createLdapContext(Hashtable env) throws NamingException {</a>
<span class="sourceLineNo">276</span><a id="line.276"> return new InitialLdapContext(env, null);</a>
<span class="sourceLineNo">277</span><a id="line.277"> }</a>
<span class="sourceLineNo">278</span><a id="line.278"></a>
<span class="sourceLineNo">279</span><a id="line.279"></a>
<span class="sourceLineNo">280</span><a id="line.280"> /**</a>
<span class="sourceLineNo">281</span><a id="line.281"> * Validates the configuration in the JNDI &lt;code&gt;environment&lt;/code&gt; settings and throws an exception if a problem</a>
<span class="sourceLineNo">282</span><a id="line.282"> * exists.</a>
<span class="sourceLineNo">283</span><a id="line.283"> * &lt;p/&gt;</a>
<span class="sourceLineNo">284</span><a id="line.284"> * This implementation will throw a {@link AuthenticationException} if the authentication mechanism is set to</a>
<span class="sourceLineNo">285</span><a id="line.285"> * 'simple', the principal is non-empty, and the credentials are empty (as per</a>
<span class="sourceLineNo">286</span><a id="line.286"> * &lt;a href="http://tools.ietf.org/html/rfc4513#section-5.1.2"&gt;rfc4513 section-5.1.2&lt;/a&gt;).</a>
<span class="sourceLineNo">287</span><a id="line.287"> *</a>
<span class="sourceLineNo">288</span><a id="line.288"> * @param environment the JNDI environment settings to be validated</a>
<span class="sourceLineNo">289</span><a id="line.289"> * @throws AuthenticationException if a configuration problem is detected</a>
<span class="sourceLineNo">290</span><a id="line.290"> */</a>
<span class="sourceLineNo">291</span><a id="line.291"> private void validateAuthenticationInfo(Hashtable&lt;String, Object&gt; environment)</a>
<span class="sourceLineNo">292</span><a id="line.292"> throws AuthenticationException</a>
<span class="sourceLineNo">293</span><a id="line.293"> {</a>
<span class="sourceLineNo">294</span><a id="line.294"> // validate when using Simple auth both principal and credentials are set</a>
<span class="sourceLineNo">295</span><a id="line.295"> if(SIMPLE_AUTHENTICATION_MECHANISM_NAME.equals(environment.get(Context.SECURITY_AUTHENTICATION))) {</a>
<span class="sourceLineNo">296</span><a id="line.296"></a>
<span class="sourceLineNo">297</span><a id="line.297"> // only validate credentials if we have a non-empty principal</a>
<span class="sourceLineNo">298</span><a id="line.298"> if( environment.get(Context.SECURITY_PRINCIPAL) != null &amp;&amp;</a>
<span class="sourceLineNo">299</span><a id="line.299"> StringUtils.hasText( String.valueOf( environment.get(Context.SECURITY_PRINCIPAL) ))) {</a>
<span class="sourceLineNo">300</span><a id="line.300"></a>
<span class="sourceLineNo">301</span><a id="line.301"> Object credentials = environment.get(Context.SECURITY_CREDENTIALS);</a>
<span class="sourceLineNo">302</span><a id="line.302"></a>
<span class="sourceLineNo">303</span><a id="line.303"> // from the FAQ, we need to check for empty credentials:</a>
<span class="sourceLineNo">304</span><a id="line.304"> // http://docs.oracle.com/javase/tutorial/jndi/ldap/faq.html</a>
<span class="sourceLineNo">305</span><a id="line.305"> if( credentials == null ||</a>
<span class="sourceLineNo">306</span><a id="line.306"> (credentials instanceof byte[] &amp;&amp; ((byte[])credentials).length &lt;= 0) || // empty byte[]</a>
<span class="sourceLineNo">307</span><a id="line.307"> (credentials instanceof char[] &amp;&amp; ((char[])credentials).length &lt;= 0) || // empty char[]</a>
<span class="sourceLineNo">308</span><a id="line.308"> (String.class.isInstance(credentials) &amp;&amp; !StringUtils.hasText(String.valueOf(credentials)))) {</a>
<span class="sourceLineNo">309</span><a id="line.309"></a>
<span class="sourceLineNo">310</span><a id="line.310"> throw new javax.naming.AuthenticationException("LDAP Simple authentication requires both a "</a>
<span class="sourceLineNo">311</span><a id="line.311"> + "principal and credentials.");</a>
<span class="sourceLineNo">312</span><a id="line.312"> }</a>
<span class="sourceLineNo">313</span><a id="line.313"> }</a>
<span class="sourceLineNo">314</span><a id="line.314"> }</a>
<span class="sourceLineNo">315</span><a id="line.315"> }</a>
<span class="sourceLineNo">316</span><a id="line.316"></a>
<span class="sourceLineNo">317</span><a id="line.317">}</a>
</pre>
</div>
</main>
</body>
</html>