| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <title>LdapIdentityStoreDefinition</title> |
| <link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style"> |
| <script type="text/javascript" src="../../../../script.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="LdapIdentityStoreDefinition"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../javax/security/enterprise/identitystore/IdentityStoreWrapper.html" title="class in javax.security.enterprise.identitystore"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.LdapSearchScope.html" title="enum in javax.security.enterprise.identitystore"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html" target="_top">Frames</a></li> |
| <li><a href="LdapIdentityStoreDefinition.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Field | </li> |
| <li>Required | </li> |
| <li><a href="#annotation.type.optional.element.summary">Optional</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#annotation.type.element.detail">Element</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <div class="subTitle">javax.security.enterprise.identitystore</div> |
| <h2 title="Annotation Type LdapIdentityStoreDefinition" class="title">Annotation Type LdapIdentityStoreDefinition</h2> |
| </div> |
| <div class="contentContainer"> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <hr> |
| <br> |
| <pre>@Retention(value=RUNTIME) |
| @Target(value=TYPE) |
| public @interface <span class="memberNameLabel">LdapIdentityStoreDefinition</span></pre> |
| <div class="block">Annotation used to define a container-provided <a href="../../../../javax/security/enterprise/identitystore/IdentityStore.html" title="interface in javax.security.enterprise.identitystore"><code>IdentityStore</code></a> that stores |
| caller credentials and identity attributes (together caller identities) in an |
| LDAP store, and make that implementation available as an enabled CDI bean. |
| <p> |
| The container-provided <code>IdentityStore</code> must support validating <a href="../../../../javax/security/enterprise/credential/UsernamePasswordCredential.html" title="class in javax.security.enterprise.credential"><code>UsernamePasswordCredential</code></a>, |
| and may support validating other credential types.</div> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- =========== ANNOTATION TYPE OPTIONAL MEMBER SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="annotation.type.optional.element.summary"> |
| <!-- --> |
| </a> |
| <h3>Optional Element Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Optional Element Summary table, listing optional elements, and an explanation"> |
| <caption><span>Optional Elements</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Optional Element and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#bindDn--">bindDn</a></span></code> |
| <div class="block">Distinguished name for the application or administrative user that will be used to |
| make the initial connection to the LDAP and to perform searches and lookups.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#bindDnPassword--">bindDnPassword</a></span></code> |
| <div class="block">Password for the application/admin user defined by the bindDn member.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#callerBaseDn--">callerBaseDn</a></span></code> |
| <div class="block">Base distinguished name for callers in the LDAP store |
| (e.g., "<code>ou=caller,dc=jsr375,dc=net</code>").</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#callerNameAttribute--">callerNameAttribute</a></span></code> |
| <div class="block">Name of the attribute that contains the callers name in the person object |
| (e.g., "<code>uid</code>").</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#callerSearchBase--">callerSearchBase</a></span></code> |
| <div class="block">Search base for looking up callers |
| (e.g., "<code>ou=caller,dc=jsr375,dc=net</code>").</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#callerSearchFilter--">callerSearchFilter</a></span></code> |
| <div class="block">Search filter to find callers when callerSearchBase is set.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.LdapSearchScope.html" title="enum in javax.security.enterprise.identitystore">LdapIdentityStoreDefinition.LdapSearchScope</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#callerSearchScope--">callerSearchScope</a></span></code> |
| <div class="block">Search scope for caller searches: determines depth |
| of the search in the LDAP tree.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#callerSearchScopeExpression--">callerSearchScopeExpression</a></span></code> |
| <div class="block">Allow callerSearchScope to be specified as an EL expression.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#groupMemberAttribute--">groupMemberAttribute</a></span></code> |
| <div class="block">Name of the attribute in a group object that identifies the |
| members of the group |
| (e.g., "<code>member</code>").</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#groupMemberOfAttribute--">groupMemberOfAttribute</a></span></code> |
| <div class="block">Name of the attribute in a person object that identifies the groups |
| the caller belongs to |
| (e.g., "<code>memberOf</code>").</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#groupNameAttribute--">groupNameAttribute</a></span></code> |
| <div class="block">Name of the attribute of a group object that represents the group name |
| (e.g., "<code>cn</code>")</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#groupSearchBase--">groupSearchBase</a></span></code> |
| <div class="block">Search base for looking up groups |
| (e.g., "<code>ou=group,dc=jsr375,dc=net</code>").</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#groupSearchFilter--">groupSearchFilter</a></span></code> |
| <div class="block">Search filter to find groups when groupSearchBase is set.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.LdapSearchScope.html" title="enum in javax.security.enterprise.identitystore">LdapIdentityStoreDefinition.LdapSearchScope</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#groupSearchScope--">groupSearchScope</a></span></code> |
| <div class="block">Search scope for group searches, determines depth |
| of the search in the LDAP tree.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#groupSearchScopeExpression--">groupSearchScopeExpression</a></span></code> |
| <div class="block">Allow groupSearchScope to be specified as an EL expression.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>int</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#maxResults--">maxResults</a></span></code> |
| <div class="block">Set the maximum number of results (objects) the server should |
| return in response to a search.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#maxResultsExpression--">maxResultsExpression</a></span></code> |
| <div class="block">Allow maxResults to be specified as an EL expression.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>int</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#priority--">priority</a></span></code> |
| <div class="block">Determines the order in case multiple IdentityStores are found.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#priorityExpression--">priorityExpression</a></span></code> |
| <div class="block">Allow priority to be specified as an EL expression.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>int</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#readTimeout--">readTimeout</a></span></code> |
| <div class="block">Set the timeout value that should be used when waiting for |
| the LDAP server to return results.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#readTimeoutExpression--">readTimeoutExpression</a></span></code> |
| <div class="block">Allow readTimeout to be specified as an EL expression.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#url--">url</a></span></code> |
| <div class="block">URL where the LDAP server can be reached.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code><a href="../../../../javax/security/enterprise/identitystore/IdentityStore.ValidationType.html" title="enum in javax.security.enterprise.identitystore">IdentityStore.ValidationType</a>[]</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#useFor--">useFor</a></span></code> |
| <div class="block">Determines what the identity store is used for</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html#useForExpression--">useForExpression</a></span></code> |
| <div class="block">Allow useFor to be specified as an EL expression.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ============ ANNOTATION TYPE MEMBER DETAIL =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="annotation.type.element.detail"> |
| <!-- --> |
| </a> |
| <h3>Element Detail</h3> |
| <a name="url--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>url</h4> |
| <pre>public abstract java.lang.String url</pre> |
| <div class="block">URL where the LDAP server can be reached. |
| <p> |
| E.g.: <code>ldap://localhost:33389</code></div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>URL where the LDAP server can be reached</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="bindDn--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>bindDn</h4> |
| <pre>public abstract java.lang.String bindDn</pre> |
| <div class="block">Distinguished name for the application or administrative user that will be used to |
| make the initial connection to the LDAP and to perform searches and lookups. |
| <p> |
| This value is needed if caller or group lookup will be done. It is not needed if the |
| store will be used only to authenticate callers using direct binding (see callerBaseDn). |
| <p> |
| This user needs search permission in the LDAP for persons and/or groups. |
| <p> |
| E.g.: <code>uid=ldap,ou=apps,dc=jsr375,dc=net</code></div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The distinguished name for the application user.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="bindDnPassword--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>bindDnPassword</h4> |
| <pre>public abstract java.lang.String bindDnPassword</pre> |
| <div class="block">Password for the application/admin user defined by the bindDn member. |
| Only used when the member bindDn is filled in.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>password for the application user.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="callerBaseDn--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>callerBaseDn</h4> |
| <pre>public abstract java.lang.String callerBaseDn</pre> |
| <div class="block">Base distinguished name for callers in the LDAP store |
| (e.g., "<code>ou=caller,dc=jsr375,dc=net</code>"). |
| <p> |
| When this member value is specified, and callerSearchBase is not, direct binding is attempted. |
| <p> |
| The callerNameAttribute must be specified along with this attribute so that the |
| runtime can create the "leaf" RDN needed to concatenate with the base DN to create the |
| full DN of the caller.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The base distinguished name for callers.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="callerNameAttribute--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>callerNameAttribute</h4> |
| <pre>public abstract java.lang.String callerNameAttribute</pre> |
| <div class="block">Name of the attribute that contains the callers name in the person object |
| (e.g., "<code>uid</code>"). |
| <p> |
| This attribute will be used, with callerBaseDn, to construct caller DNs for direct binding. |
| It is also used to retrieve the caller's name when the caller object is instead looked up |
| using search. |
| <p> |
| The value of this attribute is returned as the caller principal name |
| for a successful credential validation. |
| <p> |
| The following gives an example in ldif format: |
| <pre> |
| <code> |
| dn: uid=peter,ou=caller,dc=jsr375,dc=net |
| objectclass: top |
| objectclass: uidObject |
| objectclass: person |
| uid: peter |
| cn: Peter Smith |
| sn: Peter |
| userPassword: secret1 |
| </code> |
| </pre></div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Name of the attribute that represents the caller name</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>"uid"</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="callerSearchBase--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>callerSearchBase</h4> |
| <pre>public abstract java.lang.String callerSearchBase</pre> |
| <div class="block">Search base for looking up callers |
| (e.g., "<code>ou=caller,dc=jsr375,dc=net</code>"). |
| <p> |
| Overrides callerBaseDn, if configured, causing caller search |
| to be used instead of direct binding. |
| Requires that the bindDn member be filled in.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Base DN for searching the LDAP tree for callers.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="callerSearchFilter--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>callerSearchFilter</h4> |
| <pre>public abstract java.lang.String callerSearchFilter</pre> |
| <div class="block">Search filter to find callers when callerSearchBase is set. |
| The search is performed starting from the callerSearchBase DN |
| with the scope specified by callerSearchScope.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Search expression to find callers.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="callerSearchScope--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>callerSearchScope</h4> |
| <pre>public abstract <a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.LdapSearchScope.html" title="enum in javax.security.enterprise.identitystore">LdapIdentityStoreDefinition.LdapSearchScope</a> callerSearchScope</pre> |
| <div class="block">Search scope for caller searches: determines depth |
| of the search in the LDAP tree.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The search scope</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>javax.security.enterprise.identitystore.LdapIdentityStoreDefinition.LdapSearchScope.SUBTREE</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="callerSearchScopeExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>callerSearchScopeExpression</h4> |
| <pre>public abstract java.lang.String callerSearchScopeExpression</pre> |
| <div class="block">Allow callerSearchScope to be specified as an EL expression. |
| If set, overrides any value set with callerSearchScope.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>the callerSearchScope EL expression</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="groupSearchBase--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>groupSearchBase</h4> |
| <pre>public abstract java.lang.String groupSearchBase</pre> |
| <div class="block">Search base for looking up groups |
| (e.g., "<code>ou=group,dc=jsr375,dc=net</code>"). |
| <p> |
| Needed only for a store that performs group lookup. |
| Requires that the bindDn member be filled in.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Base DN for searching the LDAP tree for groups.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="groupSearchFilter--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>groupSearchFilter</h4> |
| <pre>public abstract java.lang.String groupSearchFilter</pre> |
| <div class="block">Search filter to find groups when groupSearchBase is set. |
| The search is performed starting from the groupSearchBase DN |
| with the scope specified by groupSearchScope.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Search expression to find groups.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="groupSearchScope--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>groupSearchScope</h4> |
| <pre>public abstract <a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.LdapSearchScope.html" title="enum in javax.security.enterprise.identitystore">LdapIdentityStoreDefinition.LdapSearchScope</a> groupSearchScope</pre> |
| <div class="block">Search scope for group searches, determines depth |
| of the search in the LDAP tree.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The search scope</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>javax.security.enterprise.identitystore.LdapIdentityStoreDefinition.LdapSearchScope.SUBTREE</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="groupSearchScopeExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>groupSearchScopeExpression</h4> |
| <pre>public abstract java.lang.String groupSearchScopeExpression</pre> |
| <div class="block">Allow groupSearchScope to be specified as an EL expression. |
| If set, overrides any value set with groupSearchScope.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>the groupSearchScope EL expression</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="groupNameAttribute--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>groupNameAttribute</h4> |
| <pre>public abstract java.lang.String groupNameAttribute</pre> |
| <div class="block">Name of the attribute of a group object that represents the group name |
| (e.g., "<code>cn</code>")</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Name of the attribute that represents the group name</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>"cn"</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="groupMemberAttribute--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>groupMemberAttribute</h4> |
| <pre>public abstract java.lang.String groupMemberAttribute</pre> |
| <div class="block">Name of the attribute in a group object that identifies the |
| members of the group |
| (e.g., "<code>member</code>"). |
| <p> |
| The value of this attribute must be the full DN of the caller. The following gives an example |
| entry in ldif format: |
| <pre> |
| <code> |
| dn: cn=foo,ou=group,dc=jsr375,dc=net |
| objectclass: top |
| objectclass: groupOfNames |
| cn: foo |
| member: uid=pete,ou=caller,dc=jsr375,dc=net |
| member: uid=john,ou=caller,dc=jsr375,dc=net |
| </code> |
| </pre></div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Attribute for the group members</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>"member"</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="groupMemberOfAttribute--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>groupMemberOfAttribute</h4> |
| <pre>public abstract java.lang.String groupMemberOfAttribute</pre> |
| <div class="block">Name of the attribute in a person object that identifies the groups |
| the caller belongs to |
| (e.g., "<code>memberOf</code>"). |
| <p> |
| This attribute is used only if: a) group search is not configured |
| (i.e., no groupSearchBase and groupSearchFilter configured); and, |
| b) the caller's DN is available, either because groups are being returned |
| during the credential validation phase by an identity store that performs |
| both validation and group lookup, or because the DN is available in the |
| <a href="../../../../javax/security/enterprise/identitystore/CredentialValidationResult.html" title="class in javax.security.enterprise.identitystore"><code>CredentialValidationResult</code></a> passed to the |
| <a href="../../../../javax/security/enterprise/identitystore/IdentityStore.html#getCallerGroups-javax.security.enterprise.identitystore.CredentialValidationResult-"><code>IdentityStore.getCallerGroups(CredentialValidationResult)</code></a> method. |
| <p> |
| The value of this attribute must be the full DN of the group. The following gives an example |
| entry in ldif format: |
| <pre> |
| <code> |
| dn: uid=peter,ou=caller,dc=jsr375,dc=net |
| objectclass: top |
| objectclass: uidObject |
| objectclass: person |
| uid: peter |
| cn: Peter Smith |
| memberOf: cn=foo,ou=group,dc=jsr375,dc=net |
| memberOf: cn=bar,ou=group,dc=jsr375,dc=net |
| </code> |
| </pre></div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Attribute for group membership</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>"memberOf"</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="readTimeout--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>readTimeout</h4> |
| <pre>public abstract int readTimeout</pre> |
| <div class="block">Set the timeout value that should be used when waiting for |
| the LDAP server to return results. Note that this is different |
| from the connection timeout for the underlying socket connection; |
| <p> |
| The default value of 0 means wait forever (assuming the connection |
| itself does not time out).</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The readTimeout value.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>0</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="readTimeoutExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>readTimeoutExpression</h4> |
| <pre>public abstract java.lang.String readTimeoutExpression</pre> |
| <div class="block">Allow readTimeout to be specified as an EL expression. |
| If set, overrides any value set with readTimeout.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The readTimeout EL expression</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="maxResults--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>maxResults</h4> |
| <pre>public abstract int maxResults</pre> |
| <div class="block">Set the maximum number of results (objects) the server should |
| return in response to a search. |
| <p> |
| The default value is set to 1000, which corresponds to the |
| maximum number of results most LDAP servers will return for |
| in a single response. Most LDAP servers support paging through |
| result sets larger than 1000, but doing so should rarely be |
| necessary for normal validation and group lookup use cases. |
| Implementations of the built-in LDAP IdentityStore MAY support |
| paging through larger result sets, but are NOT REQUIRED to.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The maximum number of results the LDAP server should return.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>1000</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="maxResultsExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>maxResultsExpression</h4> |
| <pre>public abstract java.lang.String maxResultsExpression</pre> |
| <div class="block">Allow maxResults to be specified as an EL expression. |
| If set, overrides any value set with maxResults.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The maxResults EL expression</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="priority--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>priority</h4> |
| <pre>public abstract int priority</pre> |
| <div class="block">Determines the order in case multiple IdentityStores are found.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The priority.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>80</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="priorityExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>priorityExpression</h4> |
| <pre>public abstract java.lang.String priorityExpression</pre> |
| <div class="block">Allow priority to be specified as an EL expression. |
| If set, overrides any value set with priority.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The priority EL expression</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="useFor--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>useFor</h4> |
| <pre>public abstract <a href="../../../../javax/security/enterprise/identitystore/IdentityStore.ValidationType.html" title="enum in javax.security.enterprise.identitystore">IdentityStore.ValidationType</a>[] useFor</pre> |
| <div class="block">Determines what the identity store is used for</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The type the identity store is used for</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>{javax.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE, javax.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS}</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="useForExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>useForExpression</h4> |
| <pre>public abstract java.lang.String useForExpression</pre> |
| <div class="block">Allow useFor to be specified as an EL expression. |
| If set, overrides any value set with useFor.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The useFor EL expression</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../javax/security/enterprise/identitystore/IdentityStoreWrapper.html" title="class in javax.security.enterprise.identitystore"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.LdapSearchScope.html" title="enum in javax.security.enterprise.identitystore"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?javax/security/enterprise/identitystore/LdapIdentityStoreDefinition.html" target="_top">Frames</a></li> |
| <li><a href="LdapIdentityStoreDefinition.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Field | </li> |
| <li>Required | </li> |
| <li><a href="#annotation.type.optional.element.summary">Optional</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#annotation.type.element.detail">Element</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| </body> |
| </html> |