ome.security.auth.providers
Class LdapPasswordProvider431

java.lang.Object
  extended by ome.security.auth.ConfigurablePasswordProvider
      extended by ome.security.auth.providers.LdapPasswordProvider431
All Implemented Interfaces:
PasswordProvider, PasswordUtility, org.springframework.context.ApplicationContextAware

public class LdapPasswordProvider431
extends ConfigurablePasswordProvider

LDAP PasswordProvider which can create users on request to synchronize with an LDAP directory. Assuming that a user exists in the configured LDAP store but not in the database, then a new user will be created. Authentication, however, always takes place against LDAP, and changing passwords is not allowed. Note: deleted LDAP users will not be removed from OMERO, but will not be able to login. Note: unlike ome.security.auth.LdapPassProvider, this implementation (the default LDAP password provider up until 4.3.2) does not check the user_filter on every login, but only when a user does not exist. This means that when using this implementation it is not possible to remove a user's login simply by modifying a part of the user_filter. To workaround various issues described under tickets #6248 and #6885, it was necessary to retain this logic in 4.3.3.

Since:
4.0
Author:
Josh Moore, josh at glencoesoftware.com
See Also:
SecuritySystem, Permissions

Field Summary
protected  LdapImpl ldapUtil
           
 
Fields inherited from class ome.security.auth.ConfigurablePasswordProvider
ctx, hash, ignoreUnknown, log, util
 
Constructor Summary
LdapPasswordProvider431(PasswordUtil util, LdapImpl ldap)
           
LdapPasswordProvider431(PasswordUtil util, LdapImpl ldap, boolean ignoreUnknown)
           
 
Method Summary
 Boolean checkPassword(String user, String password, boolean readOnly)
          If ConfigurablePasswordProvider.ignoreUnknown is true, returns null, since the base class knows no users.
 boolean hasPassword(String user)
          Only returns if the user is already in the database and has a DN value in the password table.
 
Methods inherited from class ome.security.auth.ConfigurablePasswordProvider
changePassword, comparePasswords, encodePassword, loginAttempt, setApplicationContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ldapUtil

protected final LdapImpl ldapUtil
Constructor Detail

LdapPasswordProvider431

public LdapPasswordProvider431(PasswordUtil util,
                               LdapImpl ldap)

LdapPasswordProvider431

public LdapPasswordProvider431(PasswordUtil util,
                               LdapImpl ldap,
                               boolean ignoreUnknown)
Method Detail

hasPassword

public boolean hasPassword(String user)
Only returns if the user is already in the database and has a DN value in the password table. Note: after a call to #checkPassword(String, String) with this same user value, this method might begin to return true due to a call to LocalLdap#createUserFromLdap(String, String).

Specified by:
hasPassword in interface PasswordProvider
Overrides:
hasPassword in class ConfigurablePasswordProvider

checkPassword

public Boolean checkPassword(String user,
                             String password,
                             boolean readOnly)
Description copied from class: ConfigurablePasswordProvider
If ConfigurablePasswordProvider.ignoreUnknown is true, returns null, since the base class knows no users. Otherwise, return Boolean.FALSE specifying that authentication should fail.

Specified by:
checkPassword in interface PasswordProvider
Overrides:
checkPassword in class ConfigurablePasswordProvider


OmeroJava Api

Version: 4.3.3-00d1137e-b2894

Copyright © 2009 The University of Dundee. All Rights Reserved.