ome.security.auth
Class LdapPasswordProvider

java.lang.Object
  extended by ome.security.auth.ConfigurablePasswordProvider
      extended by ome.security.auth.LdapPasswordProvider
All Implemented Interfaces:
PasswordProvider, PasswordUtility, org.springframework.context.ApplicationContextAware

public class LdapPasswordProvider
extends ConfigurablePasswordProvider

LDAP PasswordProvider which can create users on request to synchronize with an LDAP directory. Assuming that a user exists in the configured LDAP store but not in the database, then a new user will be created. Authentication, however, always takes place against LDAP, and changing passwords is not allowed. Note: deleted LDAP users will not be removed from OMERO, but will not be able to login.

Since:
4.0
Author:
Josh Moore, josh at glencoesoftware.com
See Also:
SecuritySystem, Permissions

Field Summary
protected  LdapImpl ldapUtil
           
 
Fields inherited from class ome.security.auth.ConfigurablePasswordProvider
ctx, hash, ignoreUnknown, log, util
 
Constructor Summary
LdapPasswordProvider(PasswordUtil util, LdapImpl ldap)
           
LdapPasswordProvider(PasswordUtil util, LdapImpl ldap, boolean ignoreUnknown)
           
 
Method Summary
 Boolean checkPassword(String user, String password, boolean readOnly)
          If ConfigurablePasswordProvider.ignoreUnknown is true, returns null, since the base class knows no users.
 boolean hasPassword(String user)
          Only returns if the user is already in the database and has a DN value in the password table.
 
Methods inherited from class ome.security.auth.ConfigurablePasswordProvider
changePassword, comparePasswords, encodePassword, loginAttempt, setApplicationContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ldapUtil

protected final LdapImpl ldapUtil
Constructor Detail

LdapPasswordProvider

public LdapPasswordProvider(PasswordUtil util,
                            LdapImpl ldap)

LdapPasswordProvider

public LdapPasswordProvider(PasswordUtil util,
                            LdapImpl ldap,
                            boolean ignoreUnknown)
Method Detail

hasPassword

public boolean hasPassword(String user)
Only returns if the user is already in the database and has a DN value in the password table. Note: after a call to #checkPassword(String, String) with this same user value, this method might begin to return true due to a call to LocalLdap#createUserFromLdap(String, String).

Specified by:
hasPassword in interface PasswordProvider
Overrides:
hasPassword in class ConfigurablePasswordProvider

checkPassword

public Boolean checkPassword(String user,
                             String password,
                             boolean readOnly)
Description copied from class: ConfigurablePasswordProvider
If ConfigurablePasswordProvider.ignoreUnknown is true, returns null, since the base class knows no users. Otherwise, return Boolean.FALSE specifying that authentication should fail.

Specified by:
checkPassword in interface PasswordProvider
Overrides:
checkPassword in class ConfigurablePasswordProvider


OmeroJava Api

Version: 4.3.4-dbcbce5a-b4

Copyright © 2009 The University of Dundee. All Rights Reserved.