ome.security.auth.providers

Class LdapPasswordProvider431

java.lang.Object

ome.security.auth.ConfigurablePasswordProvider

ome.security.auth.providers.LdapPasswordProvider431

All Implemented Interfaces:

PasswordProvider, PasswordUtility, org.springframework.context.ApplicationContextAware

public class LdapPasswordProvider431
extends ConfigurablePasswordProvider

LDAP PasswordProvider which can create users on request to synchronize with an LDAP directory. Assuming that a user exists in the configured LDAP store but not in the database, then a new user will be created. Authentication, however, always takes place against LDAP, and changing passwords is not allowed. Note: deleted LDAP users will not be removed from OMERO, but will not be able to login. Note: unlike ome.security.auth.LdapPassProvider, this implementation (the default LDAP password provider up until 4.3.2) does not check the user_filter on every login, but only when a user does not exist. This means that when using this implementation it is not possible to remove a user's login simply by modifying a part of the user_filter. To workaround various issues described under tickets #6248 and #6885, it was necessary to retain this logic in 4.3.3.

Since:

4.0

Author:

Josh Moore, josh at glencoesoftware.com

See Also:

SecuritySystem, Permissions

Field Summary

Fields

Modifier and Type	Field and Description
protected LdapImpl	ldapUtil

Fields inherited from class ome.security.auth.ConfigurablePasswordProvider

ctx, hash, ignoreUnknown, legacyUtil, log, salt, util

Constructor Summary

Constructors

Constructor and Description
LdapPasswordProvider431(PasswordUtil util, LdapImpl ldap)
LdapPasswordProvider431(PasswordUtil util, LdapImpl ldap, boolean ignoreUnknown)

Method Summary

Methods

Modifier and Type	Method and Description
Boolean	checkPassword(String user, String password, boolean readOnly) If ConfigurablePasswordProvider.ignoreUnknown is true, returns null, since the base class knows no users.
boolean	hasPassword(String user) Only returns if the user is already in the database and has a DN value in the password table.

Methods inherited from class ome.security.auth.ConfigurablePasswordProvider

changePassword, comparePasswords, comparePasswords, comparePasswords, encodePassword, encodePassword, encodeSaltedPassword, loginAttempt, setApplicationContext, setLegacyUtil

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ldapUtil

protected final LdapImpl ldapUtil

Constructor Detail

LdapPasswordProvider431

public LdapPasswordProvider431(PasswordUtil util,
                       LdapImpl ldap)

LdapPasswordProvider431

public LdapPasswordProvider431(PasswordUtil util,
                       LdapImpl ldap,
                       boolean ignoreUnknown)

Method Detail

hasPassword

public boolean hasPassword(String user)

Only returns if the user is already in the database and has a DN value in the password table. Note: after a call to #checkPassword(String, String) with this same user value, this method might begin to return true due to a call to LocalLdap#createUser(String, String).

Specified by:

hasPassword in interface PasswordProvider

Overrides:

hasPassword in class ConfigurablePasswordProvider

checkPassword

public Boolean checkPassword(String user,
                    String password,
                    boolean readOnly)

Description copied from class: ConfigurablePasswordProvider

If ConfigurablePasswordProvider.ignoreUnknown is true, returns null, since the base class knows no users. Otherwise, return Boolean.FALSE specifying that authentication should fail.

Specified by:

checkPassword in interface PasswordProvider

Overrides:

checkPassword in class ConfigurablePasswordProvider