ome.security.auth

Class LdapPasswordProvider

java.lang.Object

ome.security.auth.ConfigurablePasswordProvider

ome.security.auth.LdapPasswordProvider

All Implemented Interfaces:

PasswordProvider, PasswordUtility, org.springframework.context.ApplicationContextAware

public class LdapPasswordProvider
extends ConfigurablePasswordProvider

LDAP PasswordProvider which can create users on request to synchronize with an LDAP directory. Assuming that a user exists in the configured LDAP store but not in the database, then a new user will be created. Authentication, however, always takes place against LDAP, and changing passwords is not allowed. Note: deleted LDAP users will not be removed from OMERO, but will not be able to login.

Since:

4.0

Author:

Josh Moore, josh at glencoesoftware.com

See Also:

SecuritySystem, Permissions

Field Summary

Fields

Modifier and Type	Field and Description
protected LdapImpl	ldapUtil

Fields inherited from class ome.security.auth.ConfigurablePasswordProvider

ctx, hash, ignoreUnknown, legacyUtil, log, salt, util

Constructor Summary

Constructors

Constructor and Description
LdapPasswordProvider(PasswordUtil util, LdapImpl ldap)
LdapPasswordProvider(PasswordUtil util, LdapImpl ldap, boolean ignoreUnknown)

Method Summary

Modifier and Type	Method and Description
java.lang.Boolean	checkPassword(java.lang.String user, java.lang.String password, boolean readOnly) If this was constructed with the ignoreUnknown argument set to true, returns null, since the base class knows no users.
boolean	hasPassword(java.lang.String user) Only returns if the user is already in the database and has a DN value in the password table.

Methods inherited from class ome.security.auth.ConfigurablePasswordProvider

changePassword, comparePasswords, comparePasswords, comparePasswords, encodePassword, encodePassword, encodeSaltedPassword, loginAttempt, setApplicationContext, setLegacyUtil

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ldapUtil

protected final LdapImpl ldapUtil

Constructor Detail

LdapPasswordProvider

public LdapPasswordProvider(PasswordUtil util,
                            LdapImpl ldap)

LdapPasswordProvider

public LdapPasswordProvider(PasswordUtil util,
                            LdapImpl ldap,
                            boolean ignoreUnknown)

Method Detail

hasPassword

public boolean hasPassword(java.lang.String user)

Only returns if the user is already in the database and has a DN value in the password table. Note: after a call to checkPassword(String, String, boolean) with this same user value, this method might begin to return true due to a call to LdapImpl.createUser(String, String).

Specified by:

hasPassword in interface PasswordProvider

Overrides:

hasPassword in class ConfigurablePasswordProvider

checkPassword

public java.lang.Boolean checkPassword(java.lang.String user,
                                       java.lang.String password,
                                       boolean readOnly)

Description copied from class: ConfigurablePasswordProvider

If this was constructed with the ignoreUnknown argument set to true, returns null, since the base class knows no users. Otherwise, returns Boolean.FALSE specifying that authentication should fail.

Specified by:

checkPassword in interface PasswordProvider

Overrides:

checkPassword in class ConfigurablePasswordProvider