com.metamatrix.platform.security.membership.spi.ldap
Class LDAPMembershipDomain

java.lang.Object
  com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain

All Implemented Interfaces:

MembershipDomain

public class LDAPMembershipDomain
extends java.lang.Object
implements MembershipDomain

Field Summary

static java.lang.String	DEFAULT_GROUPS_DISPLAY_NAME_ATTRIBUTE
static java.lang.String	DEFAULT_SEARCH_FILTER
static java.lang.String	DEFAULT_USERS_DISPLAY_NAME_ATTRIBUTE
static java.lang.String	GROUPS_DISPLAY_NAME_ATTRIBUTE
static java.lang.String	GROUPS_GROUP_MEMBER_ATTRIBUTE
static java.lang.String	GROUPS_ROOT_CONTEXT
static java.lang.String	GROUPS_SEARCH_FILTER
static java.lang.String	GROUPS_SEARCH_SCOPE
static java.lang.String	LDAP_ADMIN_DN
static java.lang.String	LDAP_ADMIN_PASSWORD
static java.lang.String	LDAP_AUTH_TYPE
static java.lang.String	LDAP_INITIAL_CONTEXT_FACTORY
static java.lang.String	LDAP_REFERRAL_MODE
static java.lang.String	LDAP_URL
static java.lang.String	LDAP_USER_OBJECT_TYPE
static java.lang.String	OBJECT_SCOPE_VALUE
static java.lang.String	ONELEVEL_SCOPE_VALUE
static java.lang.String	POOL_KEY
static java.lang.String	SUBTREE_SCOPE_VALUE
static java.lang.String	TIMEOUT_KEY
static java.lang.String	TXN_TIMEOUT_IN_MILLIS
static java.lang.String	USERS_DISPLAY_NAME_ATTRIBUTE
static java.lang.String	USERS_MEMBER_OF_ATTRIBUTE
static java.lang.String	USERS_ROOT_CONTEXT
static java.lang.String	USERS_SEARCH_FILTER
static java.lang.String	USERS_SEARCH_SCOPE

Constructor Summary

LDAPMembershipDomain()

Method Summary

SuccessfulAuthenticationToken	authenticateUser(java.lang.String username, Credentials credential, java.io.Serializable trustedPayload, java.lang.String applicationName) Authenticate a user with the specified username and credential for use with the specified application.
static java.lang.String	escapeLDAPSearchFilter(java.lang.String filter)
java.util.Set	getGroupNames() Returns a String set all group names known to this domain.
java.util.Set	getGroupNamesForUser(java.lang.String username) Returns a String set of all group names the given user is a member of.
void	initialize(java.util.Properties props) Initialize this domain with the given properties.
void	shutdown() Shut down this domain to further work.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ONELEVEL_SCOPE_VALUE

public static final java.lang.String ONELEVEL_SCOPE_VALUE

See Also:

Constant Field Values

OBJECT_SCOPE_VALUE

public static final java.lang.String OBJECT_SCOPE_VALUE

See Also:

Constant Field Values

SUBTREE_SCOPE_VALUE

public static final java.lang.String SUBTREE_SCOPE_VALUE

See Also:

Constant Field Values

GROUPS_GROUP_MEMBER_ATTRIBUTE

public static final java.lang.String GROUPS_GROUP_MEMBER_ATTRIBUTE

See Also:

Constant Field Values

GROUPS_ROOT_CONTEXT

public static final java.lang.String GROUPS_ROOT_CONTEXT

See Also:

Constant Field Values

GROUPS_SEARCH_SCOPE

public static final java.lang.String GROUPS_SEARCH_SCOPE

See Also:

Constant Field Values

GROUPS_SEARCH_FILTER

public static final java.lang.String GROUPS_SEARCH_FILTER

See Also:

Constant Field Values

GROUPS_DISPLAY_NAME_ATTRIBUTE

public static final java.lang.String GROUPS_DISPLAY_NAME_ATTRIBUTE

See Also:

Constant Field Values

USERS_MEMBER_OF_ATTRIBUTE

public static final java.lang.String USERS_MEMBER_OF_ATTRIBUTE

See Also:

Constant Field Values

USERS_ROOT_CONTEXT

public static final java.lang.String USERS_ROOT_CONTEXT

See Also:

Constant Field Values

USERS_SEARCH_SCOPE

public static final java.lang.String USERS_SEARCH_SCOPE

See Also:

Constant Field Values

USERS_DISPLAY_NAME_ATTRIBUTE

public static final java.lang.String USERS_DISPLAY_NAME_ATTRIBUTE

See Also:

Constant Field Values

USERS_SEARCH_FILTER

public static final java.lang.String USERS_SEARCH_FILTER

See Also:

Constant Field Values

LDAP_URL

public static final java.lang.String LDAP_URL

See Also:

Constant Field Values

LDAP_ADMIN_PASSWORD

public static final java.lang.String LDAP_ADMIN_PASSWORD

See Also:

Constant Field Values

LDAP_ADMIN_DN

public static final java.lang.String LDAP_ADMIN_DN

See Also:

Constant Field Values

TXN_TIMEOUT_IN_MILLIS

public static final java.lang.String TXN_TIMEOUT_IN_MILLIS

See Also:

Constant Field Values

LDAP_INITIAL_CONTEXT_FACTORY

public static final java.lang.String LDAP_INITIAL_CONTEXT_FACTORY

See Also:

Constant Field Values

LDAP_AUTH_TYPE

public static final java.lang.String LDAP_AUTH_TYPE

See Also:

Constant Field Values

LDAP_USER_OBJECT_TYPE

public static final java.lang.String LDAP_USER_OBJECT_TYPE

See Also:

Constant Field Values

LDAP_REFERRAL_MODE

public static final java.lang.String LDAP_REFERRAL_MODE

See Also:

Constant Field Values

DEFAULT_SEARCH_FILTER

public static final java.lang.String DEFAULT_SEARCH_FILTER

See Also:

Constant Field Values

POOL_KEY

public static final java.lang.String POOL_KEY

See Also:

Constant Field Values

TIMEOUT_KEY

public static final java.lang.String TIMEOUT_KEY

See Also:

Constant Field Values

DEFAULT_USERS_DISPLAY_NAME_ATTRIBUTE

public static final java.lang.String DEFAULT_USERS_DISPLAY_NAME_ATTRIBUTE

See Also:

Constant Field Values

DEFAULT_GROUPS_DISPLAY_NAME_ATTRIBUTE

public static final java.lang.String DEFAULT_GROUPS_DISPLAY_NAME_ATTRIBUTE

See Also:

Constant Field Values

Constructor Detail

LDAPMembershipDomain

public LDAPMembershipDomain()

Method Detail

initialize

public void initialize(java.util.Properties props)
                throws ServiceStateException

Description copied from interface: MembershipDomain

Initialize this domain with the given properties.

Specified by:

initialize in interface MembershipDomain

Parameters:

props - contains the properties for this domain as set by the console

Throws:

ServiceStateException

shutdown

public void shutdown()
              throws ServiceStateException

Description copied from interface: MembershipDomain

Shut down this domain to further work.

Specified by:

shutdown in interface MembershipDomain

Throws:

ServiceStateException

authenticateUser

public SuccessfulAuthenticationToken authenticateUser(java.lang.String username,
                                                      Credentials credential,
                                                      java.io.Serializable trustedPayload,
                                                      java.lang.String applicationName)
                                               throws UnsupportedCredentialException,
                                                      InvalidUserException,
                                                      LogonException,
                                                      MembershipSourceException

Description copied from interface: MembershipDomain

Authenticate a user with the specified username and credential for use with the specified application. The application name may also be used by the Membership Domain to determine the appropriate authentication mechanism.

Specified by:

authenticateUser in interface MembershipDomain

Parameters:

username - The base username (without the domain suffix) of the individual attempting authentication. May be null if the membership domain implementation uses a mechanism other than username/credential authentication.

credential - The credentials belonging to the individual seeking authentication. May be null for anonymous authentications.

trustedPayload - The trusted payload set by the client. May be null if not set by the client.

applicationName - The name of the application to which the individual is attempting to authenticate. It's provided as a connection property when the individual connects (via URL or connection properties). This applicationName may be used by the authenticating membership domain as a basis for authentication and authorization.

Returns:

the SuccessfulAuthenticationToken containing the username and trustedPayload. The username in the SuccessfulAuthenticationToken will be used to identify this user in later calls. If the user is to be authenticated into a different domain, that domain name should be set on the SuccessfulAuthenticationToken. The return value should not be null.

Throws:

UnsupportedCredentialException - if the credential or trustedPayload cannot be used to authenticate the user

InvalidUserException - if the user does not exist in this domain

LogonException - if the user was unsuccessfully authenticated

MembershipSourceException - if there was an internal error

getGroupNames

public java.util.Set getGroupNames()
                            throws MembershipSourceException

Description copied from interface: MembershipDomain

Returns a String set all group names known to this domain. The returned values should not be fully qualified with a domain suffix.

Specified by:

getGroupNames in interface MembershipDomain

Returns:

a set of String group names

Throws:

MembershipSourceException - if there was an internal error

getGroupNamesForUser

public java.util.Set getGroupNamesForUser(java.lang.String username)
                                   throws InvalidUserException,
                                          MembershipSourceException

Description copied from interface: MembershipDomain

Returns a String set of all group names the given user is a member of. The returned values should not be fully qualified with a domain suffix.

Specified by:

getGroupNamesForUser in interface MembershipDomain

Returns:

a set of String group names

Throws:

InvalidUserException - if the user does not exist in this domain

MembershipSourceException - if there was an internal error

escapeLDAPSearchFilter

public static final java.lang.String escapeLDAPSearchFilter(java.lang.String filter)