Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Licensed to the Apache Software Foundation (ASF) under one or more
   * contributor license agreements.  See the NOTICE file distributed with
   * this work for additional information regarding copyright ownership.
   * The ASF licenses this file to You under the Apache License, Version 2.0
   * (the "License"); you may not use this file except in compliance with
   * the License.  You may obtain a copy of the License at
   *
   *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.security.authentication.ldap.impl;
 
 import  javax.annotation.CheckForNull;
 import  javax.annotation.Nonnull;
 import  javax.annotation.Nullable;
 
Configuration of the ldap provider.
 
         label = "Apache Jackrabbit Oak LDAP Identity Provider",
         name = "org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider",
         configurationFactory = true,
         metatype = true,
         ds = false
 )
 public class LdapProviderConfig {

    

See also:
getName()
 
     public static final String PARAM_NAME_DEFAULT = "ldap";

    

See also:
getName()
 
     @Property(
             label = "LDAP Provider Name",
             description = "Name of this LDAP provider configuration. This is used to reference this provider by the login modules.",
             value = 
     )
     public static final String PARAM_NAME = "provider.name";

    

See also:
getHostname()
 
     public static final String PARAM_LDAP_HOST_DEFAULT = "localhost";

    

See also:
getHostname()
 
     @Property(
             label = "LDAP Server Hostname",
             description = "Hostname of the LDAP server",
             value = 
     )
     public static final String PARAM_LDAP_HOST = "host.name";

    

See also:
getPort()
 
     public static final int PARAM_LDAP_PORT_DEFAULT = 389;

    

See also:
getPort()
 
     @Property(
             label = "LDAP Server Port",
             description = "Port of the LDAP server",
             intValue = 
     )
     public static final String PARAM_LDAP_PORT = "host.port";

    

See also:
useSSL()
 
     public static final boolean PARAM_USE_SSL_DEFAULT = false;

    

See also:
useSSL()
 
     @Property(
             label = "Use SSL",
             description = "Indicates if an SSL (LDAPs) connection should be used.",
             boolValue = 
     )
     public static final String PARAM_USE_SSL = "host.ssl";

    

See also:
useTLS()
    public static final boolean PARAM_USE_TLS_DEFAULT = false;

    

See also:
useTLS()
    @Property(
            label = "Use TLS",
            description = "Indicates if TLS should be started on connections.",
            boolValue = 
    )
    public static final String PARAM_USE_TLS = "host.tls";

    

See also:
noCertCheck()
    public static final boolean PARAM_NO_CERT_CHECK_DEFAULT = false;

    

See also:
noCertCheck()
    @Property(
            label = "Disable certificate checking",
            description = "Indicates if server certificate validation should be disabled.",
            boolValue = 
    )
    public static final String PARAM_NO_CERT_CHECK = "host.noCertCheck";

    

See also:
getBindDN()
    public static final String PARAM_BIND_DN_DEFAULT = "";

    

See also:
getBindDN()
    @Property(
            label = "Bind DN",
            description = "DN of the user for authentication. Leave empty for anonymous bind.",
            value = 
    )
    public static final String PARAM_BIND_DN = "bind.dn";

    

See also:
getBindPassword()
    public static final String PARAM_BIND_PASSWORD_DEFAULT = "";

    

See also:
getBindPassword()
    @Property(
            label = "Bind Password",
            description = "Password of the user for authentication.",
            passwordValue = 
    )
    public static final String PARAM_BIND_PASSWORD = "bind.password";

    

See also:
getSearchTimeout()
    public static final String PARAM_SEARCH_TIMEOUT_DEFAULT = "60s";

    

See also:
getSearchTimeout()
    @Property(
            label = "Search Timeout",
            description = "Time in until a search times out (eg: '1s' or '1m 30s').",
            value = 
    )
    public static final String PARAM_SEARCH_TIMEOUT = "searchTimeout";

    

See also:
Identity.getBaseDN()
    public static final String PARAM_USER_BASE_DN_DEFAULT = "ou=people,o=example,dc=com";

    

See also:
Identity.getBaseDN()
    @Property(
            label = "User base DN",
            description = "The base DN for user searches.",
            value = 
    )
    public static final String PARAM_USER_BASE_DN = "user.baseDN";

    

See also:
Identity.getObjectClasses()
    public static final String[] PARAM_USER_OBJECTCLASS_DEFAULT = {"person"};

    

See also:
Identity.getObjectClasses()
    @Property(
            label = "User object classes",
            description = "The list of object classes an user entry must contain.",
            value = {"person"},
            cardinality = .
    )
    public static final String PARAM_USER_OBJECTCLASS = "user.objectclass";

    

See also:
Identity.getIdAttribute()
    public static final String PARAM_USER_ID_ATTRIBUTE_DEFAULT = "uid";

    

See also:
Identity.getIdAttribute()
    @Property(
            label = "User id attribute",
            description = "Name of the attribute that contains the user id.",
            value = 
    )
    public static final String PARAM_USER_ID_ATTRIBUTE = "user.idAttribute";

    

See also:
Identity.getExtraFilter()
    public static final String PARAM_USER_EXTRA_FILTER_DEFAULT = "";

    

See also:
Identity.getExtraFilter()
    @Property(
            label = "User extra filter",
            description = "Extra LDAP filter to use when searching for users. The final filter is" +
                    "formatted like: '(&(<idAttr>=<userId>)(objectclass=<objectclass>)<extraFilter>)'",
            value = 
    )
    public static final String PARAM_USER_EXTRA_FILTER = "user.extraFilter";

    

See also:
Identity.makeDnPath()
    public static final boolean PARAM_USER_MAKE_DN_PATH_DEFAULT = false;

    

See also:
Identity.makeDnPath()
    @Property(
            label = "User DN paths",
            description = "Controls if the DN should be used for calculating a portion of the intermediate path.",
            boolValue = 
    )
    public static final String PARAM_USER_MAKE_DN_PATH = "user.makeDnPath";

    

See also:
Identity.getBaseDN()
    public static final String PARAM_GROUP_BASE_DN_DEFAULT = "ou=groups,o=example,dc=com";

    

See also:
Identity.getBaseDN()
    @Property(
            label = "Group base DN",
            description = "The base DN for group searches.",
            value = 
    )
    public static final String PARAM_GROUP_BASE_DN = "group.baseDN";

    

See also:
Identity.getObjectClasses()
    public static final String[] PARAM_GROUP_OBJECTCLASS_DEFAULT = {"groupOfUniqueNames"};

    

See also:
Identity.getObjectClasses()
    @Property(
            label = "Group object classes",
            description = "The list of object classes a group entry must contain.",
            value = {"groupOfUniqueNames"},
            cardinality = .
    )
    public static final String PARAM_GROUP_OBJECTCLASS = "group.objectclass";

    

See also:
Identity.getIdAttribute()
    public static final String PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT = "cn";

    

See also:
Identity.getIdAttribute()
    @Property(
            label = "Group name attribute",
            description = "Name of the attribute that contains the group name.",
            value = 
    )
    public static final String PARAM_GROUP_NAME_ATTRIBUTE = "group.nameAttribute";

    

See also:
Identity.getExtraFilter()
    public static final String PARAM_GROUP_EXTRA_FILTER_DEFAULT = "";

    

See also:
Identity.getExtraFilter()
    @Property(
            label = "Group extra filter",
            description = "Extra LDAP filter to use when searching for groups. The final filter is" +
                    "formatted like: '(&(<nameAttr>=<groupName>)(objectclass=<objectclass>)<extraFilter>)'",
            value = 
    )
    public static final String PARAM_GROUP_EXTRA_FILTER = "group.extraFilter";

    

See also:
Identity.makeDnPath()
    public static final boolean PARAM_GROUP_MAKE_DN_PATH_DEFAULT = false;

    

See also:
Identity.makeDnPath()
    @Property(
            label = "Group DN paths",
            description = "Controls if the DN should be used for calculating a portion of the intermediate path.",
            boolValue = 
    )
    public static final String PARAM_GROUP_MAKE_DN_PATH = "group.makeDnPath";

    

See also:
getGroupMemberAttribute()
    public static final String PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT = "uniquemember";

    

See also:
getGroupMemberAttribute()
    @Property(
            label = "Group member attribute",
            description = "Group attribute that contains the member(s) of a group.",
            value = 
    )
    public static final String PARAM_GROUP_MEMBER_ATTRIBUTE = "group.memberAttribute";

    
Defines the configuration of an identity (user or group).
    public class Identity {
        private String baseDN;
        private String[] objectClasses;
        private String idAttribute;
        private String extraFilter;
        private String filterTemplate;
        private boolean makeDnPath;

        
Configures the base DN for searches of this kind of identity

Returns:
the base DN
        @Nonnull
        public String getBaseDN() {
            return ;
        }

        
Sets the base DN for search of this kind of identity.

Parameters:
baseDN the DN as string.
Returns:
this
See also:
getBaseDN()
        @Nonnull
        public Identity setBaseDN(@Nonnull String baseDN) {
            this. = baseDN;
            return this;
        }

        
Configures the object classes of this kind of identity.

Returns:
an array of object classes
See also:
getSearchFilter(String) for more detail about searching and filtering
        @Nonnull
        public String[] getObjectClasses() {
            return ;
        }

        
Sets the object classes.

Parameters:
objectClasses the object classes
Returns:
this
See also:
getObjectClasses()
        @Nonnull
        public Identity setObjectClasses(@Nonnull String ... objectClasses) {
            this. = objectClasses;
             = null;
             = null;
            return this;
        }

        
Configures the attribute that is used to identify this identity by id. For users this is the attribute that holds the user id, for groups this is the attribute that holds the group name.

Returns:
the id attribute name
See also:
getSearchFilter(String) for more detail about searching and filtering
        @Nonnull
        public String getIdAttribute() {
            return ;
        }

        
Sets the id attribute.

Parameters:
idAttribute the id attribute name
Returns:
this
See also:
getIdAttribute()
        @Nonnull
        public Identity setIdAttribute(@Nonnull String idAttribute) {
            this. = idAttribute;
             = null;
             = null;
            return this;
        }

        
Configures the extra LDAP filter that is appended to the internally computed filter when searching for identities.

Returns:
the extra filter
        @CheckForNull
        public String getExtraFilter() {
            return ;
        }

        
Sets the extra search filter.

Parameters:
extraFilter the filter
Returns:
this
See also:
getExtraFilter()
        @Nonnull
        public Identity setExtraFilter(@Nullable String extraFilter) {
            this. = extraFilter;
             = null;
             = null;
            return this;
        }


        
Configures if the identities DN should be used to generate a portion of the authorizables intermediate path.

Returns:
true if the DN is used a intermediate path.
        public boolean makeDnPath() {
            return ;
        }

        
Sets the intermediate path flag.

Parameters:
makeDnPath true to use the DN as intermediate path
Returns:
this
See also:
makeDnPath()
        @Nonnull
        public Identity setMakeDnPath(boolean makeDnPath) {
            this. = makeDnPath;
            return this;
        }

        
Returns the LDAP filter that is used when searching this type of identity. The filter is based on the configuration and has the following format:
     (&(${idAttr}=${id})(objectclass=${objectclass})${extraFilter})
 
Note that the objectclass part is repeated according to the specified objectclasses in getObjectClasses().

Parameters:
id the id value
Returns:
the search filter
        @Nonnull
        public String getSearchFilter(@Nonnull String id) {
            if ( == null) {
                StringBuilder filter = new StringBuilder("(&(")
                        .append()
                        .append("=%s)");
                for (String objectClass) {
                    filter.append("(objectclass=")
                            .append(encodeFilterValue(objectClass))
                            .append(')');
                }
                if ( != null && .length() > 0) {
                    filter.append();
                }
                filter.append(')');
                 = filter.toString();
            }
            return String.format(encodeFilterValue(id));
        }
    }

    
Creates a new LDAP provider configuration based on the properties store in the given parameters.

Parameters:
params the configuration parameters.
Returns:
the config
    public static LdapProviderConfig of(ConfigurationParameters params) {
        LdapProviderConfig cfg = new LdapProviderConfig()
                .setName(params.getConfigValue())
                .setHostname(params.getConfigValue())
                .setPort(params.getConfigValue())
                .setUseSSL(params.getConfigValue())
                .setUseTLS(params.getConfigValue())
                .setBindDN(params.getConfigValue())
                .setSearchTimeout(ConfigurationParameters.Milliseconds.of(params.getConfigValue()).)
        cfg.getUserConfig()
                .setBaseDN(params.getConfigValue())
        cfg.getGroupConfig()
                .setBaseDN(params.getConfigValue())
        return cfg;
    }
    private String name = ;
    private int port = ;
    private boolean useSSL = ;
    private boolean useTLS = ;
    private boolean noCertCheck = ;
    private String bindDN = ;
    private long searchTimeout = ConfigurationParameters.Milliseconds.of().;
    private final Identity userConfig = new Identity()
            .setBaseDN()
    private final Identity groupConfig = new Identity()
            .setBaseDN()
            .setObjectClasses();

    
Returns the name of this provider configuration. The default is .PARAM_NAME_DEFAULT

Returns:
the name.
    @Nonnull
    public String getName() {
        return ;
    }

    
Sets the name of this provider.

Parameters:
name the name
Returns:
this
See also:
getName()
    @Nonnull
    public LdapProviderConfig setName(@Nonnull String name) {
        this. = name;
        return this;
    }

    
Configures the hostname of the LDAP server. The default is .PARAM_LDAP_HOST_DEFAULT

Returns:
the hostname
    @Nonnull
    public String getHostname() {
        return ;
    }

    
Sets the hostname.

Parameters:
hostname the hostname
Returns:
this
See also:
getHostname()
    @Nonnull
    public LdapProviderConfig setHostname(@Nonnull String hostname) {
        this. = hostname;
        return this;
    }

    
Configures the port of the LDAP server. The default is .PARAM_LDAP_PORT_DEFAULT

Returns:
the port
    public int getPort() {
        return ;
    }

    
Sets the port.

Parameters:
port the port
Returns:
this
See also:
getPort()
    @Nonnull
    public LdapProviderConfig setPort(int port) {
        this. = port;
        return this;
    }

    
Configures whether SSL connections should be used. The default is .PARAM_USE_SSL_DEFAULT.

Returns:
true if SSL should be used.
    public boolean useSSL() {
        return ;
    }

    
Enables SSL connections.

Parameters:
useSSL true to enable SSL
Returns:
this
See also:
useSSL()
    @Nonnull
    public LdapProviderConfig setUseSSL(boolean useSSL) {
        this. = useSSL;
        return this;
    }

    
Configures whether TLS connections should be used. The default is .PARAM_USE_TLS_DEFAULT.

Returns:
true if TLS should be used.
    public boolean useTLS() {
        return ;
    }

    
Enables TLS connections.

Parameters:
useTLS true to enable TLS
Returns:
this
See also:
useTLS()
    @Nonnull
    public LdapProviderConfig setUseTLS(boolean useTLS) {
        this. = useTLS;
        return this;
    }

    
Configures whether certificates on SSL/TLS connections should be validated. The default is .PARAM_NO_CERT_CHECK_DEFAULT.

Returns:
true if certificates should not be validated
    public boolean noCertCheck() {
        return ;
    }

    
Disables certificate validation.

Parameters:
noCertCheck true to disable certificate validation
Returns:
this
See also:
noCertCheck()
    @Nonnull
    public LdapProviderConfig setNoCertCheck(boolean noCertCheck) {
        this. = noCertCheck;
        return this;
    }

    
Configures the DN that is used to bind to the LDAP server. If this value is null or an empty string, anonymous connections are used.

Returns:
the bind DN or null.
    @CheckForNull
    public String getBindDN() {
        return ;
    }

    
Sets the bind DN.

Parameters:
bindDN the DN
Returns:
this
See also:
getBindDN()
    @Nonnull
    public LdapProviderConfig setBindDN(@Nullable String bindDN) {
        this. = bindDN;
        return this;
    }

    
Configures the password that is used to bind to the LDAP server. This value is not used for anonymous binds.

Returns:
the password.
    @CheckForNull
    public String getBindPassword() {
        return ;
    }

    
Sets the bind password

Parameters:
bindPassword the password
Returns:
this
See also:
getBindPassword()
    @Nonnull
    public LdapProviderConfig setBindPassword(@Nullable String bindPassword) {
        this. = bindPassword;
        return this;
    }

    
Configures the timeout in milliseconds that is used for all LDAP searches. The default is .PARAM_SEARCH_TIMEOUT_DEFAULT.

Returns:
the timeout in milliseconds.
    public long getSearchTimeout() {
        return ;
    }

    
Sets the search timeout.

Parameters:
searchTimeout the timeout in milliseconds
Returns:
this
See also:
getSearchTimeout()
    @Nonnull
    public LdapProviderConfig setSearchTimeout(long searchTimeout) {
        this. = searchTimeout;
        return this;
    }

    
Configures the attribute that stores the members of a group. Default is .PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT

Returns:
the group member attribute
    @Nonnull
    public String getGroupMemberAttribute() {
        return ;
    }

    
Sets the group member attribute.

Parameters:
groupMemberAttribute the attribute name
Returns:
this
See also:
getGroupMemberAttribute()
    @Nonnull
    public LdapProviderConfig setGroupMemberAttribute(@Nonnull String groupMemberAttribute) {
        this. = groupMemberAttribute;
        return this;
    }

    
Returns the LDAP filter that is used when searching for groups where an identity is member of. The filter is based on the configuration and has the following format:
     (&(${memberAttribute}=${dn})(objectclass=${objectclass})${extraFilter})
 
Note that the objectclass part is repeated according to the specified objectclasses in Identity.getObjectClasses() of the group configuration.

Parameters:
dn the dn of the identity to search for
Returns:
the search filter
    public String getMemberOfSearchFilter(@Nonnull String dn) {
        if ( == null) {
            StringBuilder filter = new StringBuilder("(&(")
                    .append()
                    .append("=%s)");
            for (String objectClass.) {
                filter.append("(objectclass=")
                        .append(encodeFilterValue(objectClass))
                        .append(')');
            }
            if (. != null && ..length() > 0) {
                filter.append(.);
            }
            filter.append(')');
             = filter.toString();
        }
        return String.format(encodeFilterValue(dn));
    }

    
Returns the user specific configuration.

Returns:
the user config.
    @Nonnull
    public Identity getUserConfig() {
        return ;
    }

    
Returns the group specific configuration.

Returns:
the groups config.
    @Nonnull
    public Identity getGroupConfig() {
        return ;
    }

    
Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String) in order to keep this configuration LDAP client independent. Handles encoding of special characters in LDAP search filter assertion values using the <valueencoding> rule as described in RFC 4515.

Parameters:
value Right hand side of "attrId=value" assertion occurring in an LDAP search filter.
Returns:
Escaped version of value
    public static String encodeFilterValue(String value) {
        StringBuilder sb = null;
        for (int i = 0; i < value.length(); i++) {
            char ch = value.charAt(i);
            String replace = null;
            switch (ch) {
                case '*':
                    replace = "\\2A";
                    break;
                case '(':
                    replace = "\\28";
                    break;
                case ')':
                    replace = "\\29";
                    break;
                case '\\':
                    replace = "\\5C";
                    break;
                case '\0':
                    replace = "\\00";
                    break;
            }
            if (replace != null) {
                if (sb == null) {
                    sb = new StringBuilder(value.length() * 2);
                    sb.append(value.substring(0, i));
                }
                sb.append(replace);
            } else if (sb != null) {
                sb.append(ch);
            }
        }
        return (sb == null ? value : sb.toString());
    }
New to GrepCode? Check out our FAQ X