|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.netscape.cms.authentication.DirBasedAuthentication
com.netscape.cms.authentication.UidPwdPinDirAuthentication
public class UidPwdPinDirAuthentication
uid/pwd/pin directory based authentication manager
Field Summary | |
---|---|
static java.lang.String |
CRED_PIN
|
static java.lang.String |
CRED_PWD
|
static java.lang.String |
CRED_UID
|
static java.lang.String |
DEF_PIN_ATTR
|
static boolean |
DEF_REMOVE_PIN
|
protected static java.lang.String[] |
mConfigParams
|
protected java.security.MessageDigest |
mMD5Digest
|
protected java.lang.String |
mPinAttr
|
protected boolean |
mRemovePin
|
protected static java.lang.String[] |
mRequiredCreds
|
protected java.security.MessageDigest |
mSHADigest
|
static java.lang.String |
PROP_PIN_ATTR
|
static java.lang.String |
PROP_REMOVE_PIN
|
protected static byte |
SENTINEL_MD5
|
protected static byte |
SENTINEL_NONE
|
protected static byte |
SENTINEL_SHA
|
Fields inherited from class com.netscape.cms.authentication.DirBasedAuthentication |
---|
DEFAULT_DNPATTERN, mBaseDN, mConfig, mConnFactory, mExtendedPluginInfo, mImplName, mLdapAttrs, mLdapByteAttrs, mLdapConfig, mLdapStringAttrs, mLogger, mName, mPattern, PROP_BASEDN, PROP_DNPATTERN, PROP_LDAP, PROP_LDAPBYTEATTRS, PROP_LDAPSTRINGATTRS, USER_DN |
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo |
---|
HELP_TEXT, HELP_TOKEN |
Fields inherited from interface com.netscape.certsrv.profile.IProfileAuthenticator |
---|
AUTHENTICATED_NAME |
Fields inherited from interface com.netscape.certsrv.authentication.IAuthManager |
---|
CRED_CERT_SERIAL_TO_REVOKE, CRED_HOST_NAME, CRED_SESSION_ID, CRED_SSL_CLIENT_CERT |
Constructor Summary | |
---|---|
UidPwdPinDirAuthentication()
Default constructor, initialization must follow. |
Method Summary | |
---|---|
protected java.lang.String |
authenticate(netscape.ldap.LDAPConnection conn,
IAuthCredentials authCreds,
AuthToken token)
Authenticates a user based on its uid, pwd, pin in the directory. |
protected void |
checkpin(netscape.ldap.LDAPConnection conn,
java.lang.String userdn,
java.lang.String uid,
java.lang.String pin)
|
java.lang.String[] |
getConfigParams()
Returns a list of configuration parameter names. |
java.lang.String |
getName(java.util.Locale locale)
Retrieves the localizable name of this policy. |
java.lang.String[] |
getRequiredCreds()
Returns array of required credentials for this authentication manager. |
java.lang.String |
getText(java.util.Locale locale)
Retrieves the localizable description of this policy. |
IDescriptor |
getValueDescriptor(java.util.Locale locale,
java.lang.String name)
Retrieves the descriptor of the given value parameter by name. |
java.util.Enumeration |
getValueNames()
Retrieves a list of names of the value parameter. |
void |
init(IProfile profile,
IConfigStore config)
Initializes this default policy. |
void |
init(java.lang.String name,
java.lang.String implName,
IConfigStore config)
Initializes the UidPwdDirBasedAuthentication auth manager. |
boolean |
isSSLClientRequired()
Checks if this authenticator requires SSL client authentication. |
boolean |
isValueWriteable(java.lang.String name)
Checks if the value of the given property should be serializable into the request. |
void |
populate(IAuthToken token,
IRequest request)
Populates authentication specific information into the request for auditing purposes. |
protected void |
verifyPassword(java.lang.String Password)
|
Methods inherited from class com.netscape.cms.authentication.DirBasedAuthentication |
---|
authenticate, formCertInfo, formSubjectName, getConfigStore, getExtendedPluginInfo, getImplName, getLdapAttrs, getLdapByteAttrs, getName, init, log, setAuthTokenByteValue, setAuthTokenStringValue, setAuthTokenValues, shutdown |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo |
---|
getExtendedPluginInfo |
Methods inherited from interface com.netscape.certsrv.profile.IProfileAuthenticator |
---|
getConfigStore |
Methods inherited from interface com.netscape.certsrv.authentication.IAuthManager |
---|
authenticate, getImplName, getName, shutdown |
Field Detail |
---|
public static final java.lang.String CRED_UID
public static final java.lang.String CRED_PWD
public static final java.lang.String CRED_PIN
protected static java.lang.String[] mRequiredCreds
public static final java.lang.String PROP_REMOVE_PIN
public static final java.lang.String PROP_PIN_ATTR
public static final boolean DEF_REMOVE_PIN
public static final java.lang.String DEF_PIN_ATTR
protected static final byte SENTINEL_SHA
protected static final byte SENTINEL_MD5
protected static final byte SENTINEL_NONE
protected static java.lang.String[] mConfigParams
protected boolean mRemovePin
protected java.lang.String mPinAttr
protected java.security.MessageDigest mSHADigest
protected java.security.MessageDigest mMD5Digest
Constructor Detail |
---|
public UidPwdPinDirAuthentication()
Method Detail |
---|
public void init(java.lang.String name, java.lang.String implName, IConfigStore config) throws EBaseException
DirBasedAuthentication
ldap.basedn - the ldap base dn. ldap.ldapconn.host - the ldap host. ldap.ldapconn.port - the ldap port ldap.ldapconn.secureConn - whether port should be secure ldap.minConns - minimum connections ldap.maxConns - max connections dnpattern - dn pattern.
dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
The syntax is
dnpattern = SubjectNameComp *[ "," SubjectNameComp ] SubjectNameComponent = DnComp | EntryComp | ConstantComp DnComp = CertAttr "=" "$dn" "." DnAttr "." Num EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num ConstantComp = CertAttr "=" Constant DnAttr = an attribute in the Ldap entry dn EntryAttr = an attribute in the Ldap entry CertAttr = a Component in the Certificate Subject Name (multiple AVA in one RDN not supported) Num = the nth value of tha attribute in the dn or entry. Constant = Constant String, with any accepted ldap string value.
Example:
dnpattern: E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US
Ldap entry dn: UID=joesmith, OU=people, O=Acme.com
Ldap attributes: cn: Joe Smith sn: Smith mail: joesmith@acme.com mail: joesmith@redhat.com ou: people ou: IS etc.
The subject name formulated in the cert will be :
E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US E = the first 'mail' ldap attribute value in user's entry - joesmithe@acme.com CN = the (first) 'cn' ldap attribute value in the user's entry - Joe Smith OU = the second 'ou' value in the ldap entry - IS O = the (first) 'o' value in the user's entry DN - "Acme.com" C = the constant string "US"
init
in interface IAuthManager
init
in class DirBasedAuthentication
name
- The name for this authentication manager instance.implName
- The name of the authentication manager plugin.config
- - The configuration store for this instance.
EBaseException
- If an error occurs during initialization.protected void verifyPassword(java.lang.String Password)
protected java.lang.String authenticate(netscape.ldap.LDAPConnection conn, IAuthCredentials authCreds, AuthToken token) throws EBaseException
authenticate
in class DirBasedAuthentication
authCreds
- The authentication credentials with uid, pwd, pin.
EInvalidCredentials
- If the uid and password are not valid
EBaseException
- If an internal error occurs.protected void checkpin(netscape.ldap.LDAPConnection conn, java.lang.String userdn, java.lang.String uid, java.lang.String pin) throws EBaseException, netscape.ldap.LDAPException
EBaseException
netscape.ldap.LDAPException
public java.lang.String[] getConfigParams()
getConfigParams
in interface IAuthManager
getConfigParams
in class DirBasedAuthentication
public java.lang.String[] getRequiredCreds()
getRequiredCreds
in interface IAuthManager
getRequiredCreds
in class DirBasedAuthentication
public void init(IProfile profile, IConfigStore config) throws EProfileException
IProfileAuthenticator
init
in interface IProfileAuthenticator
profile
- owner of this authenticatorconfig
- configuration store
EProfileException
- failed to initializepublic java.lang.String getName(java.util.Locale locale)
getName
in interface IProfileAuthenticator
locale
- end user locale
public java.lang.String getText(java.util.Locale locale)
getText
in interface IProfileAuthenticator
locale
- end user locale
public java.util.Enumeration getValueNames()
getValueNames
in interface IProfileAuthenticator
public boolean isValueWriteable(java.lang.String name)
IProfileAuthenticator
isValueWriteable
in interface IProfileAuthenticator
name
- property name
public IDescriptor getValueDescriptor(java.util.Locale locale, java.lang.String name)
getValueDescriptor
in interface IProfileAuthenticator
locale
- user localename
- property name
public void populate(IAuthToken token, IRequest request) throws EProfileException
IProfileAuthenticator
populate
in interface IProfileAuthenticator
token
- authentication tokenrequest
- request
EProfileException
- failed to populatepublic boolean isSSLClientRequired()
IProfileAuthenticator
isSSLClientRequired
in interface IProfileAuthenticator
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |