org.ldaptive.auth

Class AbstractSearchEntryResolver

java.lang.Object

org.ldaptive.auth.AbstractSearchOperationFactory

org.ldaptive.auth.AbstractSearchEntryResolver

All Implemented Interfaces:

EntryResolver

Direct Known Subclasses:

AuthorizationIdentityEntryResolver, PooledSearchEntryResolver, SearchEntryResolver, WhoAmIEntryResolver

public abstract class AbstractSearchEntryResolver
extends AbstractSearchOperationFactory
implements EntryResolver

Base implementation for search entry resolvers. Uses an object level search on the AuthenticationCriteria.getDn() if no userFilter is configured. If a userFilter is configured, then a search is executed using that filter.

Field Summary

Fields

Modifier and Type	Field and Description
private boolean	allowMultipleEntries Whether to throw an exception if multiple entries are found.
private String	baseDn DN to search.
private DerefAliases	derefAliases How to handle aliases.
private SearchEntryHandler[]	entryHandlers Ldap entry handlers.
private ReferralHandler	referralHandler Referral handler.
private boolean	subtreeSearch Whether to use a subtree search when resolving DNs.
private String	userFilter Filter for searching for the user.
private Object[]	userFilterParameters Filter parameters for searching for the user.

Fields inherited from class org.ldaptive.auth.AbstractSearchOperationFactory

logger

Constructor Summary

Constructors

Constructor and Description
AbstractSearchEntryResolver()

Method Summary

Modifier and Type	Method and Description
protected SearchFilter	createSearchFilter(AuthenticationCriteria ac) Returns a search filter using userFilter and userFilterParameters.
protected SearchRequest	createSearchRequest(AuthenticationCriteria ac) Returns a search request for the supplied authentication criteria.
boolean	getAllowMultipleEntries() Returns whether entry resolution should fail if multiple entries are found.
String	getBaseDn() Returns the base DN.
DerefAliases	getDerefAliases() Returns how to dereference aliases.
ReferralHandler	getReferralHandler() Returns the referral handler.
SearchEntryHandler[]	getSearchEntryHandlers() Returns the search entry handlers.
boolean	getSubtreeSearch() Returns whether subtree searching will be used.
String	getUserFilter() Returns the filter used to search for the user.
Object[]	getUserFilterParameters() Returns the filter parameters used to search for the user.
protected abstract SearchResult	performLdapSearch(AuthenticationCriteria criteria, AuthenticationHandlerResponse response) Executes an ldap search with the supplied authentication criteria.
LdapEntry	resolve(AuthenticationCriteria criteria, AuthenticationHandlerResponse response) Attempts to find the LDAP entry for the supplied authentication criteria and authentication handler response.
void	setAllowMultipleEntries(boolean b) Sets whether entry resolution should fail if multiple entries are found.
void	setBaseDn(String dn) Sets the base DN.
void	setDerefAliases(DerefAliases da) Sets how to dereference aliases.
void	setReferralHandler(ReferralHandler handler) Sets the referral handler.
void	setSearchEntryHandlers(SearchEntryHandler... handlers) Sets the search entry handlers.
void	setSubtreeSearch(boolean b) Sets whether subtree searching will be used.
void	setUserFilter(String filter) Sets the filter used to search for the user.
void	setUserFilterParameters(Object[] filterParams) Sets the filter parameters used to search for the user.

Methods inherited from class org.ldaptive.auth.AbstractSearchOperationFactory

createSearchOperation, getSearchCache, getSearchExceptionHandler, getSearchResponseHandlers, setSearchCache, setSearchExceptionHandler, setSearchResponseHandlers

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

baseDn

private String baseDn

DN to search.

userFilter

private String userFilter

Filter for searching for the user.

userFilterParameters

private Object[] userFilterParameters

Filter parameters for searching for the user.

allowMultipleEntries

private boolean allowMultipleEntries

Whether to throw an exception if multiple entries are found.

subtreeSearch

private boolean subtreeSearch

Whether to use a subtree search when resolving DNs.

derefAliases

private DerefAliases derefAliases

How to handle aliases.

referralHandler

private ReferralHandler referralHandler

Referral handler.

entryHandlers

private SearchEntryHandler[] entryHandlers

Ldap entry handlers.

Constructor Detail

AbstractSearchEntryResolver

public AbstractSearchEntryResolver()

Method Detail

getBaseDn

public String getBaseDn()

Returns the base DN.

Returns:

base DN

setBaseDn

public void setBaseDn(String dn)

Sets the base DN.

Parameters:

dn - base DN

getUserFilter

public String getUserFilter()

Returns the filter used to search for the user.

Returns:

filter for searching

setUserFilter

public void setUserFilter(String filter)

Sets the filter used to search for the user.

Parameters:

filter - for searching

getUserFilterParameters

public Object[] getUserFilterParameters()

Returns the filter parameters used to search for the user.

Returns:

filter parameters

setUserFilterParameters

public void setUserFilterParameters(Object[] filterParams)

Sets the filter parameters used to search for the user.

Parameters:

filterParams - filter parameters

getAllowMultipleEntries

public boolean getAllowMultipleEntries()

Returns whether entry resolution should fail if multiple entries are found.

Returns:

whether an exception will be thrown if multiple entries are found

setAllowMultipleEntries

public void setAllowMultipleEntries(boolean b)

Sets whether entry resolution should fail if multiple entries are found. If false an exception will be thrown if resolve(AuthenticationCriteria, AuthenticationHandlerResponse) finds more than one entry matching it's filter. Otherwise the first entry found is returned.

Parameters:

b - whether multiple entries are allowed

getSubtreeSearch

public boolean getSubtreeSearch()

Returns whether subtree searching will be used.

Returns:

whether the entry will be searched for over the entire base

setSubtreeSearch

public void setSubtreeSearch(boolean b)

Sets whether subtree searching will be used. If true, the entry will be searched for over the entire getBaseDn(). Otherwise the entry will be searched for in the getBaseDn() context.

Parameters:

b - whether the entry will be searched for over the entire base

getDerefAliases

public DerefAliases getDerefAliases()

Returns how to dereference aliases.

Returns:

how to dereference aliases

setDerefAliases

public void setDerefAliases(DerefAliases da)

Sets how to dereference aliases.

Parameters:

da - how to dereference aliases

getReferralHandler

public ReferralHandler getReferralHandler()

Returns the referral handler.

Returns:

referral handler

setReferralHandler

public void setReferralHandler(ReferralHandler handler)

Sets the referral handler.

Parameters:

handler - referral handler

getSearchEntryHandlers

public SearchEntryHandler[] getSearchEntryHandlers()

Returns the search entry handlers.

Returns:

search entry handlers

setSearchEntryHandlers

public void setSearchEntryHandlers(SearchEntryHandler... handlers)

Sets the search entry handlers.

Parameters:

handlers - search entry handlers

performLdapSearch

protected abstract SearchResult performLdapSearch(AuthenticationCriteria criteria,
                                                  AuthenticationHandlerResponse response)
                                           throws LdapException

Executes an ldap search with the supplied authentication criteria.

Parameters:

criteria - authentication criteria associated with the user

response - response from the authentication event

Returns:

search result

Throws:

LdapException - if an error occurs attempting the search

createSearchFilter

protected SearchFilter createSearchFilter(AuthenticationCriteria ac)

Returns a search filter using userFilter and userFilterParameters. User.getIdentifier() is injected with a named parameter of 'user', User.getContext() is injected with a named parameter of 'context', and AuthenticationCriteria.getDn() is injected with a named parameter of 'dn'.

Parameters:

ac - authentication criteria

Returns:

search filter

createSearchRequest

protected SearchRequest createSearchRequest(AuthenticationCriteria ac)

Returns a search request for the supplied authentication criteria. If no userFilter is defined then an object level search on the authentication criteria DN is returned. Otherwise the userFilter, baseDn and subtreeSearch are used to create the search request.

Parameters:

ac - authentication criteria containing a DN

Returns:

search request

resolve

public LdapEntry resolve(AuthenticationCriteria criteria,
                         AuthenticationHandlerResponse response)
                  throws LdapException

Description copied from interface: EntryResolver

Attempts to find the LDAP entry for the supplied authentication criteria and authentication handler response. The connection available in the response should not be closed in this method.

Specified by:

resolve in interface EntryResolver

Parameters:

criteria - authentication criteria used to perform the authentication

response - produced by the authentication handler

Returns:

ldap entry

Throws:

LdapException - if an LDAP error occurs