Package org.wildfly.security.auth.realm.ldap

Interface CredentialPersister

public interface CredentialPersister
Within LDAP credentials could be stored in different ways, splitting out a CredentialPersister allows different strategies to be plugged into the realm.
Author:
Jan Kalina

  • Method Details

    • forIdentity

      IdentityCredentialPersister forIdentity(DirContext dirContext, String distinguishedName, Attributes attributes) throws RealmUnavailableException
      Obtain an IdentityCredentialLoader to query the credentials for a specific identity. Note: By this point referrals relating to the identity should have been resolved so the DirContextFactory should be suitable for use with the supplied distinguishedName
      Parameters:
      dirContext - the DirContext to use to connect to LDAP.
      distinguishedName - the distinguished name of the identity.
      attributes - the identity attributes requested by addRequiredIdentityAttributes(Collection)
      Returns:
      An IdentityCredentialLoader for the specified identity identified by their distinguished name.
      Throws:
      RealmUnavailableException

    • getCredentialAcquireSupport

      SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
      Determine whether a given credential is definitely supported, possibly supported (for some identities), or definitely not supported.

      A DirContextFactory is made available if the directory server is going to be queried but most likely this call will need to be generic as querying a whole directory is not realistic.

      Note: The DirContextFactory approach will be evolved further for better referral support so it makes it easier for it to be passed in for each call.

      Parameters:
      credentialType - the credential type (must not be null)
      algorithmName - the credential algorithm name
      parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
      Returns:
      the level of support for this credential type
      Throws:
      RealmUnavailableException

    • forIdentity

      default org.wildfly.security.auth.realm.ldap.IdentityCredentialLoader forIdentity(DirContext dirContext, String distinguishedName, Attributes attributes, Encoding hashEncoding) throws RealmUnavailableException
      Obtain an IdentityCredentialLoader to query the credentials for a specific identity.

      Note: By this point referrals relating to the identity should have been resolved so the DirContextFactory should be suitable for use with the supplied distinguishedName

      Parameters:
      dirContext - the DirContext to use to connect to LDAP.
      distinguishedName - the distinguished name of the identity.
      attributes - the identity attributes requested by addRequiredIdentityAttributes(Collection)
      hashEncoding - specifies the string format for the hashed password
      Returns:
      An IdentityCredentialLoader for the specified identity identified by their distinguished name.
      Throws:
      RealmUnavailableException

    • addRequiredIdentityAttributes

      default void addRequiredIdentityAttributes(Collection<String> attributes)
      Construct set of LDAP attributes, which should be loaded as part of the identity from identity entry.
      Parameters:
      attributes - output collection of attributes names, into which should be added

    • addBinaryIdentityAttributes

      default void addBinaryIdentityAttributes(Collection<String> attributes)
      Construct set of LDAP attributes, which should be loaded as binary data. Should be subset of CredentialLoader.addRequiredIdentityAttributes(java.util.Collection<java.lang.String>) output.
      Parameters:
      attributes - output collection of attributes names, into which should be added