org.apache.derby.impl.jdbc.authentication
Class LDAPAuthenticationSchemeImpl

java.lang.Object
  extended by org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
      extended by org.apache.derby.impl.jdbc.authentication.LDAPAuthenticationSchemeImpl
All Implemented Interfaces:
UserAuthenticator

public final class LDAPAuthenticationSchemeImpl
extends JNDIAuthenticationSchemeBase

This is the Derby LDAP authentication scheme implementation. JNDI system/environment properties can be set at the database level as database properties. They will be picked-up and set in the JNDI initial context if any are found. We do connect first to the LDAP server in order to retrieve the user's distinguished name (DN) and then we reconnect and try to authenticate with the user's DN and passed-in password. In 2.0 release, we first connect to do a search (user full DN lookup). This initial lookup can be done through anonymous bind or using special LDAP search credentials that the user may have configured on the LDAP settings for the database or the system. It is a typical operation with LDAP servers where sometimes it is hard to tell/guess in advance a users' full DN's. NOTE: In a future release, we will cache/maintain the user DN within the the Derby database or system to avoid the initial lookup. Also note that LDAP search/retrieval operations are usually very fast. The default LDAP url is ldap:/// (ldap://localhost:389/)

See Also:
UserAuthenticator

Field Summary
private static java.lang.String[] attrDN
           
private static java.lang.String dfltLDAPURL
           
private static java.lang.String LDAP_LOCAL_USER_DN
           
private static java.lang.String LDAP_SEARCH_AUTH_DN
           
private static java.lang.String LDAP_SEARCH_AUTH_PW
           
private static java.lang.String LDAP_SEARCH_BASE
           
private static java.lang.String LDAP_SEARCH_FILTER
           
private static java.lang.String LDAP_SEARCH_FILTER_USERNAME
           
private  java.lang.String leftSearchFilter
           
private  java.lang.String rightSearchFilter
           
private  java.lang.String searchAuthDN
           
private  java.lang.String searchAuthPW
           
private  java.lang.String searchBaseDN
           
private  boolean useUserPropertyAsDN
           
 
Fields inherited from class org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
authenticationService, initDirContextEnv, providerURL
 
Constructor Summary
LDAPAuthenticationSchemeImpl(JNDIAuthenticationService as, java.util.Properties dbProperties)
           
 
Method Summary
 boolean authenticateUser(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName, java.util.Properties info)
          Authenticate the passed-in user's credentials.
private  java.lang.String getDNFromUID(java.lang.String uid)
          Search for the full user's DN in the LDAP server.
private  javax.naming.directory.DirContext privInitialDirContext(java.util.Properties env)
          Call new InitialDirContext in a privilege block
protected  void setJNDIProviderProperties()
          This method basically tests and sets default/expected JNDI properties for the JNDI provider scheme (here it is LDAP).
 
Methods inherited from class org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
getLoginSQLException
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

dfltLDAPURL

private static final java.lang.String dfltLDAPURL
See Also:
Constant Field Values

searchBaseDN

private java.lang.String searchBaseDN

leftSearchFilter

private java.lang.String leftSearchFilter

rightSearchFilter

private java.lang.String rightSearchFilter

useUserPropertyAsDN

private boolean useUserPropertyAsDN

searchAuthDN

private java.lang.String searchAuthDN

searchAuthPW

private java.lang.String searchAuthPW

attrDN

private static final java.lang.String[] attrDN

LDAP_SEARCH_BASE

private static final java.lang.String LDAP_SEARCH_BASE
See Also:
Constant Field Values

LDAP_SEARCH_FILTER

private static final java.lang.String LDAP_SEARCH_FILTER
See Also:
Constant Field Values

LDAP_SEARCH_AUTH_DN

private static final java.lang.String LDAP_SEARCH_AUTH_DN
See Also:
Constant Field Values

LDAP_SEARCH_AUTH_PW

private static final java.lang.String LDAP_SEARCH_AUTH_PW
See Also:
Constant Field Values

LDAP_LOCAL_USER_DN

private static final java.lang.String LDAP_LOCAL_USER_DN
See Also:
Constant Field Values

LDAP_SEARCH_FILTER_USERNAME

private static final java.lang.String LDAP_SEARCH_FILTER_USERNAME
See Also:
Constant Field Values
Constructor Detail

LDAPAuthenticationSchemeImpl

public LDAPAuthenticationSchemeImpl(JNDIAuthenticationService as,
                                    java.util.Properties dbProperties)
Method Detail

authenticateUser

public boolean authenticateUser(java.lang.String userName,
                                java.lang.String userPassword,
                                java.lang.String databaseName,
                                java.util.Properties info)
                         throws java.sql.SQLException
Authenticate the passed-in user's credentials. We authenticate against a LDAP Server.

Parameters:
userName - The user's name used to connect to JBMS system
userPassword - The user's password used to connect to JBMS system
databaseName - The database which the user wants to connect to.
info - Additional jdbc connection info.
Returns:
false if the connection request should be denied, true if the connection request should proceed. If false is returned the connection attempt will receive a SQLException with SQL State 08004.
Throws:
java.sql.SQLException - An exception processing the request, connection request will be denied. The SQL exception will be returned to the connection attempt.

privInitialDirContext

private javax.naming.directory.DirContext privInitialDirContext(java.util.Properties env)
                                                         throws javax.naming.NamingException
Call new InitialDirContext in a privilege block

Parameters:
env - environment used to create the initial DirContext. Null indicates an empty environment.
Returns:
an initial DirContext using the supplied environment.
Throws:
javax.naming.NamingException

setJNDIProviderProperties

protected void setJNDIProviderProperties()
This method basically tests and sets default/expected JNDI properties for the JNDI provider scheme (here it is LDAP).

Specified by:
setJNDIProviderProperties in class JNDIAuthenticationSchemeBase

getDNFromUID

private java.lang.String getDNFromUID(java.lang.String uid)
                               throws javax.naming.NamingException
Search for the full user's DN in the LDAP server. LDAP server bind may or not be anonymous. If the admin does not want us to do anonymous bind/search, then we must have been given principal/credentials in order to successfully bind to perform the user's DN search.

Throws:
javax.naming.NamingException - if could not retrieve the user DN.

Built on Thu 2012-03-29 21:53:33+0000, from revision ???

Apache Derby V10.6 Internals - Copyright © 2004,2007 The Apache Software Foundation. All Rights Reserved.