uk.ac.ed.epcc.webapp.session

Class LdapPasswordComposite<T extends AppUser>

java.lang.Object

uk.ac.ed.epcc.webapp.model.data.Composite<AU,X>

uk.ac.ed.epcc.webapp.session.AppUserComposite<T,PasswordAuthComposite<T>>

uk.ac.ed.epcc.webapp.session.PasswordAuthComposite<T>

uk.ac.ed.epcc.webapp.session.LdapPasswordComposite<T>

Type Parameters:

T - type of AppUser

All Implemented Interfaces:

Contexed, TableStructureContributer<T>, AppUserTransitionContributor, NewSignupAction<T>, RequiredPageProvider<T>

public class LdapPasswordComposite<T extends AppUser>
extends PasswordAuthComposite<T>

A PasswordAuthComposite that queries an external pre-populated LDAP server for authentication. The assumption is that the user has read access to their own LDAP entry. All the password-change functionality is not supported but database records will be auto-created when an authentication succeeds. We assume all users are at the same level of the ldap tree and the supplied username corresponds to a unique attribute (default to uid) of the user record. This allows a LdapName for the record to be generated simply and does not require an anonymous bind to search for the user. An anonymous bind can be introduced by sub-classing. The identifying attribute name is stored as the web-name.

Configuration properties:

• authentication.ldap.factory factory class defaults to com.sun.jndi.ldap.LdapCtxFactory
• authentication.ldap.url connection url
• authentication.ldap.base base dn, this should be the path immediately above the user records
• ldap.connection_domain AD domain. If set LDAP authentication will be as username@domain instead of LDAP principal DN.
• authentication.ldap.name_attr Name component to add to base_dn to generate user DN defaults to uid
• authentication.ldap.property.attributeName name of DB field to store attribute

Nested Class Summary

Nested classes/interfaces inherited from class uk.ac.ed.epcc.webapp.session.PasswordAuthComposite

PasswordAuthComposite.PasswordResetRequiredPage, PasswordAuthComposite.UpdatePasswordTransition

Field Summary

Fields

Modifier and Type	Field and Description
protected javax.naming.ldap.LdapName	base_name
protected java.lang.String	factory
protected java.lang.String	filter
protected java.lang.String	ldap_url
protected java.lang.String	name_attr
protected boolean	use_ssl

Fields inherited from class uk.ac.ed.epcc.webapp.session.PasswordAuthComposite

CHANGE_PASSWORD, USER_CHANGE_PASSWORD_FEATURE

Fields inherited from class uk.ac.ed.epcc.webapp.model.data.Composite

fac

Constructor Summary

Constructors

Constructor and Description
LdapPasswordComposite(AppUserFactory<T> fac)

Method Summary

Modifier and Type	Method and Description
boolean	canResetPassword(T user) Is it legal to reset the password for the current user.
boolean	checkPassword(T u, java.lang.String password) Check if a string matches this persons password.
T	findByLoginNamePassword(java.lang.String name, java.lang.String password) Check a supplied user-name and password.
T	findByLoginNamePassword(java.lang.String name, java.lang.String password, boolean check_fail_count) Check a supplied user-name and password.
java.lang.String	firstPassword(T user) set the initial randomised password for the user
protected javax.naming.directory.DirContext	getContext(java.lang.String name, java.lang.String password)
void	lockPassword(T user) lock the account so no password works.
TableSpecification	modifyDefaultTableSpecification(TableSpecification spec, java.lang.String table) Modify the TableSpecification of the target factory.
boolean	mustResetPassword(T user) Is the user required to change their password
void	newPassword(T user) Set a new randomised password for the user and send a notification email
java.lang.String	randomisePassword(T user) set a new randomised password for the user
java.lang.String	reasonForReset(T user) Text explanation of why PasswordAuthComposite.mustResetPassword(AppUser) returned true.
void	setPassword(T user, java.lang.String password) Change the password for a user

Methods inherited from class uk.ac.ed.epcc.webapp.session.PasswordAuthComposite

doWelcome, getRequiredPages, getTransitions, getType, newSignup

Methods inherited from class uk.ac.ed.epcc.webapp.model.data.Composite

addDefaults, addFieldHelp, addOptional, addSelectors, addSuppress, addTranslations, customiseForm, customiseUpdateForm, getContext, getFactory, getLogger, getRecord, getRepository, postUpdate, preRegister, release, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface uk.ac.ed.epcc.webapp.model.data.TableStructureContributer

addFieldConstraints, addFormFields

Field Detail

ldap_url

protected final java.lang.String ldap_url

use_ssl

protected final boolean use_ssl

base_name

protected final javax.naming.ldap.LdapName base_name

factory

protected final java.lang.String factory

filter

protected final java.lang.String filter

name_attr

protected final java.lang.String name_attr

Constructor Detail

LdapPasswordComposite

public LdapPasswordComposite(AppUserFactory<T> fac)

Parameters:

fac -

Method Detail

checkPassword

public boolean checkPassword(T u,
                             java.lang.String password)

Description copied from class: PasswordAuthComposite

Check if a string matches this persons password.

Specified by:

checkPassword in class PasswordAuthComposite<T extends AppUser>

Parameters:

u - AppUser to check

password - unencrypted password to check.

Returns:

true if password matches.

findByLoginNamePassword

public T findByLoginNamePassword(java.lang.String name,
                                 java.lang.String password)
                          throws DataException

Description copied from class: PasswordAuthComposite

Check a supplied user-name and password. return the person if it matches. If the table is tracking an external authentication system this could create the person on first use.

Specified by:

findByLoginNamePassword in class PasswordAuthComposite<T extends AppUser>

Returns:

user

Throws:

DataException

getContext

protected javax.naming.directory.DirContext getContext(java.lang.String name,
                                                       java.lang.String password)
                                                throws javax.naming.InvalidNameException,
                                                       javax.naming.NamingException

Parameters:

name -

password -

Returns:

Throws:

javax.naming.InvalidNameException

javax.naming.NamingException

findByLoginNamePassword

public T findByLoginNamePassword(java.lang.String name,
                                 java.lang.String password,
                                 boolean check_fail_count)
                          throws DataException

Description copied from class: PasswordAuthComposite

Check a supplied user-name and password. return the person if it matches. If the table is tracking an external authentication system this could create the person on first use.

Specified by:

findByLoginNamePassword in class PasswordAuthComposite<T extends AppUser>

check_fail_count - set to false to ignore failed logins.

Returns:

user

Throws:

DataException

canResetPassword

public boolean canResetPassword(T user)

Description copied from class: PasswordAuthComposite

Is it legal to reset the password for the current user. This can either reflect that password changes are not possible or that the user is in state where it is not legal to reset the password.

Specified by:

canResetPassword in class PasswordAuthComposite<T extends AppUser>

Parameters:

user - or null for general test

Returns:

boolean

setPassword

public void setPassword(T user,
                        java.lang.String password)
                 throws DataFault

Description copied from class: PasswordAuthComposite

Change the password for a user

Specified by:

setPassword in class PasswordAuthComposite<T extends AppUser>

password - clear-text password

Throws:

DataFault

lockPassword

public void lockPassword(T user)
                  throws UnsupportedException

Description copied from class: PasswordAuthComposite

lock the account so no password works.

Specified by:

lockPassword in class PasswordAuthComposite<T extends AppUser>

Throws:

UnsupportedException

newPassword

public void newPassword(T user)
                 throws java.lang.Exception

Description copied from class: PasswordAuthComposite

Set a new randomised password for the user and send a notification email

Specified by:

newPassword in class PasswordAuthComposite<T extends AppUser>

Throws:

java.lang.Exception

randomisePassword

public java.lang.String randomisePassword(T user)
                                   throws DataFault

Description copied from class: PasswordAuthComposite

set a new randomised password for the user

Specified by:

randomisePassword in class PasswordAuthComposite<T extends AppUser>

Returns:

plain-text of new password

Throws:

DataFault

firstPassword

public java.lang.String firstPassword(T user)
                               throws DataFault

Description copied from class: PasswordAuthComposite

set the initial randomised password for the user

Specified by:

firstPassword in class PasswordAuthComposite<T extends AppUser>

Returns:

plain-text of new password

Throws:

DataFault

mustResetPassword

public boolean mustResetPassword(T user)

Description copied from class: PasswordAuthComposite

Is the user required to change their password

Specified by:

mustResetPassword in class PasswordAuthComposite<T extends AppUser>

Returns:

boolean

reasonForReset

public java.lang.String reasonForReset(T user)

Description copied from class: PasswordAuthComposite

Text explanation of why PasswordAuthComposite.mustResetPassword(AppUser) returned true.

Specified by:

reasonForReset in class PasswordAuthComposite<T extends AppUser>

Returns:

modifyDefaultTableSpecification

public TableSpecification modifyDefaultTableSpecification(TableSpecification spec,
                                                          java.lang.String table)

Description copied from interface: TableStructureContributer

Modify the TableSpecification of the target factory.

Specified by:

modifyDefaultTableSpecification in interface TableStructureContributer<T extends AppUser>

Overrides:

modifyDefaultTableSpecification in class Composite<T extends AppUser,PasswordAuthComposite<T extends AppUser>>

Returns: