Spring LDAP

org.springframework.ldap.core.support
Class AbstractContextSource

java.lang.Object
  extended by org.springframework.ldap.core.support.AbstractContextSource
All Implemented Interfaces:
InitializingBean, ContextSource, BaseLdapPathContextSource, BaseLdapPathSource
Direct Known Subclasses:
DirContextSource, LdapContextSource

public abstract class AbstractContextSource
extends Object
implements BaseLdapPathContextSource, InitializingBean

Abstract implementation of the ContextSource interface. By default, returns an authenticated DirContext implementation for both read-only and read-write operations. To have an anonymous environment created for read-only operations, set the anonymousReadOnly property to true.

Implementing classes need to implement getDirContextInstance(Hashtable) to create a DirContext instance of the desired type.

If an AuthenticationSource is set, this will be used for getting user principal and password for each new connection, otherwise a default one will be created using the specified userDn and password.

Note: When using implementations of this class outside of a Spring Context it is necessary to call afterPropertiesSet() when all properties are set, in order to finish up initialization.

Author:
Mattias Hellborg Arthursson, Adam Skogman, Ulrik Sandberg
See Also:
LdapTemplate, DefaultDirObjectFactory, LdapContextSource, DirContextSource

Field Summary
protected  String password
          Deprecated. use getPassword() and setPassword(String) instead
static String SUN_LDAP_POOLING_FLAG
           
protected  String userDn
          Deprecated. use getUserDn() and setUserDn(String) instead
 
Constructor Summary
AbstractContextSource()
           
 
Method Summary
 void afterPropertiesSet()
          Checks that all necessary data is set and that there is no compatibility issues, after which the instance is initialized.
 String assembleProviderUrlString(String[] ldapUrls)
          Assemble a valid url String from all registered urls to add as PROVIDER_URL to the environment.
protected  DirContext createContext(Hashtable<String,Object> environment)
          Create a DirContext using the supplied environment.
protected  Hashtable<String,Object> getAnonymousEnv()
           
protected  Hashtable<String,Object> getAuthenticatedEnv(String principal, String credentials)
           
 AuthenticationSource getAuthenticationSource()
          Get the authentication source.
 LdapName getBaseLdapName()
          Get the base LDAP path as a LdapName.
 DistinguishedName getBaseLdapPath()
          Deprecated. DistinguishedName and associated classes and methods are deprecated as of 2.0.
 String getBaseLdapPathAsString()
          Get the base LDAP path as a String.
 DirContext getContext(String principal, String credentials)
          Gets a DirContext instance authenticated using the supplied principal and credentials.
 Class<?> getContextFactory()
          Get the context factory.
protected abstract  DirContext getDirContextInstance(Hashtable<String,Object> environment)
          Implement in subclass to create a DirContext of the desired type (e.g.
 Class<?> getDirObjectFactory()
          Get the DirObjectFactory to use.
 String getPassword()
          Gets the password (credentials) to use for getting authenticated contexts.
 DirContext getReadOnlyContext()
          Gets a read-only DirContext.
 DirContext getReadWriteContext()
          Gets a read-write DirContext instance.
 String[] getUrls()
          Get the urls of the LDAP servers.
protected  String getUserDn()
          Gets the user distinguished name (principal) to use for getting authenticated contexts.
 boolean isAnonymousReadOnly()
          Get whether an anonymous environment should be used for read-only operations.
 boolean isPooled()
          Get whether the pooling flag should be set.
 void setAnonymousReadOnly(boolean anonymousReadOnly)
          Set whether an anonymous environment should be used for read-only operations.
 void setAuthenticationSource(AuthenticationSource authenticationSource)
          Set the authentication source to use when retrieving user principal and credentials.
 void setAuthenticationStrategy(DirContextAuthenticationStrategy authenticationStrategy)
          Set the DirContextAuthenticationStrategy to use for preparing the environment and processing the created DirContext instances.
 void setBase(String base)
          Set the base suffix from which all operations should origin.
 void setBaseEnvironmentProperties(Map<String,Object> baseEnvironmentProperties)
          If any custom environment properties are needed, these can be set using this method.
 void setCacheEnvironmentProperties(boolean cacheEnvironmentProperties)
          Set whether environment properties should be cached between requsts for anonymous environment.
 void setContextFactory(Class<?> contextFactory)
          Set the context factory.
 void setDirObjectFactory(Class<?> dirObjectFactory)
          Set the DirObjectFactory to use.
 void setPassword(String password)
          Set the password (credentials) to use for getting authenticated contexts.
 void setPooled(boolean pooled)
          Set whether the pooling flag should be set, enabling the built-in LDAP connection pooling.
 void setReferral(String referral)
          Set the method to handle referrals.
protected  void setupAuthenticatedEnvironment(Hashtable<String,Object> env, String principal, String credentials)
          Default implementation of setting the environment up to be authenticated.
 void setUrl(String url)
          Set the url of the LDAP server.
 void setUrls(String[] urls)
          Set the urls of the LDAP servers.
 void setUserDn(String userDn)
          Set the user distinguished name (principal) to use for getting authenticated contexts.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

userDn

@Deprecated
protected String userDn
Deprecated. use getUserDn() and setUserDn(String) instead

password

@Deprecated
protected String password
Deprecated. use getPassword() and setPassword(String) instead

SUN_LDAP_POOLING_FLAG

public static final String SUN_LDAP_POOLING_FLAG
See Also:
Constant Field Values
Constructor Detail

AbstractContextSource

public AbstractContextSource()
Method Detail

getContext

public DirContext getContext(String principal,
                             String credentials)
Description copied from interface: ContextSource
Gets a DirContext instance authenticated using the supplied principal and credentials. Typically to be used for plain authentication purposes. Note that this method will never make use of native Java LDAP pooling, even though this instance is configured to do so. This is to force password changes in the target directory to take effect as soon as possible.

Specified by:
getContext in interface ContextSource
Parameters:
principal - The principal (typically a distinguished name of a user in the LDAP tree) to use for authentication.
credentials - The credentials to use for authentication.
Returns:
an authenticated DirContext instance, never null.

getReadOnlyContext

public DirContext getReadOnlyContext()
Description copied from interface: ContextSource
Gets a read-only DirContext. The returned DirContext must be possible to perform read-only operations on.

Specified by:
getReadOnlyContext in interface ContextSource
Returns:
A DirContext instance, never null.

getReadWriteContext

public DirContext getReadWriteContext()
Description copied from interface: ContextSource
Gets a read-write DirContext instance.

Specified by:
getReadWriteContext in interface ContextSource
Returns:
A DirContext instance, never null.

setupAuthenticatedEnvironment

protected void setupAuthenticatedEnvironment(Hashtable<String,Object> env,
                                             String principal,
                                             String credentials)
Default implementation of setting the environment up to be authenticated. This method should typically NOT be overridden; any customization to the authentication mechanism should be managed by setting a different DirContextAuthenticationStrategy on this instance.

Parameters:
env - the environment to modify.
principal - the principal to authenticate with.
credentials - the credentials to authenticate with.
See Also:
DirContextAuthenticationStrategy, setAuthenticationStrategy(DirContextAuthenticationStrategy)

assembleProviderUrlString

public String assembleProviderUrlString(String[] ldapUrls)
Assemble a valid url String from all registered urls to add as PROVIDER_URL to the environment.

Parameters:
ldapUrls - all individual url Strings.
Returns:
the full url String

setBase

public void setBase(String base)
Set the base suffix from which all operations should origin. If a base suffix is set, you will not have to (and, indeed, must not) specify the full distinguished names in any operations performed.

Parameters:
base - the base suffix.

getBaseLdapPath

public DistinguishedName getBaseLdapPath()
Deprecated. DistinguishedName and associated classes and methods are deprecated as of 2.0.

Description copied from interface: BaseLdapPathSource
Get the base LDAP path as a DistinguishedName.

Specified by:
getBaseLdapPath in interface BaseLdapPathSource
Returns:
the base LDAP path as a DistinguishedName. The path will be empty if no base path is specified.

getBaseLdapName

public LdapName getBaseLdapName()
Description copied from interface: BaseLdapPathSource
Get the base LDAP path as a LdapName.

Specified by:
getBaseLdapName in interface BaseLdapPathSource
Returns:
the base LDAP path as a LdapName. The path will be empty if no base path is specified.

getBaseLdapPathAsString

public String getBaseLdapPathAsString()
Description copied from interface: BaseLdapPathSource
Get the base LDAP path as a String.

Specified by:
getBaseLdapPathAsString in interface BaseLdapPathSource
Returns:
the base LDAP path as a An empty String will be returned if no base path is specified.

createContext

protected DirContext createContext(Hashtable<String,Object> environment)
Create a DirContext using the supplied environment.

Parameters:
environment - the LDAP environment to use when creating the DirContext.
Returns:
a new DirContext implementation initialized with the supplied environment.

setContextFactory

public void setContextFactory(Class<?> contextFactory)
Set the context factory. Default is com.sun.jndi.ldap.LdapCtxFactory.

Parameters:
contextFactory - the context factory used when creating Contexts.

getContextFactory

public Class<?> getContextFactory()
Get the context factory.

Returns:
the context factory used when creating Contexts.

setDirObjectFactory

public void setDirObjectFactory(Class<?> dirObjectFactory)
Set the DirObjectFactory to use. Default is DefaultDirObjectFactory. The specified class needs to be an implementation of javax.naming.spi.DirObjectFactory. Note: Setting this value to null may have cause connection leaks when using ContextMapper methods in LdapTemplate.

Parameters:
dirObjectFactory - the DirObjectFactory to be used. Null means that no DirObjectFactory will be used.

getDirObjectFactory

public Class<?> getDirObjectFactory()
Get the DirObjectFactory to use.

Returns:
the DirObjectFactory to be used. null means that no DirObjectFactory will be used.

afterPropertiesSet

public void afterPropertiesSet()
Checks that all necessary data is set and that there is no compatibility issues, after which the instance is initialized. Note that you need to call this method explicitly after setting all desired properties if using the class outside of a Spring Context.

Specified by:
afterPropertiesSet in interface InitializingBean

setPassword

public void setPassword(String password)
Set the password (credentials) to use for getting authenticated contexts.

Parameters:
password - the password.

getPassword

public String getPassword()
Gets the password (credentials) to use for getting authenticated contexts.

Returns:
the password

setUserDn

public void setUserDn(String userDn)
Set the user distinguished name (principal) to use for getting authenticated contexts.

Parameters:
userDn - the user distinguished name.

getUserDn

protected String getUserDn()
Gets the user distinguished name (principal) to use for getting authenticated contexts.

Returns:
the user distinguished name.

setUrls

public void setUrls(String[] urls)
Set the urls of the LDAP servers. Use this method if several servers are required.

Parameters:
urls - the urls of all servers.

getUrls

public String[] getUrls()
Get the urls of the LDAP servers.

Returns:
the urls of all servers.

setUrl

public void setUrl(String url)
Set the url of the LDAP server. Utility method if only one server is used.

Parameters:
url - the url of the LDAP server.

setPooled

public void setPooled(boolean pooled)
Set whether the pooling flag should be set, enabling the built-in LDAP connection pooling. Default is false. The built-in LDAP connection pooling suffers from a number of deficiencies, e.g. no connection validation. Also, enabling this flag when using TLS connections will explicitly not work. Consider using the Spring LDAP PoolingContextSource as an alternative instead of enabling this flag.

Note that since LDAP pooling is system wide, full configuration of this needs be done using system parameters as specified in the LDAP/JNDI documentation. Also note, that pooling is done on user dn basis, i.e. each individually authenticated connection will be pooled separately. This means that LDAP pooling will be most efficient using anonymous connections or connections authenticated using one single system user.

Parameters:
pooled - whether Contexts should be pooled.

isPooled

public boolean isPooled()
Get whether the pooling flag should be set.

Returns:
whether Contexts should be pooled.

setBaseEnvironmentProperties

public void setBaseEnvironmentProperties(Map<String,Object> baseEnvironmentProperties)
If any custom environment properties are needed, these can be set using this method.

Parameters:
baseEnvironmentProperties - the base environment properties that should always be used when creating new Context instances.

getAnonymousEnv

protected Hashtable<String,Object> getAnonymousEnv()

getAuthenticatedEnv

protected Hashtable<String,Object> getAuthenticatedEnv(String principal,
                                                       String credentials)

setAuthenticationSource

public void setAuthenticationSource(AuthenticationSource authenticationSource)
Set the authentication source to use when retrieving user principal and credentials.

Parameters:
authenticationSource - the AuthenticationSource that will provide user info.

getAuthenticationSource

public AuthenticationSource getAuthenticationSource()
Get the authentication source.

Returns:
the AuthenticationSource that will provide user info.

setCacheEnvironmentProperties

public void setCacheEnvironmentProperties(boolean cacheEnvironmentProperties)
Set whether environment properties should be cached between requsts for anonymous environment. Default is true; setting this property to false causes the environment Hashmap to be rebuilt from the current property settings of this instance between each request for an anonymous environment.

Parameters:
cacheEnvironmentProperties - true causes that the anonymous environment properties should be cached, false causes the Hashmap to be rebuilt for each request.

setAnonymousReadOnly

public void setAnonymousReadOnly(boolean anonymousReadOnly)
Set whether an anonymous environment should be used for read-only operations. Default is false.

Parameters:
anonymousReadOnly - true if an anonymous environment should be used for read-only operations, false otherwise.

isAnonymousReadOnly

public boolean isAnonymousReadOnly()
Get whether an anonymous environment should be used for read-only operations.

Returns:
true if an anonymous environment should be used for read-only operations, false otherwise.

setAuthenticationStrategy

public void setAuthenticationStrategy(DirContextAuthenticationStrategy authenticationStrategy)
Set the DirContextAuthenticationStrategy to use for preparing the environment and processing the created DirContext instances.

Parameters:
authenticationStrategy - the DirContextAuthenticationStrategy to use; default is SimpleDirContextAuthenticationStrategy.

setReferral

public void setReferral(String referral)
Set the method to handle referrals. Default is 'ignore'; setting this flag to 'follow' will enable referrals to be automatically followed. Note that this might require particular name server setup in order to work (the referred URLs will need to be automatically found using standard DNS resolution).

Parameters:
referral - the value to set the system property Context.REFERRAL to, customizing the way that referrals are handled.

getDirContextInstance

protected abstract DirContext getDirContextInstance(Hashtable<String,Object> environment)
                                             throws NamingException
Implement in subclass to create a DirContext of the desired type (e.g. InitialDirContext or InitialLdapContext).

Parameters:
environment - the environment to use when creating the instance.
Returns:
a new DirContext instance.
Throws:
NamingException - if one is encountered when creating the instance.

Spring LDAP