edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector
Class LdapDataConnector

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.AbstractResolutionPlugIn<Map<String,BaseAttribute>>
      extended by edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.BaseDataConnector
          extended by edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector
All Implemented Interfaces:
DataConnector, ResolutionPlugIn<Map<String,BaseAttribute>>, EventListener, org.springframework.context.ApplicationListener

public class LdapDataConnector
extends BaseDataConnector
implements org.springframework.context.ApplicationListener

LdapDataConnector provides a plugin to retrieve attributes from an LDAP.


Nested Class Summary
static class LdapDataConnector.AUTHENTICATION_TYPE
          Authentication type values.
protected  class LdapDataConnector.LDAPValueEscapingStrategy
          Escapes values that will be included within an LDAP filter.
static class LdapDataConnector.SEARCH_SCOPE
          Search scope values.
 
Constructor Summary
LdapDataConnector(String ldapUrl, String ldapBaseDn, boolean startTls, int maxIdle, int initIdleCapacity)
          This creates a new ldap data connector with the supplied properties.
 
Method Summary
protected  Map<String,BaseAttribute> buildBaseAttributes(Iterator<SearchResult> results)
          This returns a map of attribute ids to attributes from the supplied search results.
protected  void clearCache()
          This removes all entries from the cache.
 LdapDataConnector.AUTHENTICATION_TYPE getAuthenticationType()
          This returns the authentication type used when binding to the ldap.
 String getBaseDn()
          This returns the base DN this connector is using.
protected  Map<String,BaseAttribute> getCachedAttributes(ShibbolethResolutionContext resolutionContext, String searchFilter)
          This retrieves any cached attributes for the supplied resolution context.
 String getFilterTemplate()
          Gets the template used to create queries.
 HostnameVerifier getHostnameVerifier()
          This returns the hostname verifier that will be used for all TLS and SSL connections to the ldap.
 String getLdapUrl()
          This returns the URL this connector is using.
 long getMaxResultSize()
          This returns the maximum number of search results the ldap will return.
 String getPrincipal()
          This returns the principal dn used to bind to the ldap for all searches.
 String getPrincipalCredential()
          This returns the principal credential used to bind to the ldap for all searches.
 String[] getReturnAttributes()
          This returns the attributes that all searches will request from the ldap.
 LdapDataConnector.SEARCH_SCOPE getSearchScope()
          This returns the search scope used when searching the ldap.
 int getSearchTimeLimit()
          This returns the time in milliseconds that the ldap will wait for search results.
 KeyManager[] getSslKeyManagers()
          This returns the key managers that will be used for all TLS and SSL connections to the ldap.
 SSLSocketFactory getSslSocketFactory()
          This returns the SSL Socket Factory that will be used for all TLS and SSL connections to the ldap.
 TrustManager[] getSslTrustManagers()
          This returns the trust managers that will be used for all TLS and SSL connections to the ldap.
 TemplateEngine getTemplateEngine()
          Gets the engine used to evaluate the query template.
 void initialize()
          Initializes the connector and prepares it for use.
protected  void initializeCache()
          Initializes the cache and prepares it for use.
protected  void initializeLdapPool()
          Initializes the ldap pool and prepares it for use.
 boolean isCacheResults()
          This returns whether this connector will cache search results.
 boolean isLinkDereferencing()
          This returns whether link dereferencing will be used during the search.
 boolean isMergeResults()
          This returns whether this connector will merge multiple search results into one result.
 boolean isNoResultsIsError()
          This returns whether this connector will throw an exception if no search results are found.
 boolean isReturningObjects()
          This returns whether objects will be returned in the search results.
 boolean isUseStartTls()
          This returns whether this connector will start TLS for all connections to the ldap.
 void onApplicationEvent(org.springframework.context.ApplicationEvent evt)
          
protected  void registerTemplate()
          Registers the query template with template engine.
 Map<String,BaseAttribute> resolve(ShibbolethResolutionContext resolutionContext)
          Performs the attribute resolution for this plugin.
protected  Iterator<SearchResult> searchLdap(String searchFilter)
          This searches the LDAP with the supplied filter.
 void setAuthenticationType(LdapDataConnector.AUTHENTICATION_TYPE type)
          This sets the authentication type used when binding to the ldap.
protected  void setCachedAttributes(ShibbolethResolutionContext resolutionContext, String searchFiler, Map<String,BaseAttribute> attributes)
          This stores the supplied attributes in the cache.
 void setCacheResults(boolean b)
          This sets whether this connector will cache search results.
 void setFilterTemplate(String template)
          Sets the template used to create queries.
 void setHostnameVerifier(HostnameVerifier hv)
          This sets the hostname verifier that will be used for all TLS and SSL connections to the ldap.
 void setLdapProperties(Map<String,String> ldapProperties)
          This sets additional ldap context environment properties.
 void setLinkDereferencing(boolean b)
          This sets whether link dereferencing will be used during the search.
 void setMaxResultSize(long l)
          This sets the maximum number of search results the ldap will return.
 void setMergeResults(boolean b)
          This sets whether this connector will merge multiple search results into one result.
 void setNoResultsIsError(boolean b)
          This sets whether this connector will throw an exception if no search results are found.
 void setPrincipal(String s)
          This sets the principal dn used to bind to the ldap for all searches.
 void setPrincipalCredential(String s)
          This sets the principal credential used to bind to the ldap for all searches.
 void setReturnAttributes(String s)
          This sets the attributes that all searches will request from the ldap.
 void setReturnAttributes(String[] s)
          This sets the attributes that all searches will request from the ldap.
 void setReturningObjects(boolean b)
          This sets whether objects will be returned in the search results.
 void setSearchScope(LdapDataConnector.SEARCH_SCOPE scope)
          This sets the search scope used when searching the ldap.
 void setSearchTimeLimit(int i)
          This sets the time in milliseconds that the ldap will wait for search results.
 void setSslKeyManagers(org.opensaml.xml.security.x509.X509Credential kc)
          This sets the key managers that will be used for all TLS and SSL connections to the ldap.
 void setSslSocketFactory(SSLSocketFactory sf)
          This sets the SSL Socket Factory that will be used for all TLS and SSL connections to the ldap.
 void setSslTrustManagers(org.opensaml.xml.security.x509.X509Credential tc)
          This sets the trust managers that will be used for all TLS and SSL connections to the ldap.
 void setTemplateEngine(TemplateEngine engine)
          Sets the engine used to evaluate the query template.
 void validate()
          Validate the internal state of this plug-in.
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.BaseDataConnector
getFailoverDependencyId, setFailoverDependencyIds
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.AbstractResolutionPlugIn
getDependencyIds, getId, getValuesFromAllDependencies, getValuesFromAttributeDependency, getValuesFromConnectorDependency, setId
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ResolutionPlugIn
getDependencyIds, getId
 

Constructor Detail

LdapDataConnector

public LdapDataConnector(String ldapUrl,
                         String ldapBaseDn,
                         boolean startTls,
                         int maxIdle,
                         int initIdleCapacity)
This creates a new ldap data connector with the supplied properties.

Parameters:
ldapUrl - String to connect to
ldapBaseDn - String to begin searching at
startTls - boolean whether connection should startTls
maxIdle - int maximum number of idle pool objects
initIdleCapacity - int initial capacity of the pool
Method Detail

initialize

public void initialize()
Initializes the connector and prepares it for use.


initializeLdapPool

protected void initializeLdapPool()
Initializes the ldap pool and prepares it for use. initialize() must be called first or this method does nothing.


initializeCache

protected void initializeCache()
Initializes the cache and prepares it for use. initialize() must be called first or this method does nothing.


clearCache

protected void clearCache()
This removes all entries from the cache. initialize() must be called first or this method does nothing.


registerTemplate

protected void registerTemplate()
Registers the query template with template engine. initialize() must be called first or this method does nothing.


isMergeResults

public boolean isMergeResults()
This returns whether this connector will merge multiple search results into one result. The default is false.

Returns:
boolean

setMergeResults

public void setMergeResults(boolean b)
This sets whether this connector will merge multiple search results into one result. This method will remove any cached results.

Parameters:
b - boolean
See Also:
clearCache()

isCacheResults

public boolean isCacheResults()
This returns whether this connector will cache search results. The default is false.

Returns:
boolean

setCacheResults

public void setCacheResults(boolean b)
This sets whether this connector will cache search results.

Parameters:
b - boolean
See Also:
initializeCache()

isNoResultsIsError

public boolean isNoResultsIsError()
This returns whether this connector will throw an exception if no search results are found. The default is false.

Returns:
boolean

setNoResultsIsError

public void setNoResultsIsError(boolean b)
This sets whether this connector will throw an exception if no search results are found.

Parameters:
b - boolean

getTemplateEngine

public TemplateEngine getTemplateEngine()
Gets the engine used to evaluate the query template.

Returns:
engine used to evaluate the query template

setTemplateEngine

public void setTemplateEngine(TemplateEngine engine)
Sets the engine used to evaluate the query template.

Parameters:
engine - engine used to evaluate the query template

getFilterTemplate

public String getFilterTemplate()
Gets the template used to create queries.

Returns:
template used to create queries

setFilterTemplate

public void setFilterTemplate(String template)
Sets the template used to create queries.

Parameters:
template - template used to create queries

getLdapUrl

public String getLdapUrl()
This returns the URL this connector is using.

Returns:
String

getBaseDn

public String getBaseDn()
This returns the base DN this connector is using.

Returns:
String

isUseStartTls

public boolean isUseStartTls()
This returns whether this connector will start TLS for all connections to the ldap.

Returns:
boolean

getSslSocketFactory

public SSLSocketFactory getSslSocketFactory()
This returns the SSL Socket Factory that will be used for all TLS and SSL connections to the ldap.

Returns:
SSLSocketFactory

setSslSocketFactory

public void setSslSocketFactory(SSLSocketFactory sf)
This sets the SSL Socket Factory that will be used for all TLS and SSL connections to the ldap. This method will remove any cached results and initialize the ldap pool.

Parameters:
sf - SSLSocketFactory
See Also:
clearCache(), initializeLdapPool()

getSslTrustManagers

public TrustManager[] getSslTrustManagers()
This returns the trust managers that will be used for all TLS and SSL connections to the ldap.

Returns:
TrustManager[]

setSslTrustManagers

public void setSslTrustManagers(org.opensaml.xml.security.x509.X509Credential tc)
This sets the trust managers that will be used for all TLS and SSL connections to the ldap. This method will remove any cached results and initialize the ldap pool.

Parameters:
tc - X509Credential to create TrustManagers with
See Also:
clearCache(), initializeLdapPool(), setSslSocketFactory(SSLSocketFactory)

getSslKeyManagers

public KeyManager[] getSslKeyManagers()
This returns the key managers that will be used for all TLS and SSL connections to the ldap.

Returns:
KeyManager[]

setSslKeyManagers

public void setSslKeyManagers(org.opensaml.xml.security.x509.X509Credential kc)
This sets the key managers that will be used for all TLS and SSL connections to the ldap. This method will remove any cached results and initialize the ldap pool.

Parameters:
kc - X509Credential to create KeyManagers with
See Also:
clearCache(), initializeLdapPool(), setSslSocketFactory(SSLSocketFactory)

getHostnameVerifier

public HostnameVerifier getHostnameVerifier()
This returns the hostname verifier that will be used for all TLS and SSL connections to the ldap.

Returns:
HostnameVerifier

setHostnameVerifier

public void setHostnameVerifier(HostnameVerifier hv)
This sets the hostname verifier that will be used for all TLS and SSL connections to the ldap. This method will remove any cached results and initialize the ldap pool.

Parameters:
hv - HostnameVerifier
See Also:
clearCache(), initializeLdapPool()

getAuthenticationType

public LdapDataConnector.AUTHENTICATION_TYPE getAuthenticationType()
This returns the authentication type used when binding to the ldap.

Returns:
AUTHENTICATION_TYPE

setAuthenticationType

public void setAuthenticationType(LdapDataConnector.AUTHENTICATION_TYPE type)
This sets the authentication type used when binding to the ldap. This method will remove any cached results and initialize the ldap pool.

Parameters:
type - AUTHENTICATION_TYPE
See Also:
clearCache(), initializeLdapPool()

getSearchScope

public LdapDataConnector.SEARCH_SCOPE getSearchScope()
This returns the search scope used when searching the ldap.

Returns:
int

setSearchScope

public void setSearchScope(LdapDataConnector.SEARCH_SCOPE scope)
This sets the search scope used when searching the ldap. This method will remove any cached results.

Parameters:
scope - directory search scope
See Also:
clearCache()

getReturnAttributes

public String[] getReturnAttributes()
This returns the attributes that all searches will request from the ldap.

Returns:
String[]

setReturnAttributes

public void setReturnAttributes(String[] s)
This sets the attributes that all searches will request from the ldap. This method will remove any cached results.

Parameters:
s - String[]
See Also:
clearCache()

setReturnAttributes

public void setReturnAttributes(String s)
This sets the attributes that all searches will request from the ldap. s should be a comma delimited string.

Parameters:
s - String[] comma delimited returnAttributes

getSearchTimeLimit

public int getSearchTimeLimit()
This returns the time in milliseconds that the ldap will wait for search results. A value of 0 means to wait indefinitely.

Returns:
int milliseconds

setSearchTimeLimit

public void setSearchTimeLimit(int i)
This sets the time in milliseconds that the ldap will wait for search results. A value of 0 means to wait indefinitely. This method will remove any cached results.

Parameters:
i - int milliseconds
See Also:
clearCache()

getMaxResultSize

public long getMaxResultSize()
This returns the maximum number of search results the ldap will return. A value of 0 all entries will be returned.

Returns:
long maximum number of search results

setMaxResultSize

public void setMaxResultSize(long l)
This sets the maximum number of search results the ldap will return. A value of 0 all entries will be returned. This method will remove any cached results.

Parameters:
l - long maximum number of search results
See Also:
clearCache()

isReturningObjects

public boolean isReturningObjects()
This returns whether objects will be returned in the search results. The default is false.

Returns:
boolean

setReturningObjects

public void setReturningObjects(boolean b)
This sets whether objects will be returned in the search results. This method will remove any cached results.

Parameters:
b - boolean
See Also:
clearCache()

isLinkDereferencing

public boolean isLinkDereferencing()
This returns whether link dereferencing will be used during the search. The default is false.

Returns:
boolean

setLinkDereferencing

public void setLinkDereferencing(boolean b)
This sets whether link dereferencing will be used during the search. This method will remove any cached results.

Parameters:
b - boolean
See Also:
clearCache()

getPrincipal

public String getPrincipal()
This returns the principal dn used to bind to the ldap for all searches.

Returns:
String principal dn

setPrincipal

public void setPrincipal(String s)
This sets the principal dn used to bind to the ldap for all searches. This method will remove any cached results and initialize the ldap pool.

Parameters:
s - String principal dn
See Also:
clearCache(), initializeLdapPool()

getPrincipalCredential

public String getPrincipalCredential()
This returns the principal credential used to bind to the ldap for all searches.

Returns:
String principal credential

setPrincipalCredential

public void setPrincipalCredential(String s)
This sets the principal credential used to bind to the ldap for all searches. This method will remove any cached results and initialize the ldap pool.

Parameters:
s - String principal credential
See Also:
clearCache(), initializeLdapPool()

setLdapProperties

public void setLdapProperties(Map<String,String> ldapProperties)
This sets additional ldap context environment properties. This method will remove any cached results and initialize the ldap pool.

Parameters:
ldapProperties - Map of name/value pairs
See Also:
clearCache(), initializeLdapPool()

onApplicationEvent

public void onApplicationEvent(org.springframework.context.ApplicationEvent evt)

Specified by:
onApplicationEvent in interface org.springframework.context.ApplicationListener

resolve

public Map<String,BaseAttribute> resolve(ShibbolethResolutionContext resolutionContext)
                                  throws AttributeResolutionException
Performs the attribute resolution for this plugin.

Specified by:
resolve in interface ResolutionPlugIn<Map<String,BaseAttribute>>
Parameters:
resolutionContext - the context for the resolution
Returns:
the attributes made available by the resolution, never null
Throws:
AttributeResolutionException - the problem that occured during the resolution

validate

public void validate()
              throws AttributeResolutionException
Validate the internal state of this plug-in.

Specified by:
validate in interface ResolutionPlugIn<Map<String,BaseAttribute>>
Throws:
AttributeResolutionException - if the plug-in has an invalid internal state

searchLdap

protected Iterator<SearchResult> searchLdap(String searchFilter)
                                     throws AttributeResolutionException
This searches the LDAP with the supplied filter.

Parameters:
searchFilter - String the searchFilter that produced the attributes
Returns:
Iterator of search results
Throws:
AttributeResolutionException - if an error occurs performing the search

buildBaseAttributes

protected Map<String,BaseAttribute> buildBaseAttributes(Iterator<SearchResult> results)
                                                 throws AttributeResolutionException
This returns a map of attribute ids to attributes from the supplied search results.

Parameters:
results - Iterator of LDAP search results
Returns:
Map of attribute ids to attributes
Throws:
AttributeResolutionException - if an error occurs parsing attribute results

setCachedAttributes

protected void setCachedAttributes(ShibbolethResolutionContext resolutionContext,
                                   String searchFiler,
                                   Map<String,BaseAttribute> attributes)
This stores the supplied attributes in the cache.

Parameters:
resolutionContext - ResolutionContext
searchFiler - the searchFilter that produced the attributes
attributes - Map of attribute ids to attributes

getCachedAttributes

protected Map<String,BaseAttribute> getCachedAttributes(ShibbolethResolutionContext resolutionContext,
                                                        String searchFilter)
This retrieves any cached attributes for the supplied resolution context. Returns null if nothing is cached.

Parameters:
resolutionContext - ResolutionContext
searchFilter - the search filter the produced the attributes
Returns:
Map of attributes ids to attributes


Copyright © 2006-2008 Internet2. All Rights Reserved.