View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector;
18  
19  import java.util.Map;
20  
21  import org.opensaml.xml.security.x509.X509Credential;
22  import org.opensaml.xml.util.DatatypeHelper;
23  
24  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector;
25  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine;
26  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector.AUTHENTICATION_TYPE;
27  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector.SEARCH_SCOPE;
28  
29  /**
30   * Spring factory for creating {@link LdapDataConnector} beans.
31   */
32  public class LdapDataConnectorFactoryBean extends BaseDataConnectorFactoryBean {
33  
34      /** Template engine used to construct filter queries. */
35      private TemplateEngine templateEngine;
36  
37      /** URL of the LDAP server. */
38      private String ldapURL;
39  
40      /** Base search DN. */
41      private String baseDN;
42  
43      /** DN of the principal to bind to the directory as. */
44      private String principal;
45  
46      /** Credential for the binding principal. */
47      private String principalCredential;
48      
49      /** LDAP authentication type. */
50      private AUTHENTICATION_TYPE authenticationType;
51  
52      /** LDAP query filter template. */
53      private String filterTemplate;
54  
55      /** LDAP directory search scope. */
56      private SEARCH_SCOPE searchScope;
57  
58      /** Name of the LDAP attributes to return. */
59      private String[] returnAttributes;
60  
61      /** LDAP connection provider specific properties. */
62      private Map<String, String> ldapProperties;
63  
64      /** Whether to use StartTLS when connecting to the LDAP. */
65      private boolean useStartTLS;
66  
67      /** Trust material used when connecting to the LDAP over SSL/TLS. */
68      private X509Credential trustCredential;
69  
70      /** Client authentication material used when connecting to the LDAP over SSL/TLS. */
71      private X509Credential connectionCredential;
72  
73      /** Initial number of connections in the pool. */
74      private int poolInitialSize;
75  
76      /** Maximum number of idle connections that will be kept in the pool. */
77      private int poolMaxIdle;
78  
79      /** Time, in milliseconds, to wait for a search to return. */
80      private int searchTimeLimit;
81  
82      /** Maximum number of results to return. */
83      private int maxResultSize;
84  
85      /** Whether to cache query the results. */
86      private boolean cacheResults;
87  
88      /** Whether to merge multiple results into a single set of attributes. */
89      private boolean mergeResults;
90  
91      /** Whether a search returning no results should be considered an error. */
92      private boolean noResultsIsError;
93  
94      /** {@inheritDoc} */
95      protected Object createInstance() throws Exception {
96          LdapDataConnector connector = new LdapDataConnector(ldapURL, baseDN, useStartTLS, poolMaxIdle, poolInitialSize);
97          populateDataConnector(connector);
98          connector.setAuthenticationType(authenticationType);
99          connector.setPrincipal(principal);
100         connector.setPrincipalCredential(principalCredential);
101         connector.setLdapProperties(ldapProperties);
102         
103         if(trustCredential != null){
104             connector.setSslTrustManagers(trustCredential);
105         }
106         
107         if(connectionCredential != null){
108             connector.setSslKeyManagers(connectionCredential);
109         }
110         
111         connector.setCacheResults(cacheResults);
112         connector.setFilterTemplate(filterTemplate);
113         connector.setMaxResultSize(maxResultSize);
114         connector.setMergeResults(mergeResults);
115         connector.setNoResultsIsError(noResultsIsError);
116         connector.setReturnAttributes(returnAttributes);
117         connector.setSearchScope(searchScope);
118         connector.setSearchTimeLimit(searchTimeLimit);
119         connector.setTemplateEngine(templateEngine);
120 
121         connector.initialize();
122 
123         return connector;
124     }
125 
126     /**
127      * Gets the authentication type used when connecting to the directory.
128      * 
129      * @return authentication type used when connecting to the directory
130      */
131     public AUTHENTICATION_TYPE getAuthenticationType() {
132         return authenticationType;
133     }
134     
135     /**
136      * Gets the base search DN.
137      * 
138      * @return the base search DN
139      */
140     public String getBaseDN() {
141         return baseDN;
142     }
143     
144     /**
145      * Gets the client authentication material used when connecting to the LDAP via SSL or TLS.
146      * 
147      * @return client authentication material used when connecting to the LDAP via SSL or TLS
148      */
149     public X509Credential getConnectionCredential() {
150         return connectionCredential;
151     }
152 
153     /**
154      * Gets the LDAP query filter template.
155      * 
156      * @return LDAP query filter template
157      */
158     public String getFilterTemplate() {
159         return filterTemplate;
160     }
161 
162     /**
163      * Gets the LDAP connection provider specific properties.
164      * 
165      * @return LDAP connection provider specific properties
166      */
167     public Map<String, String> getLdapProperties() {
168         return ldapProperties;
169     }
170 
171     /**
172      * Gets the LDAP server's URL.
173      * 
174      * @return LDAP server's URL
175      */
176     public String getLdapUrl() {
177         return ldapURL;
178     }
179 
180     /**
181      * Gets the maximum number of results to return from a query.
182      * 
183      * @return maximum number of results to return from a query
184      */
185     public int getMaxResultSize() {
186         return maxResultSize;
187     }
188 
189     /** {@inheritDoc} */
190     public Class getObjectType() {
191         return LdapDataConnector.class;
192     }
193 
194     /**
195      * Gets the initial number of connection to create in the connection pool.
196      * 
197      * @return initial number of connection to create in the connection pool
198      */
199     public int getPoolInitialSize() {
200         return poolInitialSize;
201     }
202 
203     /**
204      * Gets the maximum number of idle connection that will be kept in the connection pool.
205      * 
206      * @return maximum number of idle connection that will be kept in the connection pool
207      */
208     public int getPoolMaxIdleSize() {
209         return poolMaxIdle;
210     }
211 
212     /**
213      * Gets the principal DN used to bind to the directory.
214      * 
215      * @return principal DN used to bind to the directory
216      */
217     public String getPrincipal() {
218         return principal;
219     }
220 
221     /**
222      * Gets the credential of the principal DN used to bind to the directory.
223      * 
224      * @return credential of the principal DN used to bind to the directory
225      */
226     public String getPrincipalCredential() {
227         return principalCredential;
228     }
229 
230     /**
231      * Gets the attributes to return from a query.
232      * 
233      * @return attributes to return from a query
234      */
235     public String[] getReturnAttributes() {
236         return returnAttributes;
237     }
238 
239     /**
240      * Gets the search scope of a query.
241      * 
242      * @return search scope of a query
243      */
244     public SEARCH_SCOPE getSearchScope() {
245         return searchScope;
246     }
247 
248     /**
249      * Gets the maximum amount of time, in milliseconds, to wait for a search to complete.
250      * 
251      * @return maximum amount of time, in milliseconds, to wait for a search to complete
252      */
253     public int getSearchTimeLimit() {
254         return searchTimeLimit;
255     }
256 
257     /**
258      * Gets the template engine used to construct query filters.
259      * 
260      * @return template engine used to construct query filters
261      */
262     public TemplateEngine getTemplateEngine() {
263         return templateEngine;
264     }
265 
266     /**
267      * Gets the trust material used when connecting to the LDAP via SSL or TLS.
268      * 
269      * @return trust material used when connecting to the LDAP via SSL or TLS
270      */
271     public X509Credential getTrustCredential() {
272         return trustCredential;
273     }
274 
275     /**
276      * Gets whether to use StartTLS when connecting to the LDAP.
277      * 
278      * @return whether to use StartTLS when connecting to the LDAP
279      */
280     public boolean getUseStartTLS() {
281         return useStartTLS;
282     }
283 
284     /**
285      * Gets whether to cache query results.
286      * 
287      * @return whether to cache query results.
288      */
289     public boolean isCacheResults() {
290         return cacheResults;
291     }
292 
293     /**
294      * Gets whether to merge multiple results into a single result.
295      * 
296      * @return whether to merge multiple results into a single result
297      */
298     public boolean isMergeResults() {
299         return mergeResults;
300     }
301 
302     /**
303      * Gets whether a query that returns no results is an error condition.
304      * 
305      * @return whether a query that returns no results is an error condition
306      */
307     public boolean isNoResultsIsError() {
308         return noResultsIsError;
309     }
310 
311     /**
312      * Sets the authentication type used when connecting to the directory.
313      * 
314      * @param type authentication type used when connecting to the directory
315      */
316     public void setAuthenticationType(AUTHENTICATION_TYPE type) {
317         authenticationType = type;
318     }
319 
320     /**
321      * Sets the base search DN.
322      * 
323      * @param dn the base search DN
324      */
325     public void setBaseDN(String dn) {
326         baseDN = DatatypeHelper.safeTrimOrNullString(dn);
327     }
328 
329     /**
330      * Sets whether to cache query results.
331      * 
332      * @param cache whether to cache query results
333      */
334     public void setCacheResults(boolean cache) {
335         cacheResults = cache;
336     }
337 
338     /**
339      * Sets the client authentication material used when connecting to the LDAP via SSL or TLS.
340      * 
341      * @param credential client authentication material used when connecting to the LDAP via SSL or TLS
342      */
343     public void setConnectionCredential(X509Credential credential) {
344         connectionCredential = credential;
345     }
346 
347     /**
348      * Sets the LDAP query filter template.
349      * 
350      * @param template LDAP query filter template
351      */
352     public void setFilterTemplate(String template) {
353         filterTemplate = DatatypeHelper.safeTrimOrNullString(template);
354     }
355 
356     /**
357      * Sets the LDAP connection provider specific properties.
358      * 
359      * @param properties LDAP connection provider specific properties
360      */
361     public void setLdapProperties(Map<String, String> properties) {
362         ldapProperties = properties;
363     }
364 
365     /**
366      * Sets the LDAP server's URL.
367      * 
368      * @param url LDAP server's URL
369      */
370     public void setLdapUrl(String url) {
371         ldapURL = DatatypeHelper.safeTrimOrNullString(url);
372     }
373 
374     /**
375      * Sets the maximum number of results to return from a query.
376      * 
377      * @param max maximum number of results to return from a query
378      */
379     public void setMaxResultSize(int max) {
380         maxResultSize = max;
381     }
382 
383     /**
384      * Sets whether to merge multiple results into a single result.
385      * 
386      * @param merge Twhether to merge multiple results into a single result
387      */
388     public void setMergeResults(boolean merge) {
389         mergeResults = merge;
390     }
391 
392     /**
393      * Sets whether a query that returns no results is an error condition.
394      * 
395      * @param isError whether a query that returns no results is an error condition
396      */
397     public void setNoResultsIsError(boolean isError) {
398         noResultsIsError = isError;
399     }
400 
401     /**
402      * Sets the initial number of connection to create in the connection pool.
403      * 
404      * @param initialSize initial number of connection to create in the connection pool
405      */
406     public void setPoolInitialSize(int initialSize) {
407         poolInitialSize = initialSize;
408     }
409 
410     /**
411      * Sets the maximum number of idle connection that will be kept in the connection pool.
412      * 
413      * @param maxIdle maximum number of idle connection that will be kept in the connection pool
414      */
415     public void setPoolMaxIdleSize(int maxIdle) {
416         poolMaxIdle = maxIdle;
417     }
418 
419     /**
420      * Sets the principal DN used to bind to the directory.
421      * 
422      * @param principalName principal DN used to bind to the directory
423      */
424     public void setPrincipal(String principalName) {
425         principal = DatatypeHelper.safeTrimOrNullString(principalName);
426     }
427 
428     /**
429      * Sets the credential of the principal DN used to bind to the directory.
430      * 
431      * @param credential credential of the principal DN used to bind to the directory
432      */
433     public void setPrincipalCredential(String credential) {
434         principalCredential = DatatypeHelper.safeTrimOrNullString(credential);
435     }
436 
437     /**
438      * Sets the attributes to return from a query.
439      * 
440      * @param attributes attributes to return from a query
441      */
442     public void setReturnAttributes(String[] attributes) {
443         returnAttributes = attributes;
444     }
445 
446     /**
447      * Sets the search scope of a query.
448      * 
449      * @param scope search scope of a query
450      */
451     public void setSearchScope(SEARCH_SCOPE scope) {
452         searchScope = scope;
453     }
454 
455     /**
456      * Sets the maximum amount of time, in milliseconds, to wait for a search to complete.
457      * 
458      * @param timeLimit maximum amount of time, in milliseconds, to wait for a search to complete
459      */
460     public void setSearchTimeLimit(int timeLimit) {
461         searchTimeLimit = timeLimit;
462     }
463 
464     /**
465      * Sets the template engine used to construct query filters.
466      * 
467      * @param engine template engine used to construct query filters
468      */
469     public void setTemplateEngine(TemplateEngine engine) {
470         templateEngine = engine;
471     }
472 
473     /**
474      * Sets the trust material used when connecting to the LDAP via SSL or TLS.
475      * 
476      * @param credential trust material used when connecting to the LDAP via SSL or TLS
477      */
478     public void setTrustCredential(X509Credential credential) {
479         trustCredential = credential;
480     }
481     
482     /**
483      * Sets whether to use StartTLS when connecting to the LDAP.
484      * 
485      * @param startTLS whether to use StartTLS when connecting to the LDAP
486      */
487     public void setUseStartTLS(boolean startTLS) {
488         useStartTLS = startTLS;
489     }
490 }