Package edu.vt.middleware.ldap.ed

Class EdAuth

  • All Implemented Interfaces:
    EdAuthService, EdOperation
    public final class EdAuth
extends Object
    EdAuth provides methods to perform common authentication and authorization operations.
    Author:
    Middleware Services

    • Constructor Detail

      • EdAuth

        public EdAuth()
        Creates a new instance of an ED client object that can perform operations on the production ED-Auth directory.

      • EdAuth

        public EdAuth​(DirectoryEnv env)
        Creates a new instance of an ED client object that can perform operations on an ED-Auth directory of the given environment.
        Parameters:
        env - Directory environment, e.g. LOCAL|DEV|PPRD|PROD.

    • Method Detail

      • getType

        public DirectoryType getType()
        Description copied from interface: EdOperation
        Gets the class of directory this client operates on.
        Returns:
        Directory type.

      • getEnvironment

        public final DirectoryEnv getEnvironment()
        Description copied from interface: EdOperation
        Gets the environment this client operates on.
        Specified by:
        getEnvironment in interface EdOperation
        Returns:
        Directory environment.

      • getConnectionFactory

        public org.ldaptive.ConnectionFactory getConnectionFactory()
        Description copied from interface: EdOperation
        Gets the underlying connection factory.
        Specified by:
        getConnectionFactory in interface EdOperation
        Returns:
        Connection factory implementation.

      • setEnvironment

        protected void setEnvironment​(DirectoryEnv dirEnv)
        Sets the directory environment this ED client is configured to operate on.
        Parameters:
        dirEnv - Directory environment.

      • initialize

        protected final void initialize()
        Initialize the EdAuth client for use.

        This method must be called after the environment ( setEnvironment(DirectoryEnv)) is set and before any LDAP operations are performed. If the directory type and/or environment are changed, the search client must be re-initialized for the changes to take effect on the next LDAP operation.

      • authenticate

        public final org.ldaptive.LdapEntry authenticate​(String user,
                                                 org.ldaptive.Credential credential,
                                                 String... attributes)
                                          throws org.ldaptive.LdapException
        Description copied from interface: EdAuthService
        This will attempt to authenticate a user against ED-Auth. User should correspond to uupid. Once this method has been called the connection to the LDAP is closed.
        Specified by:
        authenticate in interface EdAuthService
        Parameters:
        user - username for bind
        credential - credential for bind
        attributes - attributes to retrieve (ie EdContext.ALL_ATTR, EdContext.AFFILIATION_ATTR, ...)
        Returns:
        Found LdapEntry
        Throws:
        org.ldaptive.LdapException - if the authentication fails for any reason

      • authorize

        public final void authorize​(org.ldaptive.LdapEntry entry,
                            String authorizationExpression)
                     throws org.ldaptive.LdapException,
                            EdAuthAuthorizationException
        This will attempt to authorize a user's given LdapEntry via the provided authorizationExpression. This method implements authorizationExpression via SpelExpressionParser. Available methods are authorizationExpressions are:
        hasAttributeValue(String attribute, String value) and hasAttribute(String attribute). If the entire expression evaluates to false authorization will fail with EdAuthAuthorizationException. The following is an example authorization expression: (hasAttributeValue('eduPersonAffiliation', 'VT-ACTIVE-MEMBER') && hasAttributeValue('eduPersonAffiliation', 'VT-EMPLOYEE')) || hasAttribute('eduPersonPrimaryAffiliation' )
        Specified by:
        authorize in interface EdAuthService
        Parameters:
        entry - LdapEntry returned from authentication to authorize with
        authorizationExpression - Expression to authorize with
        Throws:
        org.ldaptive.LdapException - if the authentication fails for any reason
        EdAuthAuthorizationException - if the authorization fails for any reason

      • getAffiliations

        public final String[] getAffiliations​(org.ldaptive.LdapEntry result)
        Description copied from interface: EdAuthService
        This returns all the affiliations for the supplied entry.
        Specified by:
        getAffiliations in interface EdAuthService
        Parameters:
        result - LdapEntry to parse
        Returns:
        user's affiliations

      • getGroupMembership

        public final String[] getGroupMembership​(org.ldaptive.LdapEntry result)
        Description copied from interface: EdAuthService
        This returns all the group memberships for the supplied entry.
        Specified by:
        getGroupMembership in interface EdAuthService
        Parameters:
        result - LdapEntry to parse
        Returns:
        user's group memberships