Package edu.vt.middleware.ldap.ed

Class Login

  • All Implemented Interfaces:
    EdAuthService, EdOperation
    public final class Login
extends Object
    Provides methods to perform common authentication and authorization operations using the 2FA directory. As per documentation, if no MultiFactor is provided auto configuration will be used.
    See documentation.
    Author:
    Middleware Services

    • Constructor Detail

      • Login

        public Login()
        Creates a new instance of an ED client object that can perform operations on the production login directory.

      • Login

        public Login​(DirectoryEnv env)
        Creates a new instance of an ED client object that can perform operations on login directory of the given environment.
        Parameters:
        env - Directory environment, e.g. LOCAL|DEV|PPRD|PROD.

    • Method Detail

      • getType

        public DirectoryType getType()
        Description copied from interface: EdOperation
        Gets the class of directory this client operates on.
        Returns:
        Directory type.

      • getEnvironment

        public final DirectoryEnv getEnvironment()
        Description copied from interface: EdOperation
        Gets the environment this client operates on.
        Specified by:
        getEnvironment in interface EdOperation
        Returns:
        Directory environment.

      • getConnectionFactory

        public org.ldaptive.ConnectionFactory getConnectionFactory()
        Description copied from interface: EdOperation
        Gets the underlying connection factory.
        Specified by:
        getConnectionFactory in interface EdOperation
        Returns:
        Connection factory implementation.

      • setEnvironment

        protected void setEnvironment​(DirectoryEnv dirEnv)
        Sets the directory environment this ED client is configured to operate on.
        Parameters:
        dirEnv - Directory environment.

      • initialize

        protected final void initialize()
        Initialize the EdAuth client for use.

        This method must be called after the environment ( setEnvironment(DirectoryEnv)) is set and before any LDAP operations are performed. If the directory type and/or environment are changed, the search client must be re-initialized for the changes to take effect on the next LDAP operation.

      • authenticate

        public final org.ldaptive.LdapEntry authenticate​(String user,
                                                 org.ldaptive.Credential credential,
                                                 String... attributes)
                                          throws org.ldaptive.LdapException
        Description copied from interface: EdAuthService
        This will attempt to authenticate a user against ED-Auth. User should correspond to uupid. Once this method has been called the connection to the LDAP is closed.
        Specified by:
        authenticate in interface EdAuthService
        Parameters:
        user - username for bind
        credential - credential for bind
        attributes - attributes to retrieve (ie EdContext.ALL_ATTR, EdContext.AFFILIATION_ATTR, ...)
        Returns:
        Found LdapEntry
        Throws:
        org.ldaptive.LdapException - if the authentication fails for any reason

      • authorize

        public final void authorize​(org.ldaptive.LdapEntry entry,
                            String authorizationExpression)
                     throws org.ldaptive.LdapException,
                            EdAuthAuthorizationException
        This will attempt to authorize a user's given LdapEntry via the provided authorizationExpression. This method implements authorizationExpression via SpelExpressionParser. Available methods are authorizationExpressions are:
        hasAttributeValue(String attribute, String value) and hasAttribute(String attribute). If the entire expression evaluates to false authorization will fail with EdAuthAuthorizationException. The following is an example authorization expression: (hasAttributeValue('eduPersonAffiliation', 'VT-ACTIVE-MEMBER') && hasAttributeValue('eduPersonAffiliation', 'VT-EMPLOYEE')) || hasAttribute('eduPersonPrimaryAffiliation' )
        Specified by:
        authorize in interface EdAuthService
        Parameters:
        entry - LdapEntry returned from authentication to authorize with
        authorizationExpression - Expression to authorize with
        Throws:
        org.ldaptive.LdapException - if the authentication fails for any reason
        EdAuthAuthorizationException - if the authorization fails for any reason

      • getAffiliations

        public final String[] getAffiliations​(org.ldaptive.LdapEntry result)
        Description copied from interface: EdAuthService
        This returns all the affiliations for the supplied entry.
        Specified by:
        getAffiliations in interface EdAuthService
        Parameters:
        result - LdapEntry to parse
        Returns:
        user's affiliations

      • getGroupMembership

        public final String[] getGroupMembership​(org.ldaptive.LdapEntry result)
        Description copied from interface: EdAuthService
        This returns all the group memberships for the supplied entry.
        Specified by:
        getGroupMembership in interface EdAuthService
        Parameters:
        result - LdapEntry to parse
        Returns:
        user's group memberships