LDAPAuthentication (DSpace Kernel :: API and Implementation 4.4 API)

java.lang.Object
- org.dspace.authenticate.LDAPAuthentication

All Implemented Interfaces:

AuthenticationMethod
```
public class LDAPAuthentication
extends Object
implements AuthenticationMethod
```
This combined LDAP authentication method supersedes both the 'LDAPAuthentication' and the 'LDAPHierarchicalAuthentication' methods. It's capable of both: - authenticaton against a flat LDAP tree where all users are in the same unit (if search.user or search.password is not set) - authentication against structured hierarchical LDAP trees of users. An initial bind is required using a user name and password in order to search the tree and find the DN of the user. A second bind is then required to check the credentials of the user by binding directly to their DN.

Version:

$Revision$

Author:

Stuart Lewis, Chris Yates, Alex Barbieri, Flavio Botelho, Reuben Pasquini, Samuel Ottenhoff, Ivan Masár

Field Summary
- Fields inherited from interface org.dspace.authenticate.AuthenticationMethod
  BAD_ARGS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, SUCCESS

Constructor Summary

Constructors
Constructor and Description

LDAPAuthentication()

Constructors
Constructor and Description
`LDAPAuthentication()`

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`allowSetPassword(Context context, javax.servlet.http.HttpServletRequest request, String username)` Cannot change LDAP password through dspace, right?
`int`	`authenticate(Context context, String netid, String password, String realm, javax.servlet.http.HttpServletRequest request)` Authenticate the given or implicit credentials.
`boolean`	`canSelfRegister(Context context, javax.servlet.http.HttpServletRequest request, String username)` Let a real auth method return true if it wants.
`int[]`	`getSpecialGroups(Context context, javax.servlet.http.HttpServletRequest request)` Get list of extra groups that user implicitly belongs to.
`void`	`initEPerson(Context context, javax.servlet.http.HttpServletRequest request, EPerson eperson)` Nothing here, initialization is done when auto-registering.
`boolean`	`isImplicit()` Predicate, is this an implicit authentication method.
`String`	`loginPageTitle(Context context)` Returns message key for title of the "login" page, to use in a menu showing the choice of multiple login methods.
`String`	`loginPageURL(Context context, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Get login page to which to redirect.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - LDAPAuthentication
```
public LDAPAuthentication()
```
- Method Detail
  - canSelfRegister
```
public boolean canSelfRegister(Context context,
                      javax.servlet.http.HttpServletRequest request,
                      String username)
                        throws SQLException
```
    Let a real auth method return true if it wants.
    
    Specified by:
    
    canSelfRegister in interface AuthenticationMethod
    
    Parameters:
    context - DSpace context
    request - HTTP request, in case it's needed. May be null.
    username - Username, if available. May be null.
    
    Returns:
    true if new ePerson should be created.
    
    Throws:
    
    SQLException
  - initEPerson
```
public void initEPerson(Context context,
               javax.servlet.http.HttpServletRequest request,
               EPerson eperson)
                 throws SQLException
```
    Nothing here, initialization is done when auto-registering.
    
    Specified by:
    
    initEPerson in interface AuthenticationMethod
    
    Parameters:
    context - DSpace context
    request - HTTP request, in case it's needed. May be null.
    eperson - newly created EPerson record - email + information from the registration form will have been filled out.
    
    Throws:
    
    SQLException
  - allowSetPassword
```
public boolean allowSetPassword(Context context,
                       javax.servlet.http.HttpServletRequest request,
                       String username)
                         throws SQLException
```
    Cannot change LDAP password through dspace, right?
    
    Specified by:
    
    allowSetPassword in interface AuthenticationMethod
    
    Parameters:
    context - DSpace context
    request - HTTP request, in case it's needed. May be null.
    username - Username, if available. May be null.
    
    Returns:
    true if this method allows user to change ePerson password.
    
    Throws:
    
    SQLException
  - isImplicit
```
public boolean isImplicit()
```
    Description copied from interface: AuthenticationMethod
    
    Predicate, is this an implicit authentication method. An implicit method gets credentials from the environment (such as an HTTP request or even Java system properties) rather than the explicit username and password. For example, a method that reads the X.509 certificates in an HTTPS request is implicit.
    
    Specified by:
    
    isImplicit in interface AuthenticationMethod
    
    Returns:
    true if this method uses implicit authentication.
  - getSpecialGroups
```
public int[] getSpecialGroups(Context context,
                     javax.servlet.http.HttpServletRequest request)
```
    Description copied from interface: AuthenticationMethod
    
    Get list of extra groups that user implicitly belongs to. Note that this method will be invoked regardless of the authentication status of the user (logged-in or not) e.g. a group that depends on the client network-address.
    It might make sense to implement this method by itself in a separate authentication method that just adds special groups, if the code doesn't belong with any existing auth method. The stackable authentication system was designed expressly to separate functions into "stacked" methods to keep your site-specific code modular and tidy.
    
    Specified by:
    
    getSpecialGroups in interface AuthenticationMethod
    
    Parameters:
    context - A valid DSpace context.
    request - The request that started this operation, or null if not applicable.
    
    Returns:
    array of EPerson-group IDs, possibly 0-length, but never null.
  - authenticate
```
public int authenticate(Context context,
               String netid,
               String password,
               String realm,
               javax.servlet.http.HttpServletRequest request)
                 throws SQLException
```
    Description copied from interface: AuthenticationMethod
    
    Authenticate the given or implicit credentials. This is the heart of the authentication method: test the credentials for authenticity, and if accepted, attempt to match (or optionally, create) an EPerson. If an EPerson is found it is set in the Context that was passed.
    
    Specified by:
    
    authenticate in interface AuthenticationMethod
    
    Parameters:
    context - DSpace context, will be modified (ePerson set) upon success.
    netid - Username (or email address) when method is explicit. Use null for implicit method.
    password - Password for explicit auth, or null for implicit method.
    realm - Realm is an extra parameter used by some authentication methods, leave null if not applicable.
    request - The HTTP request that started this operation, or null if not applicable.
    
    Returns:
    One of: SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS
    Meaning:
    SUCCESS - authenticated OK.
    BAD_CREDENTIALS - user exists, but credentials (e.g. passwd) don't match
    CERT_REQUIRED - not allowed to login this way without X.509 cert.
    NO_SUCH_USER - user not found using this method.
    BAD_ARGS - user/pw not appropriate for this method
    
    Throws:
    
    SQLException
  - loginPageURL
```
public String loginPageURL(Context context,
                  javax.servlet.http.HttpServletRequest request,
                  javax.servlet.http.HttpServletResponse response)
```
    Description copied from interface: AuthenticationMethod
    
    Get login page to which to redirect. Returns URL (as string) to which to redirect to obtain credentials (either password prompt or e.g. HTTPS port for client cert.); null means no redirect.
    
    Specified by:
    
    loginPageURL in interface AuthenticationMethod
    
    Parameters:
    context - DSpace context, will be modified (ePerson set) upon success.
    request - The HTTP request that started this operation, or null if not applicable.
    response - The HTTP response from the servlet method.
    
    Returns:
    fully-qualified URL or null
  - loginPageTitle
```
public String loginPageTitle(Context context)
```
    Returns message key for title of the "login" page, to use in a menu showing the choice of multiple login methods.
    
    Specified by:
    
    loginPageTitle in interface AuthenticationMethod
    
    Parameters:
    context - DSpace context, will be modified (ePerson set) upon success.
    
    Returns:
    Message key to look up in i18n message catalog.

Class LDAPAuthentication

Field Summary

Fields inherited from interface org.dspace.authenticate.AuthenticationMethod

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

LDAPAuthentication

Method Detail

canSelfRegister

initEPerson

allowSetPassword

isImplicit

getSpecialGroups

authenticate

loginPageURL

loginPageTitle