Package org.dspace.authenticate

Class LDAPAuthentication

  • All Implemented Interfaces:
    AuthenticationMethod
    public class LDAPAuthentication
extends Object
implements AuthenticationMethod
    This combined LDAP authentication method supersedes both the 'LDAPAuthentication' and the 'LDAPHierarchicalAuthentication' methods. It's capable of both:
    • authentication against a flat LDAP tree where all users are in the same unit (if search.user or search.password is not set)
    • authentication against structured hierarchical LDAP trees of users.
    An initial bind is required using a user name and password in order to search the tree and find the DN of the user. A second bind is then required to check the credentials of the user by binding directly to their DN.
    Author:
    Stuart Lewis, Chris Yates, Alex Barbieri, Flavio Botelho, Reuben Pasquini, Samuel Ottenhoff, Ivan Masár, Michael Plate

    • Constructor Detail

      • LDAPAuthentication

        public LDAPAuthentication()

    • Method Detail

      • canSelfRegister

        public boolean canSelfRegister​(Context context,
                               javax.servlet.http.HttpServletRequest request,
                               String username)
                        throws SQLException
        Let a real auth method return true if it wants.
        Specified by:
        canSelfRegister in interface AuthenticationMethod
        Parameters:
        context - DSpace context
        request - HTTP request, in case it's needed. May be null.
        username - Username, if available. May be null.
        Returns:
        true if new ePerson should be created.
        Throws:
        SQLException - if database error

      • initEPerson

        public void initEPerson​(Context context,
                        javax.servlet.http.HttpServletRequest request,
                        EPerson eperson)
                 throws SQLException
        Nothing here, initialization is done when auto-registering.
        Specified by:
        initEPerson in interface AuthenticationMethod
        Parameters:
        context - DSpace context
        request - HTTP request, in case it's needed. May be null.
        eperson - newly created EPerson record - email + information from the registration form will have been filled out.
        Throws:
        SQLException - if database error

      • allowSetPassword

        public boolean allowSetPassword​(Context context,
                                javax.servlet.http.HttpServletRequest request,
                                String username)
                         throws SQLException
        Cannot change LDAP password through dspace, right?
        Specified by:
        allowSetPassword in interface AuthenticationMethod
        Parameters:
        context - DSpace context
        request - HTTP request, in case it's needed. May be null.
        username - Username, if available. May be null.
        Returns:
        true if this method allows user to change ePerson password.
        Throws:
        SQLException - if database error

      • isImplicit

        public boolean isImplicit()
        This is an explicit method.
        Specified by:
        isImplicit in interface AuthenticationMethod
        Returns:
        true if this method uses implicit authentication.

      • getSpecialGroups

        public List<Group> getSpecialGroups​(Context context,
                                    javax.servlet.http.HttpServletRequest request)
        Add authenticated users to the group defined in dspace.cfg by the login.specialgroup key.
        Specified by:
        getSpecialGroups in interface AuthenticationMethod
        Parameters:
        context - A valid DSpace context.
        request - The request that started this operation, or null if not applicable.
        Returns:
        array of EPerson-group IDs, possibly 0-length, but never null.

      • authenticate

        public int authenticate​(Context context,
                        String netid,
                        String password,
                        String realm,
                        javax.servlet.http.HttpServletRequest request)
                 throws SQLException
        Authenticate the given credentials. This is the heart of the authentication method: test the credentials for authenticity, and if accepted, attempt to match (or optionally, create) an EPerson. If an EPerson is found it is set in the Context that was passed.
        Specified by:
        authenticate in interface AuthenticationMethod
        Parameters:
        context - DSpace context, will be modified (ePerson set) upon success.
        netid - Username (or email address) when method is explicit. Use null for implicit method.
        password - Password for explicit auth, or null for implicit method.
        realm - Realm is an extra parameter used by some authentication methods, leave null if not applicable.
        request - The HTTP request that started this operation, or null if not applicable.
        Returns:
        One of: SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS

        Meaning:
        SUCCESS - authenticated OK.
        BAD_CREDENTIALS - user exists, but credentials (e.g. passwd) don't match
        CERT_REQUIRED - not allowed to login this way without X.509 cert.
        NO_SUCH_USER - user not found using this method.
        BAD_ARGS - user/pw not appropriate for this method

        Throws:
        SQLException - if database error

      • loginPageURL

        public String loginPageURL​(Context context,
                           javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response)
        Returns the URL of an external login page which is not applicable for this authn method. Note: Prior to DSpace 7, this method return the page of login servlet.
        Specified by:
        loginPageURL in interface AuthenticationMethod
        Parameters:
        context - DSpace context, will be modified (ePerson set) upon success.
        request - The HTTP request that started this operation, or null if not applicable.
        response - The HTTP response from the servlet method.
        Returns:
        fully-qualified URL

      • isUsed

        public boolean isUsed​(Context context,
                      javax.servlet.http.HttpServletRequest request)
        Description copied from interface: AuthenticationMethod
        Get whether the authentication method is being used.
        Specified by:
        isUsed in interface AuthenticationMethod
        Parameters:
        context - The DSpace context
        request - The current request
        Returns:
        whether the authentication method is being used.

      • canChangePassword

        public boolean canChangePassword​(Context context,
                                 EPerson ePerson,
                                 String currentPassword)
        Description copied from interface: AuthenticationMethod
        Check if the given current password is valid to change the password of the given ePerson
        Specified by:
        canChangePassword in interface AuthenticationMethod
        Parameters:
        context - The DSpace context
        ePerson - the ePerson related to the password change
        currentPassword - The current password to check
        Returns:
        true if the provided password matches with current password