Package org.sakaiproject.component.kerberos.user

Class KerberosUserDirectoryProvider

  • All Implemented Interfaces:
    org.sakaiproject.user.api.UserDirectoryProvider
    public class KerberosUserDirectoryProvider
extends Object
implements org.sakaiproject.user.api.UserDirectoryProvider

    KerberosUserDirectoryProvider is a UserDirectoryProvider that authenticates usernames using Kerberos.

    For more information on configuration, see the README.txt file

    • Field Detail

      • m_domain

        protected String m_domain
        Configuration: Domain

      • m_logincontext

        protected String m_logincontext
        Configuration: LoginContext

      • m_servicelogincontext

        protected String m_servicelogincontext
        Configuration: ServiceLoginContext

      • m_serviceprincipal

        protected String m_serviceprincipal
        Configuration: ServicePrincipal

      • m_requirelocalaccount

        protected boolean m_requirelocalaccount
        Configuration: RequireLocalAccount

      • m_knownusermsg

        protected String m_knownusermsg
        Configuration: KnownUserMsg

    • Constructor Detail

      • KerberosUserDirectoryProvider

        public KerberosUserDirectoryProvider()

    • Method Detail

      • setDomain

        public void setDomain​(String domain)
        Configuration: Domain Name (for E-Mail Addresses)
        Parameters:
        domain - The domain in the form of "domain.tld"

      • setLoginContext

        public void setLoginContext​(String logincontext)
        Configuration: Authentication Name
        Parameters:
        logincontext - The context to be used from the login.config file - default "KerberosAuthentication"

      • setServiceLoginContext

        public void setServiceLoginContext​(String serviceLoginContext)
        Configuration: Service Authentication Name
        Parameters:
        serviceLoginContext - The context for the service to be used from the login.config file - default "ServiceKerberosAuthentication"

      • setServicePrincipal

        public void setServicePrincipal​(String serviceprincipal)
        Configuration: GSSAPI Service Principal
        Parameters:
        serviceprincipal - The name of the service principal for GSSAPI. Needs to be set.

      • setRequireLocalAccount

        public void setRequireLocalAccount​(Boolean requirelocalaccount)
        Configuration: Require Local Account
        Parameters:
        requirelocalaccount - Determine if a local account is required for user to authenticate - default "true"

      • setKnownUserMsg

        public void setKnownUserMsg​(String knownusermsg)
        Configuration: Kerberos Error Message
        Parameters:
        knownusermsg - Start of error returned for bad logins by known users - default is from RFC 1510

      • setCachettl

        public void setCachettl​(int cachettl)
        Deprecated.
        No longer used. Use standard cache settings instead.
        Configuration: Cache TTL
        Parameters:
        cachettl - Time (in milliseconds) to cache authenticated usernames

      • init

        public void init()
        Final initialization, once all dependencies are set.

      • destroy

        public void destroy()
        Returns to uninitialized state. You can use this method to release resources that your Service allocated when Spring shuts down.

      • getUser

        public boolean getUser​(org.sakaiproject.user.api.UserEdit edit)
        Access a user object. Update the object with the information found.
        Specified by:
        getUser in interface org.sakaiproject.user.api.UserDirectoryProvider
        Parameters:
        edit - The user object (id is set) to fill in.
        Returns:
        true if the user object was found and information updated, false if not.

      • getUsers

        public void getUsers​(Collection<org.sakaiproject.user.api.UserEdit> users)
        Access a collection of UserEdit objects; if the user is found, update the information, otherwise remove the UserEdit object from the collection.
        Specified by:
        getUsers in interface org.sakaiproject.user.api.UserDirectoryProvider
        Parameters:
        users - The UserEdit objects (with id set) to fill in or remove.

      • findUserByEmail

        public boolean findUserByEmail​(org.sakaiproject.user.api.UserEdit edit,
                               String email)
        Find a user object who has this email address. Update the object with the information found.
        Specified by:
        findUserByEmail in interface org.sakaiproject.user.api.UserDirectoryProvider
        Parameters:
        email - The email address string.
        Returns:
        true if the user object was found and information updated, false if not.

      • authenticateUser

        public boolean authenticateUser​(String userId,
                                org.sakaiproject.user.api.UserEdit edit,
                                String password)
        Authenticate a user / password.
        Specified by:
        authenticateUser in interface org.sakaiproject.user.api.UserDirectoryProvider
        Parameters:
        id - The user id.
        edit - The UserEdit matching the id to be authenticated (and updated) if we have one.
        password - The password.
        Returns:
        true if authenticated, false if not.

      • authenticateWithProviderFirst

        public boolean authenticateWithProviderFirst​(String id)
        Specified by:
        authenticateWithProviderFirst in interface org.sakaiproject.user.api.UserDirectoryProvider