org.apache.directory.server.core.authn

Class SimpleAuthenticator

java.lang.Object

org.apache.directory.server.core.authn.AbstractAuthenticator

org.apache.directory.server.core.authn.SimpleAuthenticator

All Implemented Interfaces:

Authenticator

public class SimpleAuthenticator
extends AbstractAuthenticator

A simple Authenticator that authenticates clear text passwords contained within the userPassword attribute in DIT. If the password is stored with a one-way encryption applied (e.g. SHA), the password is hashed the same way before comparison. We use a cache to speedup authentication, where the Dn/password are stored.

Author:

Apache Directory Project

Field Summary

Fields inherited from class org.apache.directory.server.core.authn.AbstractAuthenticator

LOG

Constructor Summary

Constructors

Constructor and Description
SimpleAuthenticator() Creates a new instance.
SimpleAuthenticator(org.apache.directory.api.ldap.model.name.Dn baseDn) Creates a new instance.
SimpleAuthenticator(int cacheSize) Creates a new instance, with an initial cache size
SimpleAuthenticator(int cacheSize, org.apache.directory.api.ldap.model.name.Dn baseDn) Creates a new instance, with an initial cache size

Method Summary

Modifier and Type	Method and Description
org.apache.directory.server.core.api.LdapPrincipal	authenticate(org.apache.directory.server.core.api.interceptor.context.BindOperationContext bindContext) Looks up userPassword attribute of the entry whose name is the value of Context#SECURITY_PRINCIPAL environment variable, and authenticates a user with the plain-text password.
void	invalidateCache(org.apache.directory.api.ldap.model.name.Dn bindDn) Remove the principal form the cache.

Methods inherited from class org.apache.directory.server.core.authn.AbstractAuthenticator

checkPwdPolicy, destroy, doDestroy, doInit, getAuthenticatorType, getBaseDn, getDirectoryService, init, isValid, setBaseDn

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SimpleAuthenticator

public SimpleAuthenticator()

Creates a new instance.

SimpleAuthenticator

public SimpleAuthenticator(org.apache.directory.api.ldap.model.name.Dn baseDn)

Creates a new instance.

See Also:

AbstractAuthenticator

SimpleAuthenticator

public SimpleAuthenticator(int cacheSize)

Creates a new instance, with an initial cache size

Parameters:

cacheSize - the size of the credential cache

SimpleAuthenticator

public SimpleAuthenticator(int cacheSize,
                           org.apache.directory.api.ldap.model.name.Dn baseDn)

Creates a new instance, with an initial cache size

Parameters:

cacheSize - the size of the credential cache

Method Detail

authenticate

public org.apache.directory.server.core.api.LdapPrincipal authenticate(org.apache.directory.server.core.api.interceptor.context.BindOperationContext bindContext)
                                                                throws org.apache.directory.api.ldap.model.exception.LdapException

Looks up userPassword attribute of the entry whose name is the value of Context#SECURITY_PRINCIPAL environment variable, and authenticates a user with the plain-text password.

Parameters:

bindContext - The Bind context

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

invalidateCache

public void invalidateCache(org.apache.directory.api.ldap.model.name.Dn bindDn)

Remove the principal form the cache. This is used when the user changes his password.

Specified by:

invalidateCache in interface Authenticator

Overrides:

invalidateCache in class AbstractAuthenticator

Parameters:

bindDn - the already normalized distinguished name of the bind principal