SimpleAuthenticator (ApacheDS)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.directory.server.core.authn
Class SimpleAuthenticator

java.lang.Object
  org.apache.directory.server.core.authn.AbstractAuthenticator
      org.apache.directory.server.core.authn.SimpleAuthenticator

All Implemented Interfaces:: Authenticator

public class SimpleAuthenticator
extends AbstractAuthenticator

A simple Authenticator that authenticates clear text passwords contained within the userPassword attribute in DIT. If the password is stored with a one-way encryption applied (e.g. SHA), the password is hashed the same way before comparison.

Author:: Apache Directory Project

Constructor Summary
`SimpleAuthenticator()` Creates a new instance.

Method Summary
`LdapPrincipal`	`authenticate(LdapDN principalDn, ServerContext ctx)` Looks up `userPassword` attribute of the entry whose name is the value of `Context.SECURITY_PRINCIPAL` environment variable, and authenticates a user with the plain-text password.
`protected java.lang.String`	`createDigestedPassword(java.lang.String algorithm, java.lang.Object password)` Creates a digested password.
`protected java.lang.String`	`getAlgorithmForHashedPassword(java.lang.Object password)` Get the algorithm of a password, which is stored in the form "{XYZ}...".
`void`	`invalidateCache(LdapDN bindDn)` Does nothing leaving it so subclasses can override.
`protected boolean`	`isPasswordOneWayEncrypted(java.lang.Object password)` Checks if the argument is one-way encryped.
`protected byte[]`	`lookupUserPassword(LdapDN principalDn)`

Methods inherited from class org.apache.directory.server.core.authn.AbstractAuthenticator

createLdapPrincipal, destroy, doDestroy, doInit, getAuthenticatorType, getConfiguration, getFactoryConfiguration, init

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SimpleAuthenticator

public SimpleAuthenticator()

Creates a new instance.

Method Detail

authenticate

public LdapPrincipal authenticate(LdapDN principalDn,
                                  ServerContext ctx)
                           throws javax.naming.NamingException

Looks up userPassword attribute of the entry whose name is the value of Context.SECURITY_PRINCIPAL environment variable, and authenticates a user with the plain-text password.

Specified by:: authenticate in interface Authenticator
Specified by:: authenticate in class AbstractAuthenticator

Throws:: javax.naming.NamingException

lookupUserPassword

protected byte[] lookupUserPassword(LdapDN principalDn)
                             throws javax.naming.NamingException

Throws:: javax.naming.NamingException

isPasswordOneWayEncrypted

protected boolean isPasswordOneWayEncrypted(java.lang.Object password)

Checks if the argument is one-way encryped. If it is a string or a byte-array which looks like "{XYZ}...", and XYZ is a known lessage digest, the method returns true. The method does not throw an exception otherwise, e.g. if the algorithm XYZ is not known to the runtime.

Parameters:: password - agument, either a string or a byte-array
Returns:: true, if the value is a digested password with algorithm included

getAlgorithmForHashedPassword

protected java.lang.String getAlgorithmForHashedPassword(java.lang.Object password)
                                                  throws java.lang.IllegalArgumentException

Get the algorithm of a password, which is stored in the form "{XYZ}...". The method returns null, if the argument is not in this form. It returns XYZ, if XYZ is an algorithm known to the MessageDigest class of java.security.

Returns:: included message digest alorithm, if any
Throws:: java.lang.IllegalArgumentException

createDigestedPassword

protected java.lang.String createDigestedPassword(java.lang.String algorithm,
                                                  java.lang.Object password)
                                           throws java.security.NoSuchAlgorithmException,
                                                  java.lang.IllegalArgumentException

Creates a digested password. For a given hash algorithm and a password value, the algorithm is applied to the password, and the result is Base64 encoded. The method returns a String which looks like "{XYZ}bbbbbbb", whereas XYZ is the name of the algorithm, and bbbbbbb is the Base64 encoded value of XYZ applied to the password.

Parameters:: algorithm - an algorithm which is supported by java.security.MessageDigest, e.g. SHA; password - password value, either a string or a byte[]
Returns:: a digested password, which looks like {SHA}LhkDrSoM6qr0fW6hzlfOJQW61tc=
Throws:: java.lang.IllegalArgumentException - if password is neither a String nor a byte[], or algorithm is not known to java.security.MessageDigest class; java.security.NoSuchAlgorithmException

invalidateCache

public void invalidateCache(LdapDN bindDn)

Description copied from class: AbstractAuthenticator

Does nothing leaving it so subclasses can override.

Specified by:: invalidateCache in interface Authenticator
Overrides:: invalidateCache in class AbstractAuthenticator