Package org.yamcs.security
Class LdapAuthModule
java.lang.Object
org.yamcs.security.LdapAuthModule
- All Implemented Interfaces:
AuthModule
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
authenticationSucceeded
(AuthenticationInfo authenticationInfo) Hook that is called on all AuthModules when a login attempt was successful.Identify the subject based on the given information.getAuthorizationInfo
(AuthenticationInfo authenticationInfo) Retrieve access control information based on the given AuthenticationInfo.getSpec()
Returns the valid configuration of the input args of this AuthModule.void
init
(YConfiguration args) Initialize this AuthModule.boolean
verifyValidity
(AuthenticationInfo authenticationInfo) Verify if previously generated authentication info is (still) valid.
-
Constructor Details
-
LdapAuthModule
public LdapAuthModule()
-
-
Method Details
-
getSpec
Description copied from interface:AuthModule
Returns the valid configuration of the input args of this AuthModule.- Specified by:
getSpec
in interfaceAuthModule
- Returns:
- the argument specification.
-
init
Description copied from interface:AuthModule
Initialize this AuthModule.- Specified by:
init
in interfaceAuthModule
- Parameters:
args
- The configured arguments for this AuthModule. IfAuthModule.getSpec()
is implemented then this contains the arguments after being validated (including any defaults).- Throws:
InitException
- When something goes wrong during the execution of this method.
-
getAuthenticationInfo
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException Description copied from interface:AuthModule
Identify the subject based on the given information.- Specified by:
getAuthenticationInfo
in interfaceAuthModule
- Returns:
- an info object containing the principal of the subject, or
null
if the login failed - Throws:
AuthenticationException
-
authenticationSucceeded
Description copied from interface:AuthModule
Hook that is called on all AuthModules when a login attempt was successful.An example use case is an LDAP AuthModule that queries for additional user information after a successful Kerberos login.
The default implementation does nothing.
- Specified by:
authenticationSucceeded
in interfaceAuthModule
-
getAuthorizationInfo
public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo) throws AuthorizationException Description copied from interface:AuthModule
Retrieve access control information based on the given AuthenticationInfo. This AuthenticationInfo may have been generated by a different AuthModule.- Specified by:
getAuthorizationInfo
in interfaceAuthModule
- Returns:
- an info object containing role/privilege information of the subject
- Throws:
AuthorizationException
-
verifyValidity
Description copied from interface:AuthModule
Verify if previously generated authentication info is (still) valid. For example, if the authentication info references an externally issued expiring ticket, this can be validated here.This method is called very frequently, so implementations must take care to limit external requests.
- Specified by:
verifyValidity
in interfaceAuthModule
- Parameters:
authenticationInfo
- information relevant to the authentication process- Returns:
- true if the authentication info is valid, false otherwise
-