001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.isis.extensions.shirorealmldap.realm.impl; 020 021import java.util.Hashtable; 022 023import javax.naming.Context; 024import javax.naming.NamingException; 025import javax.naming.ldap.LdapContext; 026 027import org.apache.shiro.realm.ldap.JndiLdapContextFactory; 028 029/** 030 * An extension of {@link JndiLdapContextFactory} that allows a different authentication mechanism 031 * for system-level authentications (as used by authorization lookups, for example) 032 * compared to regular authentication. 033 * 034 * <p> 035 * See {@link IsisLdapRealm} for typical configuration within <tt>shiro.ini</tt>. 036 */ 037public class IsisLdapContextFactory extends JndiLdapContextFactory { 038 039 private String systemAuthenticationMechanism; 040 041 @SuppressWarnings({ "unchecked"}) 042 @Override 043 protected LdapContext createLdapContext(Hashtable env) throws NamingException { 044 if(getSystemUsername() != null && getSystemUsername().equals(env.get(Context.SECURITY_PRINCIPAL))) { 045 env.put(Context.SECURITY_AUTHENTICATION, getSystemAuthenticationMechanism()); 046 } 047 return super.createLdapContext(env); 048 } 049 050 public String getSystemAuthenticationMechanism() { 051 return systemAuthenticationMechanism != null? systemAuthenticationMechanism: getAuthenticationMechanism(); 052 } 053 public void setSystemAuthenticationMechanism(String systemAuthenticationMechanism) { 054 this.systemAuthenticationMechanism = systemAuthenticationMechanism; 055 } 056 057 058}