Module io.inverno.mod.security.ldap
Package io.inverno.mod.security.ldap.identity

Class LDAPIdentityResolver

java.lang.Object
io.inverno.mod.security.ldap.identity.LDAPIdentityResolver
All Implemented Interfaces:
IdentityResolver<LDAPAuthentication,LDAPIdentity>
public class LDAPIdentityResolver extends Object implements IdentityResolver<LDAPAuthentication,LDAPIdentity>

LDAP identity resolver used to resolve the identity of an authenticated user from an LDAP server.

It searches user entries in an LDAP server based on the DN and uid provided by the LDAP authentication. The attributes to retrieve can be specified and the resulting LDAPIdentity shall only contains these ones. By default it resolves: uid, sn, cn, grivenName, displayName, mail, title, telephoneNumber, mobile and jpegPhoto.

Since:
1.5
Author:
Jeremy Kuhn

  • Field Details

    • DEFAULT_SEARCH_USER_FILTER

      public static final String DEFAULT_SEARCH_USER_FILTER
      The default search user filter.
      See Also:

    • DEFAULT_SEARCH_ATTRIBUTES

      public static final String[] DEFAULT_SEARCH_ATTRIBUTES
      The default attributes to resolve.

  • Constructor Details

    • LDAPIdentityResolver

      public LDAPIdentityResolver(LDAPClient ldapClient)

      Creates an LDAP identity resolver.

      Parameters:
      ldapClient - the LDAP client

    • LDAPIdentityResolver

      public LDAPIdentityResolver(LDAPClient ldapClient, String... attributes)

      Creates an LDAP identity resolver that resolves the specified attributes.

      Parameters:
      ldapClient - the LDAP client
      attributes - the attributes to resolve

    • LDAPIdentityResolver

      public LDAPIdentityResolver(LDAPClient ldapClient, String searchUserFilter)

      Creates an LDAP identity resolver with the specified search user filter.

      Parameters:
      ldapClient - the LDAP client
      searchUserFilter - a filter

    • LDAPIdentityResolver

      public LDAPIdentityResolver(LDAPClient ldapClient, String searchUserFilter, String... attributes)

      Creates an LDAP identity resolver with the specified search user filter that resolves the specified attributes.

      Parameters:
      ldapClient - the LDAP client
      searchUserFilter - a filter
      attributes - the attributes to resolve

  • Method Details

    • getAttributes

      public String[] getAttributes()

      Returns the attributes resolved by the resolver.

      Returns:
      the attributes to resolve

    • getSearchUserFilter

      public String getSearchUserFilter()

      Returns the search user filter.

      Returns:
      a filter

    • resolveIdentity

      public Mono<LDAPIdentity> resolveIdentity(LDAPAuthentication authentication) throws IdentityException
      Description copied from interface: IdentityResolver

      Resolves the identity of the authenticated entity from the specified authentication.

      Specified by:
      resolveIdentity in interface IdentityResolver<LDAPAuthentication,LDAPIdentity>
      Parameters:
      authentication - an authentication
      Returns:
      a mono emitting the resolved identity or an empty mono if no identity could have been resolved
      Throws:
      IdentityException - of there was an error resolving the identity