Class ActiveDirectoryUserSource
- java.lang.Object
-
- com.inductiveautomation.ignition.gateway.user.UserSourceProfileKernelWrapper
-
- com.inductiveautomation.ignition.gateway.user.AbstractUserSourceProfile
-
- com.inductiveautomation.ignition.gateway.authentication.impl.ActiveDirectoryUserSource
-
- All Implemented Interfaces:
SSOCompatibleADUserSource
,UserSourceProfile
,UserSourceProfileKernel
public class ActiveDirectoryUserSource extends AbstractUserSourceProfile implements SSOCompatibleADUserSource
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DEFAULT_ROLE_LIST_FILTER
Default group search filter for finding all groupsstatic java.lang.String
DEFAULT_USER_LIST_FILTER
Default group search filter for finding all usersstatic java.lang.String
DEFAULT_USER_SEARCH_FILTER
Default user search filter for looking for a single user-
Fields inherited from interface com.inductiveautomation.ignition.gateway.user.UserSourceProfile
PWD_EXPIRATION_BYPASS
-
-
Constructor Summary
Constructors Constructor Description ActiveDirectoryUserSource(UserSourceProfileKernel kernel)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthenticatedUser
authenticate(AuthChallenge challenge)
Called to both verify authentication for a given username/password pair, and to find the security roles for that user.AuthenticatedUser
authenticateAD(AuthChallenge challenge)
Callback to the standard, non-SSO version of this user source's auth logicUser
findSSOUser(java.lang.String uname)
Used by the SSO helper in order to search for a user with a given username.java.util.Collection<java.lang.String>
getRoles()
java.util.Optional<User>
getUser(java.lang.String userName)
Fetch aUser
with the given user name.java.util.Collection<User>
getUsers()
Retrieve all users from this profile.static void
main(java.lang.String[] args)
void
setAllowAnon(boolean anon)
void
setEmailAttribute(java.lang.String emailAttribute)
void
setFullNameAttribute(java.lang.String fullNameAttribute)
void
setLdapHost(java.lang.String ldapHost)
void
setLdapPort(java.lang.String ldapPort)
void
setPageSize(int size)
void
setPhoneAttribute(java.lang.String phoneAttribute)
void
setProfilePassword(java.lang.String profilePassword)
void
setProfileUsername(java.lang.String profileUsername)
void
setReadTimeout(java.lang.Long readTimeout)
void
setReferral(LDAPHelper.ReferralType referral)
void
setRoleNameAttribute(java.lang.String roleNameAttribute)
void
setRoleSearchBase(java.lang.String roleSearchBase)
void
setRoleSearchFilter(java.lang.String roleSearchFilter)
void
setSaslConfig(SASLConfig saslConfig)
void
setSecondaryLdapHost(java.lang.String secondaryLdapHost)
void
setSecondaryLdapPort(java.lang.String secondaryLdapPort)
void
setSecurityAuthentication(LDAPHelper.AuthType securityAuthentication)
void
setSecurityProtocol(LDAPHelper.ProtocolType securityProtocol)
void
setSmsAttribute(java.lang.String smsAttribute)
void
setSSODomain(java.lang.String ssoDomain)
void
setSSOEnabled(boolean enabled)
void
setUserListFilter(java.lang.String userListFilter)
void
setUserNameAttribute(java.lang.String usernameAttribute)
void
setUsernamePrefix(java.lang.String usernamePrefix)
void
setUsernameSuffix(java.lang.String usernameSuffix)
void
setUserRoleAttribute(java.lang.String userRoleAttribute)
void
setUserSearchBase(java.lang.String userSearchBase)
void
setUserSearchFilter(java.lang.String userSearchFilter)
void
setUseSSL(boolean useSsl)
void
startup(UserSourceManager manager)
Called when the user source is created before it is used.-
Methods inherited from class com.inductiveautomation.ignition.gateway.user.AbstractUserSourceProfile
addRole, addUser, alterPassword, alterUser, getEditFlags, getName, getRoles, getUser, getUsers, removeRole, removeUser, renameRole
-
Methods inherited from class com.inductiveautomation.ignition.gateway.user.UserSourceProfileKernelWrapper
getCacheValidationTimeout, getContext, getManager, getProfileId, getProfileName, isLockedOut, notifyFailedAttempt, shutdown
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.inductiveautomation.ignition.gateway.user.UserSourceProfile
getCacheValidationTimeout, getProfileId, shutdown, validatePassword
-
-
-
-
Field Detail
-
DEFAULT_USER_SEARCH_FILTER
public static final java.lang.String DEFAULT_USER_SEARCH_FILTER
Default user search filter for looking for a single user- See Also:
- Constant Field Values
-
DEFAULT_USER_LIST_FILTER
public static final java.lang.String DEFAULT_USER_LIST_FILTER
Default group search filter for finding all users- See Also:
- Constant Field Values
-
DEFAULT_ROLE_LIST_FILTER
public static final java.lang.String DEFAULT_ROLE_LIST_FILTER
Default group search filter for finding all groups- See Also:
- Constant Field Values
-
-
Constructor Detail
-
ActiveDirectoryUserSource
public ActiveDirectoryUserSource(UserSourceProfileKernel kernel)
-
-
Method Detail
-
startup
public void startup(UserSourceManager manager)
Description copied from interface:UserSourceProfileKernel
Called when the user source is created before it is used.- Specified by:
startup
in interfaceUserSourceProfile
- Specified by:
startup
in interfaceUserSourceProfileKernel
- Overrides:
startup
in classUserSourceProfileKernelWrapper
-
getUsers
@Nonnull public java.util.Collection<User> getUsers() throws java.lang.Exception
Description copied from interface:UserSourceProfile
Retrieve all users from this profile. This can execute slowly (block) if need be. It will be called periodically by the manager and the results will be cached. Users from failover sources will be returned if hard failover is configured and triggered.- Specified by:
getUsers
in interfaceUserSourceProfile
- Specified by:
getUsers
in classAbstractUserSourceProfile
- Throws:
java.lang.Exception
-
getUser
@Nonnull public java.util.Optional<User> getUser(java.lang.String userName) throws java.lang.Exception
Description copied from interface:UserSourceProfile
Fetch aUser
with the given user name. If more than one user exists with the given user name, the first user returned from the underlying data source is returned. Failover sources will be queried if hard failover is configured and the primary sources are unable to fetch the user due to an error. Failover sources will also be queried if soft failover is configured and the user is not found in the primary sources.- Specified by:
getUser
in interfaceUserSourceProfile
- Overrides:
getUser
in classAbstractUserSourceProfile
- Parameters:
userName
- the user name of theUser
to fetch- Returns:
- an
Optional
User
with the given user name. the user may be from a failover user source (checkUser.getProfileName()
to confirm) - Throws:
java.lang.Exception
- if there is an unexpected problem fetching the user with the given user name- See Also:
UserSourceProfile.getUser(String, String)
-
authenticate
public AuthenticatedUser authenticate(AuthChallenge challenge) throws java.lang.Exception
Description copied from interface:UserSourceProfile
Called to both verify authentication for a given username/password pair, and to find the security roles for that user.- Specified by:
authenticate
in interfaceUserSourceProfile
- Returns:
- An AuthenticatedUser that contains the user's roles if authentication succeeded, or null if it did not.
- Throws:
java.lang.Exception
-
authenticateAD
public AuthenticatedUser authenticateAD(AuthChallenge challenge) throws java.lang.Exception
Description copied from interface:SSOCompatibleADUserSource
Callback to the standard, non-SSO version of this user source's auth logic- Specified by:
authenticateAD
in interfaceSSOCompatibleADUserSource
- Throws:
java.lang.Exception
-
findSSOUser
public User findSSOUser(java.lang.String uname) throws java.lang.Exception
Description copied from interface:SSOCompatibleADUserSource
Used by the SSO helper in order to search for a user with a given username. Return null if no user with this username is found.- Specified by:
findSSOUser
in interfaceSSOCompatibleADUserSource
- Throws:
java.lang.Exception
-
getRoles
@Nonnull public java.util.Collection<java.lang.String> getRoles() throws java.lang.Exception
- Specified by:
getRoles
in interfaceUserSourceProfile
- Specified by:
getRoles
in classAbstractUserSourceProfile
- Returns:
- a collection of all possible role names for this profile. May be empty. Roles from failover sources will be returned if hard failover is configured and triggered.
- Throws:
java.lang.Exception
-
main
public static void main(java.lang.String[] args)
-
setLdapHost
public void setLdapHost(java.lang.String ldapHost)
-
setLdapPort
public void setLdapPort(java.lang.String ldapPort)
-
setProfilePassword
public void setProfilePassword(java.lang.String profilePassword)
-
setProfileUsername
public void setProfileUsername(java.lang.String profileUsername)
-
setRoleSearchBase
public void setRoleSearchBase(java.lang.String roleSearchBase)
-
setRoleSearchFilter
public void setRoleSearchFilter(java.lang.String roleSearchFilter)
-
setSecondaryLdapHost
public void setSecondaryLdapHost(java.lang.String secondaryLdapHost)
-
setSecondaryLdapPort
public void setSecondaryLdapPort(java.lang.String secondaryLdapPort)
-
setUserNameAttribute
public void setUserNameAttribute(java.lang.String usernameAttribute)
-
setUsernamePrefix
public void setUsernamePrefix(java.lang.String usernamePrefix)
-
setUsernameSuffix
public void setUsernameSuffix(java.lang.String usernameSuffix)
-
setUseSSL
public void setUseSSL(boolean useSsl)
-
setAllowAnon
public void setAllowAnon(boolean anon)
-
setSecurityAuthentication
public void setSecurityAuthentication(LDAPHelper.AuthType securityAuthentication)
-
setSecurityProtocol
public void setSecurityProtocol(LDAPHelper.ProtocolType securityProtocol)
-
setReadTimeout
public void setReadTimeout(java.lang.Long readTimeout)
-
setUserSearchBase
public void setUserSearchBase(java.lang.String userSearchBase)
-
setUserSearchFilter
public void setUserSearchFilter(java.lang.String userSearchFilter)
-
setUserListFilter
public void setUserListFilter(java.lang.String userListFilter)
-
setRoleNameAttribute
public void setRoleNameAttribute(java.lang.String roleNameAttribute)
-
setFullNameAttribute
public void setFullNameAttribute(java.lang.String fullNameAttribute)
-
setUserRoleAttribute
public void setUserRoleAttribute(java.lang.String userRoleAttribute)
-
setEmailAttribute
public void setEmailAttribute(java.lang.String emailAttribute)
-
setPhoneAttribute
public void setPhoneAttribute(java.lang.String phoneAttribute)
-
setSmsAttribute
public void setSmsAttribute(java.lang.String smsAttribute)
-
setPageSize
public void setPageSize(int size)
-
setSSOEnabled
public void setSSOEnabled(boolean enabled)
-
setSSODomain
public void setSSODomain(java.lang.String ssoDomain)
-
setSaslConfig
public void setSaslConfig(SASLConfig saslConfig)
-
setReferral
public void setReferral(LDAPHelper.ReferralType referral)
-
-