public class LDAPConfigurator extends AbstractProcessEngineConfigurator
ProcessEngineConfigurator
that integrates a LDAP system with the Activiti process engine.
The LDAP system will be consulted primarily for getting user information and in particular
for fetching groups of a user.
This class is extensible and many methods can be overriden when the default behavior
is not fitting your use case.
Check the docs (speficifally the setters) to see how this class can be tweaked.DEFAULT_CONFIGURATOR_PRIORITY
Constructor and Description |
---|
LDAPConfigurator() |
Modifier and Type | Method and Description |
---|---|
void |
beforeInit(ProcessEngineConfigurationImpl processEngineConfiguration) |
void |
configure(ProcessEngineConfigurationImpl processEngineConfiguration) |
String |
getBaseDn() |
Map<String,String> |
getCustomConnectionParameters() |
String |
getGroupBaseDn() |
long |
getGroupCacheExpirationTime() |
int |
getGroupCacheSize() |
String |
getGroupIdAttribute() |
String |
getGroupNameAttribute() |
String |
getGroupTypeAttribute() |
String |
getInitialContextFactory() |
protected LDAPGroupManagerFactory |
getLdapGroupManagerFactory(ClockReader clockReader) |
protected LDAPMembershipManagerFactory |
getLdapMembershipManagerFactory() |
LDAPQueryBuilder |
getLdapQueryBuilder()
Set a custom
LDAPQueryBuilder if the default implementation is not suitable. |
protected LDAPUserManagerFactory |
getLdapUserManagerFactory() |
String |
getPassword() |
int |
getPort() |
String |
getQueryGroupsForUser() |
String |
getQueryUserByFullNameLike() |
String |
getQueryUserByUserId() |
int |
getSearchTimeLimit() |
String |
getSecurityAuthentication() |
String |
getServer() |
String |
getUser() |
String |
getUserBaseDn() |
String |
getUserEmailAttribute() |
String |
getUserFirstNameAttribute() |
String |
getUserIdAttribute() |
String |
getUserLastNameAttribute() |
void |
setBaseDn(String baseDn)
The base 'distinguished name' (DN) from which the searches for users and groups are started.
|
void |
setCustomConnectionParameters(Map<String,String> customConnectionParameters)
Allows to set all LDAP connection parameters which do not have a dedicated setter.
|
void |
setGroupBaseDn(String groupBaseDn)
The base 'distinguished name' (DN) from which the searches for groups are started.
|
void |
setGroupCacheExpirationTime(long groupCacheExpirationTime)
Sets the expiration time of the
LDAPGroupCache in milliseconds. |
void |
setGroupCacheSize(int groupCacheSize)
Allows to set the size of the
LDAPGroupCache . |
void |
setGroupIdAttribute(String groupIdAttribute)
Name of the attribute that matches the group id.
|
void |
setGroupNameAttribute(String groupNameAttribute)
Name of the attribute that matches the group name.
|
void |
setGroupTypeAttribute(String groupTypeAttribute)
Name of the attribute that matches the group type.
|
void |
setInitialContextFactory(String initialContextFactory)
The
InitialContextFactory name used to connect to the LDAP system. |
void |
setLdapGroupManagerFactory(LDAPGroupManagerFactory ldapGroupManagerFactory)
Set a custom implementation of the
LDAPGroupManagerFactory
if the default implementation is not suitable. |
void |
setLdapMembershipManagerFactory(LDAPMembershipManagerFactory ldapMembershipManagerFactory)
Set a custom implementation of the
LDAPMembershipManagerFactory
if the default implementation is not suitable. |
void |
setLdapQueryBuilder(LDAPQueryBuilder ldapQueryBuilder) |
void |
setLdapUserManagerFactory(LDAPUserManagerFactory ldapUserManagerFactory)
Set a custom implementation of the
LDAPUserManagerFactory
if the default implementation is not suitable. |
void |
setPassword(String password)
The password that is used to connect to the LDAP system.
|
void |
setPort(int port)
The port on which the LDAP system is running.
|
void |
setQueryGroupsForUser(String queryGroupsForUser)
The query that is executed when searching for the groups of a specific user.
|
void |
setQueryUserByFullNameLike(String queryUserByFullNameLike)
The query that is executed when searching for a user by full name.
|
void |
setQueryUserByUserId(String queryUserByUserId)
The query that is executed when searching for a user by userId.
|
void |
setSearchTimeLimit(int searchTimeLimit)
The timeout that is used when doing a search in LDAP.
|
void |
setSecurityAuthentication(String securityAuthentication)
The value that is used for the 'java.naming.security.authentication' property
used to connect to the LDAP system.
|
void |
setServer(String server)
The server on which the LDAP system can be reached.
|
void |
setUser(String user)
The user id that is used to connect to the LDAP system.
|
void |
setUserBaseDn(String userBaseDn)
The base 'distinguished name' (DN) from which the searches for users are started.
|
void |
setUserEmailAttribute(String userEmailAttribute)
Name of the attribute that matches the user email.
|
void |
setUserFirstNameAttribute(String userFirstNameAttribute)
Name of the attribute that matches the user first name.
|
void |
setUserIdAttribute(String userIdAttribute)
Name of the attribute that matches the user id.
|
void |
setUserLastNameAttribute(String userLastNameAttribute)
Name of the attribute that matches the user last name.
|
getPriority
protected String server
protected int port
protected String user
protected String password
protected String initialContextFactory
protected String securityAuthentication
protected String baseDn
protected String userBaseDn
protected String groupBaseDn
protected int searchTimeLimit
protected String queryUserByUserId
protected String queryGroupsForUser
protected String queryUserByFullNameLike
protected String userIdAttribute
protected String userFirstNameAttribute
protected String userLastNameAttribute
protected String userEmailAttribute
protected String groupIdAttribute
protected String groupNameAttribute
protected String groupTypeAttribute
protected LDAPUserManagerFactory ldapUserManagerFactory
protected LDAPGroupManagerFactory ldapGroupManagerFactory
protected LDAPMembershipManagerFactory ldapMembershipManagerFactory
protected LDAPQueryBuilder ldapQueryBuilder
protected int groupCacheSize
protected long groupCacheExpirationTime
public void beforeInit(ProcessEngineConfigurationImpl processEngineConfiguration)
public void configure(ProcessEngineConfigurationImpl processEngineConfiguration)
protected LDAPUserManagerFactory getLdapUserManagerFactory()
protected LDAPGroupManagerFactory getLdapGroupManagerFactory(ClockReader clockReader)
protected LDAPMembershipManagerFactory getLdapMembershipManagerFactory()
public String getServer()
public void setServer(String server)
public int getPort()
public void setPort(int port)
public String getUser()
public void setUser(String user)
public String getPassword()
public void setPassword(String password)
public String getInitialContextFactory()
public void setInitialContextFactory(String initialContextFactory)
InitialContextFactory
name used to connect to the LDAP system.
By default set to 'com.sun.jndi.ldap.LdapCtxFactory'.public String getSecurityAuthentication()
public void setSecurityAuthentication(String securityAuthentication)
public void setCustomConnectionParameters(Map<String,String> customConnectionParameters)
InitialDirContext
,
ie when a connection to the LDAP system is established.public String getBaseDn()
public void setBaseDn(String baseDn)
setUserBaseDn(String)
or setGroupBaseDn(String)
when needing to
differentiate between user and group base DN.public String getUserBaseDn()
public void setUserBaseDn(String userBaseDn)
public String getGroupBaseDn()
public void setGroupBaseDn(String groupBaseDn)
public int getSearchTimeLimit()
public void setSearchTimeLimit(int searchTimeLimit)
public String getQueryUserByUserId()
public void setQueryUserByUserId(String queryUserByUserId)
MessageFormat
, ie by using {0}
If setting the query alone is insufficient for your specific
LDAP setup, you can alternatively plug in a different
LDAPQueryBuilder
, which allows for more customization than
only the query.public String getQueryGroupsForUser()
public String getQueryUserByFullNameLike()
public void setQueryUserByFullNameLike(String queryUserByFullNameLike)
LDAPQueryBuilder
, which allows for more customization than
only the query.public void setQueryGroupsForUser(String queryGroupsForUser)
MessageFormat
, ie by using {0}
If setting the query alone is insufficient for your specific
LDAP setup, you can alternatively plug in a different
LDAPQueryBuilder
, which allows for more customization than
only the query.public String getUserIdAttribute()
public void setUserIdAttribute(String userIdAttribute)
public String getUserFirstNameAttribute()
public void setUserFirstNameAttribute(String userFirstNameAttribute)
public String getUserLastNameAttribute()
public void setUserLastNameAttribute(String userLastNameAttribute)
public String getUserEmailAttribute()
public void setUserEmailAttribute(String userEmailAttribute)
public String getGroupIdAttribute()
public void setGroupIdAttribute(String groupIdAttribute)
public String getGroupNameAttribute()
public void setGroupNameAttribute(String groupNameAttribute)
public String getGroupTypeAttribute()
public void setGroupTypeAttribute(String groupTypeAttribute)
public void setLdapUserManagerFactory(LDAPUserManagerFactory ldapUserManagerFactory)
LDAPUserManagerFactory
if the default implementation is not suitable.public void setLdapGroupManagerFactory(LDAPGroupManagerFactory ldapGroupManagerFactory)
LDAPGroupManagerFactory
if the default implementation is not suitable.public void setLdapMembershipManagerFactory(LDAPMembershipManagerFactory ldapMembershipManagerFactory)
LDAPMembershipManagerFactory
if the default implementation is not suitable.public LDAPQueryBuilder getLdapQueryBuilder()
LDAPQueryBuilder
if the default implementation is not suitable.
The LDAPQueryBuilder
instance is used when the LDAPUserManager
or
LDAPGroupManager
does an actual query against the LDAP system.
The default implementation uses the properties as set on this instance
such as setQueryGroupsForUser(String)
and setQueryUserByUserId(String)
.public void setLdapQueryBuilder(LDAPQueryBuilder ldapQueryBuilder)
public int getGroupCacheSize()
public void setGroupCacheSize(int groupCacheSize)
LDAPGroupCache
.
This is an LRU cache that caches groups for users and thus
avoids hitting the LDAP system each time the groups of
a user needs to be known.
The cache will not be instantiated if the value is less then zero.
By default set to -1, so no caching is done.
Note that the group cache is instantiated on the LDAPGroupManagerFactory
.
As such, if you have a custom implementation of the LDAPGroupManagerFactory
,
do not forget to add the group cache functionality.public long getGroupCacheExpirationTime()
public void setGroupCacheExpirationTime(long groupCacheExpirationTime)
LDAPGroupCache
in milliseconds.
When groups for a specific user are fetched, and if the group cache exists (see setGroupCacheSize(int)
),
the groups will be stored in this cache for the time set in this property.
ie. when the groups were fetched at 00:00 and the expiration time is 30 mins,
any fetch of the groups for that user after 00:30 will not come from the cache, but do
a fetch again from the LDAP system. Likewise, everything group fetch for that user done
between 00:00 - 00:30 will come from the cache.
By default set to one hour.Copyright © 2016 Alfresco. All rights reserved.