Examples of org.apache.shiro.realm.ldap.JndiLdapRealm

• org.apache.shiro.realm.ldap.JndiLdapRealm
  oad-llnw.oracle.com/javase/tutorial/jndi/ldap/jndi.html">JNDI API as an LDAP API. This is Shiro's default implementation for supporting LDAP, as using the JNDI API has been a common approach for Java LDAP support for many years.

  This realm implementation and its backing {@link JndiLdapContextFactory} should cover 99% of all Shiro-related LDAPauthentication and authorization needs. However, if it does not suit your needs, you might want to look into creating your own realm using an alternative, perhaps more robust, LDAP communication API, such as the Apache LDAP API.

  Authentication

  During an authentication attempt, if the submitted {@code AuthenticationToken}'s {@link org.apache.shiro.authc.AuthenticationToken#getPrincipal() principal} is a simple username, but theLDAP directory expects a complete User Distinguished Name (User DN) to establish a connection, the {@link #setUserDnTemplate(String) userDnTemplate} property must be configured. If not configured,the property will pass the simple username directly as the User DN, which is often incorrect in most LDAP environments (maybe Microsoft ActiveDirectory being the exception).

  Authorization

  By default, authorization is effectively disabled due to the default {@link #doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)} implementation returning {@code null}. If you wish to perform authorization based on an LDAP schema, you must subclass this one and override that method to reflect your organization's data model.

  Configuration

  This class primarily provides the {@link #setUserDnTemplate(String) userDnTemplate} property to allow you to specifythe your LDAP server's User DN format. Most other configuration is performed via the nested {@link LdapContextFactory contextFactory} property.

  For example, defining this realm in Shiro .ini:

   [main] ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm ldapRealm.userDnTemplate = uid={0},ou=users,dc=mycompany,dc=com ldapRealm.contextFactory.url = ldap://ldapHost:389 ldapRealm.contextFactory.authenticationMechanism = DIGEST-MD5 ldapRealm.contextFactory.environment[some.obscure.jndi.key] = some value ... 

  The default {@link #setContextFactory contextFactory} instance is a {@link JndiLdapContextFactory}. See that class's JavaDoc for more information on configuring the LDAP connection as well as specifying JNDI environment properties as necessary. @see JndiLdapContextFactory @since 1.1

        jndiLdapContextFactory.setUrl(ldapUrl);
        jndiLdapContextFactory.setSystemUsername(systemUser);
        jndiLdapContextFactory.setSystemPassword(systemUserPassword);

        ldapRealm = new JndiLdapRealm();

        ldapRealm.setContextFactory(jndiLdapContextFactory);
        ldapRealm.setUserDnTemplate(userNameTemplate);

        ldapRealm.init();