setPoolPassivator(String)   A
last analyzed

Complexity

Conditions 1

Size

Total Lines 2

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
dl 0
loc 2
c 0
b 0
f 0
cc 1
rs 10
1
package org.apereo.cas.configuration.model.support.ldap;
2
3
import org.apache.commons.lang3.StringUtils;
4
import org.apereo.cas.util.CollectionUtils;
5
6
import java.io.Serializable;
7
import java.util.List;
8
9
/**
10
 * This is {@link AbstractLdapProperties}.
11
 *
12
 * @author Misagh Moayyed
13
 * @since 5.0.0
14
 */
15
public abstract class AbstractLdapProperties implements Serializable {
16
    private static final long serialVersionUID = 2682743362616979324L;
17
18
    /**
19
     * The ldap type used to handle specific ops.
20
     */
21
    public enum LdapType {
22
        /**
23
         * Generic ldap type (OpenLDAP, 389ds, etc).
24
         */
25
        GENERIC,
26
        /**
27
         * Active directory.
28
         */
29
        AD,
30
        /**
31
         * FreeIPA directory.
32
         */
33
        FreeIPA,
34
        /**
35
         * EDirectory.
36
         */
37
        EDirectory
38
    }
39
40
    /**
41
     * The ldap connection pool passivator.
42
     */
43
    public enum LdapConnectionPoolPassivator {
44
        /**
45
         * No passivator.
46
         */
47
        NONE,
48
        /**
49
         * Close passivator.
50
         */
51
        CLOSE,
52
        /**
53
         * Bind passivator.
54
         */
55
        BIND
56
    }
57
58
    /**
59
     * Describe ldap connection strategies.
60
     */
61
    public enum LdapConnectionStrategy {
62
        /**
63
         * Default JNDI.
64
         */
65
        DEFAULT,
66
        /**
67
         * First ldap used until it fails.
68
         */
69
        ACTIVE_PASSIVE,
70
        /**
71
         * Navigate the ldap url list for new connections and circle back.
72
         */
73
        ROUND_ROBIN,
74
        /**
75
         * Randomly pick a url.
76
         */
77
        RANDOM,
78
        /**
79
         * ldap urls based on DNS SRV records.
80
         */
81
        DNS_SRV
82
    }
83
84
    /**
85
     * Path of the trust certificates to use for the SSL connection.
86
     * Ignores keystore-related settings when activated and used.
87
     */
88
    private String trustCertificates;
89
90
    /**
91
     * Path to the keystore used for SSL connections.
92
     * Typically contains SSL certificates for the LDAP server.
93
     */
94
    private String keystore;
95
    /**
96
     * Keystore password.
97
     */
98
    private String keystorePassword;
99
    /**
100
     * The type of keystore. {@code PKCS12} or {@code JKS}.
101
     * If left blank, defaults to the default keystore type indicated
102
     * by the underlying Java platform.
103
     */
104
    private String keystoreType;
105
106
    /**
107
     * Minimum LDAP connection pool size.
108
     * Size the pool should be initialized to and pruned to
109
     */
110
    private int minPoolSize = 3;
111
112
    /**
113
     * Maximum LDAP connection pool size which the pool can use to grow.
114
     */
115
    private int maxPoolSize = 10;
116
117
    /**
118
     * You may receive unexpected LDAP failures, when CAS is configured to authenticate
119
     * using DIRECT or AUTHENTICATED types and LDAP is locked down to not allow anonymous binds/searches.
120
     * Every second attempt with a given LDAP connection from the pool would fail if it was on
121
     * the same connection as a failed login attempt, and the regular connection validator would
122
     * similarly fail. When a connection is returned back to a pool,
123
     * it still may contain the principal and credentials from the previous attempt.
124
     * Before the next bind attempt using that connection, the validator tries to
125
     * validate the connection again but fails because it’s no longer trying with the
126
     * configured bind credentials but with whatever user DN was used in the previous step.
127
     * Given the validation failure, the connection is closed and CAS would deny access by default. Passivators attempt to reconnect
128
     * to LDAP with the configured bind credentials, effectively resetting the connection
129
     * to what it should be after each bind request.
130
     */
131
    private String poolPassivator = "BIND";
132
133
    /**
134
     * Whether connections should be validated when loaned out from the pool.
135
     */
136
    private boolean validateOnCheckout = true;
137
    /**
138
     * Whether connections should be validated periodically when the pool is idle.
139
     */
140
    private boolean validatePeriodically = true;
141
142
    /**
143
     * Period at which validation operations may time out.
144
     */
145
    private String validateTimeout = "PT5S";
146
    /**
147
     * Period at which pool should be validated.
148
     */
149
    private String validatePeriod = "PT5M";
150
151
    /**
152
     * Attempt to populate the connection pool early on startup
153
     * and fail quickly if something goes wrong.
154
     */
155
    private boolean failFast = true;
156
157
    /**
158
     * Removes connections from the pool based on how long they have been idle in the available queue.
159
     * Prunes connections that have been idle for more than the indicated amount.
160
     */
161
    private String idleTime = "PT10M";
162
    /**
163
     * Removes connections from the pool based on how long they have been idle in the available queue.
164
     * Run the pruning process at the indicated interval.
165
     */
166
    private String prunePeriod = "PT2H";
167
    /**
168
     * The length of time the pool will block.
169
     * By default the pool will block indefinitely and there is no guarantee that
170
     * waiting threads will be serviced in the order in which they made their request.
171
     * This option should be used with a blocking connection pool when you need to control the exact
172
     * number of connections that can be created
173
     */
174
    private String blockWaitTime = "PT3S";
175
176
    /**
177
     * If multiple URLs are provided as the ldapURL this describes how each URL will be processed.
178
     * <ul>
179
     * <li>{@code DEFAULT} The default JNDI provider behavior will be used. </li>
180
     * <li>{@code ACTIVE_PASSIVE} First LDAP will be used for every request unless it fails and then the next shall be used.</li>
181
     * <li>{@code ROUND_ROBIN} For each new connection the next url in the list will be used.</li>
182
     * <li>{@code RANDOM} For each new connection a random LDAP url will be selected.</li>
183
     * <li>{@code DNS_SRV} LDAP urls based on DNS SRV records of the configured/given LDAP url will be used. </li>
184
     * </ul>
185
     */
186
    private String connectionStrategy;
187
188
    /**
189
     * The LDAP url to the server. More than one may be specified, separated by space and/or comma.
190
     */
191
    private String ldapUrl = "ldap://localhost:389";
192
    /**
193
     * If the LDAP connection should be used with SSL enabled.
194
     */
195
    private boolean useSsl = true;
196
    /**
197
     * Whether TLS should be used and enabled when establishing the connection.
198
     */
199
    private boolean useStartTls;
200
    /**
201
     * Sets the maximum amount of time that connects will block.
202
     */
203
    private String connectTimeout = "PT5S";
204
    /**
205
     * Duration of time to wait for responses.
206
     */
207
    private String responseTimeout = "PT5S";
208
209
    /**
210
     * LDAP operations are delegated to what we call a provider. This allows developers and deployers to change the underlying library
211
     * that provides the LDAP implementation without modifying any code. By default the JNDI provider is used, though
212
     * it may be swapped out for {@code org.ldaptive.provider.unboundid.UnboundIDProvider}.
213
     */
214
    private String providerClass;
215
    /**
216
     * Whether search/query results are allowed to match on multiple DNs,
217
     * or whether a single unique DN is expected for the result.
218
     */
219
    private boolean allowMultipleDns;
220
221
    /**
222
     * The bind DN to use when connecting to LDAP.
223
     * LDAP connection configuration injected into the LDAP connection pool can be initialized with the following parameters:
224
     * <ul>
225
     * <li>{@code bindDn/bindCredential} provided - Use the provided credentials to bind when initializing connections.</li>
226
     * <li>{@code bindDn/bindCredential}  set to {@code *} - Use a fast-bind strategy to initialize the pool.</li>
227
     * <li>{@code bindDn/bindCredential}  set to blank - Skip connection initializing; perform operations anonymously. </li>
228
     * <li>SASL mechanism provided - Use the given SASL mechanism to bind when initializing connections. </li>
229
     * </ul>
230
     */
231
    private String bindDn;
232
    /**
233
     * The bind credential to use when connecting to LDAP.
234
     */
235
    private String bindCredential;
236
237
    /**
238
     * The SASL realm.
239
     */
240
    private String saslRealm;
241
    /**
242
     * The SASL mechanism.
243
     */
244
    private String saslMechanism;
245
    /**
246
     * SASL authorization id.
247
     */
248
    private String saslAuthorizationId;
249
    /**
250
     * SASL security strength.
251
     */
252
    private String saslSecurityStrength;
253
    /**
254
     * SASL mutual auth is enabled?
255
     */
256
    private Boolean saslMutualAuth;
257
    /**
258
     * SASL quality of protected.
259
     */
260
    private String saslQualityOfProtection;
261
262
    /**
263
     * LDAP connection validator settings.
264
     */
265
    private Validator validator = new Validator();
266
267
    /**
268
     * Name of the authentication handler.
269
     */
270
    private String name;
271
272
    public String getValidateTimeout() {
273
        return validateTimeout;
274
    }
275
276
    public void setValidateTimeout(final String validateTimeout) {
277
        this.validateTimeout = validateTimeout;
278
    }
279
280
    public String getPoolPassivator() {
281
        return poolPassivator;
282
    }
283
284
    public void setPoolPassivator(final String poolPassivator) {
285
        this.poolPassivator = poolPassivator;
286
    }
287
288
    public String getConnectionStrategy() {
289
        return connectionStrategy;
290
    }
291
292
    public void setConnectionStrategy(final String connectionStrategy) {
293
        this.connectionStrategy = connectionStrategy;
294
    }
295
296
    public String getName() {
297
        return name;
298
    }
299
300
    public void setName(final String name) {
301
        this.name = name;
302
    }
303
304
    public Validator getValidator() {
305
        return validator;
306
    }
307
308
    public void setValidator(final Validator validator) {
309
        this.validator = validator;
310
    }
311
312
    public String getBindDn() {
313
        return bindDn;
314
    }
315
316
    public void setBindDn(final String bindDn) {
317
        this.bindDn = bindDn;
318
    }
319
320
    public String getBindCredential() {
321
        return bindCredential;
322
    }
323
324
    public void setBindCredential(final String bindCredential) {
325
        this.bindCredential = bindCredential;
326
    }
327
328
    public String getProviderClass() {
329
        return providerClass;
330
    }
331
332
    public void setProviderClass(final String providerClass) {
333
        this.providerClass = providerClass;
334
    }
335
336
    public boolean isAllowMultipleDns() {
337
        return allowMultipleDns;
338
    }
339
340
    public void setAllowMultipleDns(final boolean allowMultipleDns) {
341
        this.allowMultipleDns = allowMultipleDns;
342
    }
343
344
    public String getPrunePeriod() {
345
        return prunePeriod;
346
    }
347
348
    public void setPrunePeriod(final String prunePeriod) {
349
        this.prunePeriod = prunePeriod;
350
    }
351
352
    public String getTrustCertificates() {
353
        return trustCertificates;
354
    }
355
356
    public void setTrustCertificates(final String trustCertificates) {
357
        this.trustCertificates = trustCertificates;
358
    }
359
360
    public String getKeystore() {
361
        return keystore;
362
    }
363
364
    public void setKeystore(final String keystore) {
365
        this.keystore = keystore;
366
    }
367
368
    public String getKeystorePassword() {
369
        return keystorePassword;
370
    }
371
372
    public void setKeystorePassword(final String keystorePassword) {
373
        this.keystorePassword = keystorePassword;
374
    }
375
376
    public String getKeystoreType() {
377
        return keystoreType;
378
    }
379
380
    public void setKeystoreType(final String keystoreType) {
381
        this.keystoreType = keystoreType;
382
    }
383
384
    public int getMinPoolSize() {
385
        return minPoolSize;
386
    }
387
388
    public void setMinPoolSize(final int minPoolSize) {
389
        this.minPoolSize = minPoolSize;
390
    }
391
392
    public int getMaxPoolSize() {
393
        return maxPoolSize;
394
    }
395
396
    public void setMaxPoolSize(final int maxPoolSize) {
397
        this.maxPoolSize = maxPoolSize;
398
    }
399
400
    public boolean isValidateOnCheckout() {
401
        return validateOnCheckout;
402
    }
403
404
    public void setValidateOnCheckout(final boolean validateOnCheckout) {
405
        this.validateOnCheckout = validateOnCheckout;
406
    }
407
408
    public boolean isValidatePeriodically() {
409
        return validatePeriodically;
410
    }
411
412
    public void setValidatePeriodically(final boolean validatePeriodically) {
413
        this.validatePeriodically = validatePeriodically;
414
    }
415
416
    public String getValidatePeriod() {
417
        return validatePeriod;
418
    }
419
420
    public void setValidatePeriod(final String validatePeriod) {
421
        this.validatePeriod = validatePeriod;
422
    }
423
424
    public boolean isFailFast() {
425
        return failFast;
426
    }
427
428
    public void setFailFast(final boolean failFast) {
429
        this.failFast = failFast;
430
    }
431
432
    public String getIdleTime() {
433
        return idleTime;
434
    }
435
436
    public void setIdleTime(final String idleTime) {
437
        this.idleTime = idleTime;
438
    }
439
440
    public String getBlockWaitTime() {
441
        return blockWaitTime;
442
    }
443
444
    public void setBlockWaitTime(final String blockWaitTime) {
445
        this.blockWaitTime = blockWaitTime;
446
    }
447
448
    public String getLdapUrl() {
449
        return ldapUrl;
450
    }
451
452
    public void setLdapUrl(final String ldapUrl) {
453
        this.ldapUrl = ldapUrl;
454
    }
455
456
    public boolean isUseSsl() {
457
        return useSsl;
458
    }
459
460
    public void setUseSsl(final boolean useSsl) {
461
        this.useSsl = useSsl;
462
    }
463
464
    public boolean isUseStartTls() {
465
        return useStartTls;
466
    }
467
468
    public void setUseStartTls(final boolean useStartTls) {
469
        this.useStartTls = useStartTls;
470
    }
471
472
    public String getConnectTimeout() {
473
        return connectTimeout;
474
    }
475
476
    public void setConnectTimeout(final String connectTimeout) {
477
        this.connectTimeout = connectTimeout;
478
    }
479
480
    public String getSaslRealm() {
481
        return saslRealm;
482
    }
483
484
    public void setSaslRealm(final String saslRealm) {
485
        this.saslRealm = saslRealm;
486
    }
487
488
    public String getSaslMechanism() {
489
        return saslMechanism;
490
    }
491
492
    public void setSaslMechanism(final String saslMechanism) {
493
        this.saslMechanism = saslMechanism;
494
    }
495
496
    public String getSaslAuthorizationId() {
497
        return saslAuthorizationId;
498
    }
499
500
    public void setSaslAuthorizationId(final String saslAuthorizationId) {
501
        this.saslAuthorizationId = saslAuthorizationId;
502
    }
503
504
    public String getSaslSecurityStrength() {
505
        return saslSecurityStrength;
506
    }
507
508
    public void setSaslSecurityStrength(final String saslSecurityStrength) {
509
        this.saslSecurityStrength = saslSecurityStrength;
510
    }
511
512
    public String getSaslQualityOfProtection() {
513
        return saslQualityOfProtection;
514
    }
515
516
    public void setSaslQualityOfProtection(final String saslQualityOfProtection) {
517
        this.saslQualityOfProtection = saslQualityOfProtection;
518
    }
519
520
    public void setSaslMutualAuth(final Boolean saslMutualAuth) {
521
        this.saslMutualAuth = saslMutualAuth;
522
    }
523
524
    public Boolean getSaslMutualAuth() {
525
        return saslMutualAuth;
526
    }
527
528
    public String getResponseTimeout() {
529
        return responseTimeout;
530
    }
531
532
    public void setResponseTimeout(final String responseTimeout) {
533
        this.responseTimeout = responseTimeout;
534
    }
535
536
    public static class Validator implements Serializable {
537
538
        private static final long serialVersionUID = 1150417354213235193L;
539
        /**
540
         * The following LDAP validators can be used to test connection health status:
541
         * <ul>
542
         *     <li>{@code search}: Validates a connection is healthy by performing a search operation.
543
         *     Validation is considered successful if the search result size is greater than zero.</li>
544
         *     <li>{@code none}: No validation takes place.</li>
545
         *     <li>{@code compare}: Validates a connection is healthy by performing a compare operation.</li>
546
         * </ul>
547
         */
548
        private String type = "search";
549
        /**
550
         * Base DN to use for the search request of the search validator.
551
         */
552
        private String baseDn = StringUtils.EMPTY;
553
        /**
554
         * Search filter to use for the search request of the search validator.
555
         */
556
        private String searchFilter = "(objectClass=*)";
557
        /**
558
         * Search scope to use for the search request of the search validator.
559
         */
560
        private String scope = "OBJECT";
561
        /**
562
         * Attribute name to use for the compare validator.
563
         */
564
        private String attributeName = "objectClass";
565
        /**
566
         * Attribute values to use for the compare validator.
567
         */
568
        private List<String> attributeValues = CollectionUtils.wrap("top");
569
        /**
570
         * DN to compare to use for the compare validator.
571
         */
572
        private String dn = StringUtils.EMPTY;
573
574
        public String getDn() {
575
            return dn;
576
        }
577
578
        public void setDn(final String dn) {
579
            this.dn = dn;
580
        }
581
582
        public String getAttributeName() {
583
            return attributeName;
584
        }
585
586
        public void setAttributeName(final String attributeName) {
587
            this.attributeName = attributeName;
588
        }
589
590
        public List<String> getAttributeValues() {
591
            return attributeValues;
592
        }
593
594
        public void setAttributeValues(final List<String> attributeValues) {
595
            this.attributeValues = attributeValues;
596
        }
597
598
        public String getType() {
599
            return type;
600
        }
601
602
        public void setType(final String type) {
603
            this.type = type;
604
        }
605
606
        public String getBaseDn() {
607
            return baseDn;
608
        }
609
610
        public void setBaseDn(final String baseDn) {
611
            this.baseDn = baseDn;
612
        }
613
614
        public String getSearchFilter() {
615
            return searchFilter;
616
        }
617
618
        public void setSearchFilter(final String searchFilter) {
619
            this.searchFilter = searchFilter;
620
        }
621
622
        public String getScope() {
623
            return scope;
624
        }
625
626
        public void setScope(final String scope) {
627
            this.scope = scope;
628
        }
629
    }
630
}
631