java.lang.Object
org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory
All Implemented Interfaces:
Closeable, AutoCloseable, ReloadableSecurityComponent
Direct Known Subclasses:
LdapSessionFactory

public abstract class SessionFactory extends Object implements Closeable, ReloadableSecurityComponent
This factory holds settings needed for authenticating to LDAP and creating LdapConnections. Each created LdapConnection needs to be closed or else connections will pill up consuming resources.

A standard looking usage pattern could look like this:

 ConnectionFactory factory = ...
 try (LdapConnection session = factory.session(...)) {
 ...do stuff with the session
 }
 
  • Field Details

    • logger

      protected final org.apache.logging.log4j.Logger logger
    • deprecationLogger

      protected final DeprecationLogger deprecationLogger
    • config

      protected final RealmConfig config
    • timeout

      protected final org.elasticsearch.core.TimeValue timeout
    • sslService

      protected final SSLService sslService
    • threadPool

      protected final ThreadPool threadPool
    • serverSet

      protected final com.unboundid.ldap.sdk.ServerSet serverSet
    • sslUsed

      protected final boolean sslUsed
    • ignoreReferralErrors

      protected final boolean ignoreReferralErrors
    • metadataResolver

      protected final LdapMetadataResolver metadataResolver
  • Constructor Details

  • Method Details

    • close

      public void close() throws IOException
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Throws:
      IOException
    • session

      public abstract void session(String user, SecureString password, ActionListener<LdapSession> listener)
      Authenticates the given user and opens a new connection that bound to it (meaning, all operations under the returned connection will be executed on behalf of the authenticated user.
      Parameters:
      user - The name of the user to authenticate the connection with.
      password - The password of the user
      listener - the listener to call on a failure or result
    • supportsUnauthenticatedSession

      public boolean supportsUnauthenticatedSession()
      Returns a flag to indicate if this session factory supports unauthenticated sessions. This means that a session can be established without providing any credentials in a call to unauthenticatedSession(String, ActionListener)
      Returns:
      true if the factory supports unauthenticated sessions
    • unauthenticatedSession

      public void unauthenticatedSession(String username, ActionListener<LdapSession> listener)
      Returns an LdapSession for the user identified by the String parameter
      Parameters:
      username - the identifier for the user
      listener - the listener to call on a failure or result
    • connectionOptions

      protected static com.unboundid.ldap.sdk.LDAPConnectionOptions connectionOptions(RealmConfig config, SSLService sslService, org.apache.logging.log4j.Logger logger)
    • getDefaultLdapUrls

      protected List<String> getDefaultLdapUrls(RealmConfig config)
    • isSslUsed

      public boolean isSslUsed()