com.novell.security.sso.ldap.jndi
Class JNDISecretStore

java.lang.Object
  |
  +--com.novell.security.sso.SecretStore
        |
        +--com.novell.security.sso.ldap.jndi.JNDISecretStore

All Implemented Interfaces:

Serializable

public final class JNDISecretStore

extends SecretStore

Class that represents a SecretStore. When constructing objects of this class the SecretStore.HANDLE environment property must be set as an object of LdapContext.

Operations are performed using JNDI LDAPv3-style extended operations. Regardless of which provider is used on the client, the server must have Novell's SecretStore installed before any of the operations of this class will operate. SecretStore requires that the connection with SecretStore via LDAP be secured by using SSL. SecretStore will reject clear-text requests. See sample code for an example of how to set this up.

In order for SecretStore operations to take place properly, this class must know what target object in the directory is to be used. The target object and the logged-in user may be different. An example is when the admin views a user's SecretStore status information. In this case, the logged-in user (as specified by the Context.SECURITY_PRINCIPAL environment property on the LdapContext object) is the admin, but the target object is the user. This class employs a mechanism in order to determine the target object. The mechanism is detailed below:

The target object is obtained from the SecretStore.TARGET_DN property if specified.

The target object is obtained by calling LdapContext.getNameInNamespace() if the first step failed.

The target object is obtained from the Context.SECURITY_PRINCIPAL environment property that is supplied on the LdapContext object that is passed in as the SecretStore.HANDLE property. This is only used as a last resort if step 1 and 2 failed.

Since:

2.1

Version:

3.2

Author:

Steve Kinser

See Also:

Serialized Form

Fields inherited from class com.novell.security.sso.SecretStore

CALLER_DN, HANDLE, SECRET_STORE, SERVER_DN, TARGET_DN, TREE, USER_DN

Constructor Summary

JNDISecretStore(Hashtable environment)
Constructs a LdapSecretStore object.

Method Summary

Secret

getSecret0(String id, boolean useMasterPassword)

Methods inherited from class com.novell.security.sso.SecretStore

commitMasterPasswordChange, commitMasterPasswordChange, commitMasterPasswordChange, enumerateSecrets, enumerateSecrets, enumerateSecrets, equals, getClientCryptoStrength, getClientVersion, getEnumBuffLen, getEnvironmentProperty, getHint, getInstance, getLastAdminUnlockDn, getLastAdminUnlockTime, getNumLockedSecrets, getNumSecrets, getSecret, getSecret, getSecrets, getServerCryptoStrength, getServerVersion, getServiceInfo, getServiceInfo, getStatus, hashCode, removeSecretStore, removeSecretStore, setMasterPassword, sync, sync, toString, unlockSecretStore, unlockSecretStore, unlockSecretStore, unsetMasterPassword, update, update

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

JNDISecretStore

public JNDISecretStore(Hashtable environment)
                throws IllegalArgumentException,
                       SSException

Constructs a LdapSecretStore object. Dependent on the Hashtable environment for obtaining the LdapContext.

Parameters:

environment - The environment from which the context is extracted.

Throws:

IllegalArgumentException - If the SecretStore.HANDLE is not specified.

SSException - If a SSException occurred.

Method Detail

getSecret0

public Secret getSecret0(String id,
                         boolean useMasterPassword)