in core/src/main/java/org/apache/shiro/realm/ldap/JndiLdapContextFactory.java [438:480]
public LdapContext getLdapContext(Object principal, Object credentials) throws NamingException,
IllegalStateException {
String url = getUrl();
if (url == null) {
throw new IllegalStateException("An LDAP URL must be specified of the form ldap://<hostname>:<port>");
}
//copy the environment template into the runtime instance that will be further edited based on
//the method arguments and other class attributes.
Hashtable<String, Object> env = new Hashtable<String, Object>(this.environment);
Object authcMech = getAuthenticationMechanism();
if (authcMech == null && (principal != null || credentials != null)) {
//authenticationMechanism has not been set, but either a principal and/or credentials were
//supplied, indicating that at least a 'simple' authentication attempt is indeed occurring - the Shiro
//end-user just didn't configure it explicitly. So we set it to be 'simple' here as a convenience;
//the Sun provider implementation already does this same logic, but by repeating that logic here, we ensure
//this convenience exists regardless of provider implementation):
env.put(Context.SECURITY_AUTHENTICATION, SIMPLE_AUTHENTICATION_MECHANISM_NAME);
}
if (principal != null) {
env.put(Context.SECURITY_PRINCIPAL, principal);
}
if (credentials != null) {
env.put(Context.SECURITY_CREDENTIALS, credentials);
}
boolean pooling = isPoolingConnections(principal);
if (pooling) {
env.put(SUN_CONNECTION_POOLING_PROPERTY, "true");
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Initializing LDAP context using URL [{}] and principal [{}] with pooling {}",
new Object[] {url, principal, (pooling ? "enabled" : "disabled")});
}
// validate the config before creating the context
validateAuthenticationInfo(env);
return createLdapContext(env);
}