@PublicAPI(stability=VOLATILE, mayInstantiate=true, mayExtend=true, mayInvoke=true) public abstract class ClientConnection extends Object implements RequestHandler
Modifier and Type | Field and Description |
---|---|
protected AuthenticationInfo |
authenticationInfo
The set of authentication information for this client connection.
|
protected AtomicBoolean |
bindInProgress
Indicates if a bind request is currently in progress on this client connection.
|
protected static long |
DEFAULT_WRITE_TIME_LIMIT_MS
Write time limit which will be used when the user configured 0 (to not wait indefinitely).
|
protected AtomicBoolean |
saslBindInProgress
Indicates whether a multistage SASL bind is currently in progress on this client connection.
|
protected AtomicBoolean |
startTLSInProgress
Indicates if a Start TLS request is currently in progress on this client connection.
|
Modifier | Constructor and Description |
---|---|
protected |
ClientConnection()
Performs the appropriate initialization generic to all client connections.
|
Modifier and Type | Method and Description |
---|---|
void |
deregisterPersistentSearch(PersistentSearch persistentSearch)
Deregisters the provided persistent search for this client.
|
abstract void |
disconnect(DisconnectReason disconnectReason,
boolean sendNotification,
LocalizableMessage message)
Closes the connection to the client, optionally sending it a message indicating the reason for the closure.
|
protected void |
finalizeConnectionInternal()
Performs any internal cleanup that may be necessary when this client connection is disconnected.
|
void |
finishBind()
Indicates a bind or start TLS request processing is finished and the client connection may start processing data
read from the socket again.
|
void |
finishSaslBind()
Indicates a multistage SASL bind operation is finished and the client connection may accept additional LDAP
messages.
|
void |
finishStartTLS()
Indicates a bind or start TLS request processing is finished and the client connection may start processing data
read from the socket again.
|
AuthenticationInfo |
getAuthenticationInfo()
Retrieves information about the authentication that has been performed for this connection.
|
String |
getCertificateAlias()
Retrieves the alias of the server certificate that should be used for operations requiring a server certificate.
|
abstract String |
getClientAddress()
Retrieves a string representation of the address of the client.
|
String |
getClientHostPort()
Retrieves the address and port (if available) of the client system, separated by a colon.
|
abstract int |
getClientPort()
Retrieves the port number for this connection on the client system if available.
|
abstract ConnectionHandler<?> |
getConnectionHandler()
Retrieves the connection handler that accepted this client connection.
|
abstract long |
getConnectionID()
Retrieves the unique identifier that has been assigned to this connection.
|
long |
getConnectTime()
Retrieves the time that this connection was established, measured in the number of milliseconds since January 1,
1970 UTC.
|
String |
getConnectTimeString()
Retrieves a string representation of the time that this connection was established.
|
long |
getIdleTime()
Retrieves the length of time in milliseconds that this client connection has been idle.
|
long |
getIdleTimeLimit()
Retrieves the maximum length of time in milliseconds that this client connection will be allowed to remain idle
before it should be disconnected.
|
Dn |
getKeyManagerProviderDN()
Retrieves the DN of the key manager provider that should be used for operations requiring access to a key
manager.
|
abstract InetAddress |
getLocalAddress()
Retrieves the
java.net.InetAddress for the Directory Server system to which the client has established
the connection. |
int |
getLookthroughLimit()
Retrieves the default maximum number of entries that should checked for matches during a search.
|
long |
getMaxBlockedWriteTimeLimit()
Retrieves the maximum length of time in milliseconds that attempts to write data to the client should be allowed
to block.
|
abstract String |
getMonitorSummary()
Retrieves a one-line summary of this client connection in a form that is suitable for including in the monitor
entry for the associated connection handler.
|
abstract long |
getNumberOfOperations()
Retrieves the total number of operations performed on this connection.
|
abstract Operation |
getOperationInProgress(int messageID)
Retrieves the operation in progress with the specified message ID.
|
List<PersistentSearch> |
getPersistentSearches()
Retrieves the set of persistent searches registered for this client.
|
abstract String |
getProtocol()
Retrieves the protocol that the client is using to communicate with the Directory Server.
|
abstract InetAddress |
getRemoteAddress()
Retrieves the
java.net.InetAddress associated with the remote client system. |
Object |
getSASLAuthStateInfo()
Retrieves an opaque set of information that may be used for processing multi-stage SASL binds.
|
abstract String |
getServerAddress()
Retrieves a string representation of the address on the server to which the client connected.
|
String |
getServerHostPort()
Retrieves the address and port of the server system, separated by a colon.
|
abstract int |
getServerPort()
Retrieves the port number for this connection on the server system if available.
|
int |
getSizeLimit()
Retrieves the size limit that will be enforced for searches performed using this client connection.
|
abstract int |
getSSF()
Return the Security Strength Factor of a client connection.
|
int |
getTimeLimit()
Retrieves the time limit that will be enforced for searches performed using this client connection.
|
Dn |
getTrustManagerProviderDN()
Retrieves the DN of the trust manager provider that should be used for operations requiring access to a trust
manager.
|
boolean |
hasAllPrivileges(Privilege[] privileges,
Operation operation)
Indicates whether the authenticate client has all of the specified privileges.
|
static boolean |
hasPrivilege(Entry authorizationEntry,
Privilege privilege)
Indicate whether the specified authorization entry parameter has the specified privilege.
|
boolean |
hasPrivilege(Privilege privilege,
Operation operation)
Indicates whether the authenticated client has the specified privilege.
|
abstract boolean |
isConnectionValid()
Returns whether the Directory Server believes this connection to be valid and available for communication.
|
boolean |
isInnerConnection()
Returns whether this connection is used for inner work not directly requested by an external client.
|
abstract boolean |
isSecure()
Indicates whether this client connection is currently using a secure mechanism to communicate with the server.
|
boolean |
mustChangePassword()
Indicates whether the user associated with this client connection must change their password before they will be
allowed to do anything else.
|
void |
registerPersistentSearch(PersistentSearch persistentSearch)
Registers the provided persistent search for this client.
|
abstract void |
removeOperationInProgress(int messageID)
Removes the provided operation from the set of operations in progress for this client connection.
|
boolean |
sendIntermediateResponse(IntermediateResponse intermediateResponse)
Invokes the intermediate response plugins on the provided response message and sends it to the client.
|
protected abstract boolean |
sendIntermediateResponseMessage(IntermediateResponse intermediateResponse)
Sends the provided intermediate response message to the client.
|
void |
sendResponse(Operation operation)
Removes the provided operation from the set of operations in progress of this client connection and sends
a response to the client based on the information in the provided operation.
|
abstract void |
sendSearchEntry(SearchOperation searchOperation,
SearchResultEntry searchEntry)
Sends the provided search result entry to the client.
|
abstract boolean |
sendSearchReference(SearchOperation searchOperation,
SearchResultReference searchReference)
Sends the provided search result reference to the client.
|
void |
setAuthenticationInfo(AuthenticationInfo authenticationInfo)
Specifies information about the authentication that has been performed for this connection.
|
void |
setIdleTimeLimit(long idleTimeLimit)
Specifies the maximum length of time in milliseconds that this client connection will be allowed to remain idle
before it should be disconnected.
|
void |
setLookthroughLimit(int lookthroughLimit)
Specifies the default maximum number of entries that should be checked for matches during a search.
|
void |
setMustChangePassword(boolean mustChangePassword)
Specifies whether the user associated with this client connection must change their password before they will be
allowed to do anything else.
|
void |
setSASLAuthStateInfo(Object saslAuthState)
Specifies an opaque set of information that may be used for processing multi-stage SASL binds.
|
void |
setSizeLimit(int sizeLimit)
Specifies the size limit that will be enforced for searches performed using this client connection.
|
void |
setTimeLimit(int timeLimit)
Specifies the time limit that will be enforced for searches performed using this client connection.
|
void |
setUnauthenticated()
Sets properties in this client connection to indicate that the client is unauthenticated.
|
String |
toString()
Retrieves a string representation of this client connection.
|
abstract void |
toString(StringBuilder buffer)
Appends a string representation of this client connection to the provided buffer.
|
void |
updateAuthenticationInfo(Entry oldEntry,
Entry newEntry)
Updates the cached entry associated with either the authentication and/or authorization identity with the
provided version.
|
protected void |
updatePrivileges(Entry entry,
boolean isRoot)
Updates the privileges associated with this client connection object based on the provided entry for the
authentication identity.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
handle
protected static final long DEFAULT_WRITE_TIME_LIMIT_MS
protected AuthenticationInfo authenticationInfo
protected AtomicBoolean saslBindInProgress
protected AtomicBoolean bindInProgress
protected AtomicBoolean startTLSInProgress
protected ClientConnection()
@PublicAPI(stability=PRIVATE, mayInstantiate=false, mayExtend=false, mayInvoke=true, notes="This method should only be invoked by connection handlers.") protected final void finalizeConnectionInternal()
AuthenticatedUsers
manager, and will
then invoke the finalizeClientConnection
method.public final long getConnectTime()
public final String getConnectTimeString()
public abstract long getConnectionID()
public abstract ConnectionHandler<?> getConnectionHandler()
public abstract String getProtocol()
public abstract String getClientAddress()
public abstract int getClientPort()
public final String getClientHostPort()
public abstract String getServerAddress()
public abstract int getServerPort()
public final String getServerHostPort()
public abstract InetAddress getRemoteAddress()
java.net.InetAddress
associated with the remote client system.java.net.InetAddress
associated with the remote client system. It may be null
if the
client is not connected over an IP-based connection.public abstract InetAddress getLocalAddress()
java.net.InetAddress
for the Directory Server system to which the client has established
the connection.java.net.InetAddress
for the Directory Server system to which the client has established the
connection. It may be null
if the client is not connected over an IP-based connection.public abstract boolean isConnectionValid()
public abstract boolean isSecure()
false
to true
if if the client uses the StartTLS extended operation).true
if the client connection is currently using a secure mechanism to communicate with the
server, or false
if not.public long getMaxBlockedWriteTimeLimit()
public abstract long getNumberOfOperations()
public void sendResponse(Operation operation)
Note that this does not make any attempt to cancel any processing that may already be in progress for the operation.
operation
- The operation for which to send the response.public abstract void sendSearchEntry(SearchOperation searchOperation, SearchResultEntry searchEntry) throws DirectoryException
searchOperation
- The search operation with which the entry is associated.searchEntry
- The search result entry to be sent to the client.DirectoryException
- If a problem occurs while attempting to send the entry to the client and the search should be
terminated.public abstract boolean sendSearchReference(SearchOperation searchOperation, SearchResultReference searchReference) throws DirectoryException
searchOperation
- The search operation with which the reference is associated.searchReference
- The search result reference to be sent to the client.true
if the client is able to accept referrals, or false
if the client cannot handle
referrals and no more attempts should be made to send them for the associated search operation.DirectoryException
- If a problem occurs while attempting to send the reference to the client and the search should be
terminated.public final boolean sendIntermediateResponse(IntermediateResponse intermediateResponse)
intermediateResponse
- The intermediate response message to be sent.true
if processing on the associated operation should continue, or false
if not.protected abstract boolean sendIntermediateResponseMessage(IntermediateResponse intermediateResponse)
intermediateResponse
- The intermediate response message to be sent.true
if processing on the associated operation should continue, or false
if not.public abstract void disconnect(DisconnectReason disconnectReason, boolean sendNotification, LocalizableMessage message)
disconnectClient
method within that operation should be
called rather than invoking this method directly. finalizeConnectionInternal
method during the course of processing this
method.disconnectReason
- The disconnect reason that provides the generic cause for the disconnect.sendNotification
- Indicates whether to try to provide notification to the client that the connection will be closed.message
- The message to send to the client. It may be null
if no notification is to be sent.public final boolean mustChangePassword()
true
if the user associated with this client connection must change their password before they
will be allowed to do anything else, or false
if not.public final void setMustChangePassword(boolean mustChangePassword)
mustChangePassword
- Specifies whether the user associated with this client connection must change their password before
they will be allowed to do anything else.public abstract Operation getOperationInProgress(int messageID)
messageID
- The message ID of the operation to retrieve.null
if no such operation could be
found.public abstract void removeOperationInProgress(int messageID)
messageID
- The message ID of the operation to remove from the set of operations in progress.public final List<PersistentSearch> getPersistentSearches()
@PublicAPI(stability=PRIVATE, mayInstantiate=false, mayExtend=false, mayInvoke=false) public final void registerPersistentSearch(PersistentSearch persistentSearch)
DirectoryServer.registerPersistentSearch
and not through any other means.persistentSearch
- The persistent search to register for this client.@PublicAPI(stability=PRIVATE, mayInstantiate=false, mayExtend=false, mayInvoke=false) public final void deregisterPersistentSearch(PersistentSearch persistentSearch)
DirectoryServer.deregisterPersistentSearch
and not through any other means.persistentSearch
- The persistent search to deregister for this client.public AuthenticationInfo getAuthenticationInfo()
public void setAuthenticationInfo(AuthenticationInfo authenticationInfo)
authenticationInfo
- Information about the authentication that has been performed for this connection. It should not be
null
.public final void updateAuthenticationInfo(Entry oldEntry, Entry newEntry)
oldEntry
- The user entry currently serving as the authentication and/or authorization identity.newEntry
- The updated entry that should replace the existing entry. It may optionally have a different DN than
the old entry.public void setUnauthenticated()
public static boolean hasPrivilege(Entry authorizationEntry, Privilege privilege)
authorizationEntry
- The authentication entry to use.privilege
- The privilege to check for.true
if the authentication entry has the specified privilege, or false
if not.public boolean hasPrivilege(Privilege privilege, Operation operation)
privilege
- The privilege for which to make the determination.operation
- The operation being processed which needs to make the privilege determination, or null
if
there is no associated operation.true
if the authenticated client has the specified privilege, or false
if not.public boolean hasAllPrivileges(Privilege[] privileges, Operation operation)
privileges
- The array of privileges for which to make the determination.operation
- The operation being processed which needs to make the privilege determination, or null
if
there is no associated operation.true
if the authenticated client has all of the specified privileges, or false
if not.protected final void updatePrivileges(Entry entry, boolean isRoot)
entry
- The entry for the authentication identity associated with this client connection.isRoot
- Indicates whether the associated user is a root user and should automatically inherit the root
privilege set.public final Object getSASLAuthStateInfo()
public final void setSASLAuthStateInfo(Object saslAuthState)
saslAuthState
- An opaque set of information that may be used for processing multi-stage SASL binds.public final int getSizeLimit()
public void setSizeLimit(int sizeLimit)
sizeLimit
- The size limit that will be enforced for searches performed using this client connection.public final long getIdleTimeLimit()
public void setIdleTimeLimit(long idleTimeLimit)
idleTimeLimit
- The maximum length of time in milliseconds that this client connection will be allowed to remain idle
before it should be disconnected.public int getLookthroughLimit()
public void setLookthroughLimit(int lookthroughLimit)
lookthroughLimit
- The default maximum number of entries that should be check for matches during a search.public final int getTimeLimit()
public void setTimeLimit(int timeLimit)
timeLimit
- The time limit that will be enforced for searches performed using this client connection.public abstract String getMonitorSummary()
public Dn getKeyManagerProviderDN()
null
to indicate that no key manager provider is available,
but subclasses should override this method to return a valid DN if they perform operations which may need access
to a key manager.null
if there is no key manager provider configured for this client connection.public Dn getTrustManagerProviderDN()
null
to indicate that no trust manager provider is available,
but subclasses should override this method to return a valid DN if they perform operations which may need access
to a trust manager.null
if there is no trust manager provider configured for this client connection.public String getCertificateAlias()
null
to indicate that any alias is acceptable.null
if any alias is acceptable.public final String toString()
public abstract void toString(StringBuilder buffer)
buffer
- The buffer to which the information should be appended.public long getIdleTime()
public abstract int getSSF()
public void finishBind()
public void finishStartTLS()
public void finishSaslBind()
public boolean isInnerConnection()
true
if this is an inner connection, false
otherwiseCopyright 2010-2020 ForgeRock AS.