public class LDAPAuthenticationHandler extends Object implements PrivilegedExceptionAction<Object>, CallbackHandler
AuthenticationHandler
object is to be
used concurrently by multiple threads, it must be externally synchronized.Constructor and Description |
---|
LDAPAuthenticationHandler(LDAPReader reader,
LDAPWriter writer,
String hostName,
AtomicInteger nextMessageID)
Creates a new instance of this authentication handler.
|
Modifier and Type | Method and Description |
---|---|
String |
doSASLBind(ByteSequence bindDN,
ByteSequence bindPassword,
String mechanism,
Map<String,List<String>> saslProperties,
List<Control> requestControls,
List<Control> responseControls)
Processes a SASL bind using the provided information.
|
String |
doSASLExternal(ByteSequence bindDN,
Map<String,List<String>> saslProperties,
List<Control> requestControls,
List<Control> responseControls)
Processes a SASL EXTERNAL bind with the provided information.
|
String |
doSASLPlain(ByteSequence bindDN,
ByteSequence bindPassword,
Map<String,List<String>> saslProperties,
List<Control> requestControls,
List<Control> responseControls)
Processes a SASL PLAIN bind with the provided information.
|
String |
doSimpleBind(int ldapVersion,
ByteSequence bindDN,
ByteSequence bindPassword,
List<Control> requestControls,
List<Control> responseControls)
Processes a bind using simple authentication with the provided information.
|
static Map<String,LocalizableMessage> |
getSASLProperties(String mechanism)
Retrieves a list of the SASL properties that may be provided for the specified SASL mechanism, mapped from the
property names to their corresponding descriptions.
|
static String[] |
getSupportedSASLMechanisms()
Retrieves a list of the SASL mechanisms that are supported by this client library.
|
void |
handle(Callback[] callbacks)
Handles the authentication callbacks to provide information needed by the JAAS login process.
|
ByteString |
requestAuthorizationIdentity()
Uses the "Who Am I?" extended operation to request that the server provide the client with the authorization
identity for this connection.
|
Object |
run()
Performs a privileged operation under JAAS so that the local authentication information can be available for the
SASL bind to the Directory Server.
|
public LDAPAuthenticationHandler(LDAPReader reader, LDAPWriter writer, String hostName, AtomicInteger nextMessageID)
reader
- The LDAP reader that will be used to read data from the server.writer
- The LDAP writer that will be used to send data to the server.hostName
- The host name used to connect to the remote system (fully-qualified if possible).nextMessageID
- The atomic integer that will be used to obtain message IDs for request messages.public static String[] getSupportedSASLMechanisms()
public static Map<String,LocalizableMessage> getSASLProperties(String mechanism)
mechanism
- The name of the SASL mechanism for which to obtain the list of supported properties.public String doSimpleBind(int ldapVersion, ByteSequence bindDN, ByteSequence bindPassword, List<Control> requestControls, List<Control> responseControls) throws com.forgerock.opendj.cli.ClientException, LdapException
ldapVersion
- The LDAP protocol version to use for the bind request.bindDN
- The DN to use to bind to the Directory Server, or null
if it is to be an anonymous bind.bindPassword
- The password to use to bind to the Directory Server, or null
if it is to be an anonymous
bind.requestControls
- The set of controls to include the request to the server.responseControls
- A list to hold the set of controls included in the response from the server.null
if there
is no special information available.com.forgerock.opendj.cli.ClientException
- If a client-side problem prevents the bind attempt from succeeding.LdapException
- If the bind fails or some other server-side problem occurs during processing.public String doSASLBind(ByteSequence bindDN, ByteSequence bindPassword, String mechanism, Map<String,List<String>> saslProperties, List<Control> requestControls, List<Control> responseControls) throws com.forgerock.opendj.cli.ClientException, LdapException
bindDN
- The DN to use to bind to the Directory Server, or null
if the authentication identity is
to be set through some other means.bindPassword
- The password to use to bind to the Directory Server, or null
if this is not a
password-based SASL mechanism.mechanism
- The name of the SASL mechanism to use to authenticate to the Directory Server.saslProperties
- A set of additional properties that may be needed to process the SASL bind.requestControls
- The set of controls to include the request to the server.responseControls
- A list to hold the set of controls included in the response from the server.null
if there
is no special information available.com.forgerock.opendj.cli.ClientException
- If a client-side problem prevents the bind attempt from succeeding.LdapException
- If the bind fails or some other server-side problem occurs during processing.public String doSASLExternal(ByteSequence bindDN, Map<String,List<String>> saslProperties, List<Control> requestControls, List<Control> responseControls) throws com.forgerock.opendj.cli.ClientException, LdapException
bindDN
- The DN to use to bind to the Directory Server, or null
if the authentication identity is
to be set through some other means.saslProperties
- A set of additional properties that may be needed to process the SASL bind. SASL EXTERNAL does not
take any properties, so this should be empty or null
.requestControls
- The set of controls to include the request to the server.responseControls
- A list to hold the set of controls included in the response from the server.null
if there
is no special information available.com.forgerock.opendj.cli.ClientException
- If a client-side problem prevents the bind attempt from succeeding.LdapException
- If the bind fails or some other server-side problem occurs during processing.public String doSASLPlain(ByteSequence bindDN, ByteSequence bindPassword, Map<String,List<String>> saslProperties, List<Control> requestControls, List<Control> responseControls) throws com.forgerock.opendj.cli.ClientException, LdapException
bindDN
- The DN to use to bind to the Directory Server, or null
if the authentication identity is
to be set through some other means.bindPassword
- The password to use to bind to the Directory Server.saslProperties
- A set of additional properties that may be needed to process the SASL bind.requestControls
- The set of controls to include the request to the server.responseControls
- A list to hold the set of controls included in the response from the server.null
if there
is no special information available.com.forgerock.opendj.cli.ClientException
- If a client-side problem prevents the bind attempt from succeeding.LdapException
- If the bind fails or some other server-side problem occurs during processing.public Object run() throws com.forgerock.opendj.cli.ClientException, LdapException
run
in interface PrivilegedExceptionAction<Object>
PrivilegedExceptionAction
interface.com.forgerock.opendj.cli.ClientException
- If a client-side problem occurs during the bind processing.LdapException
- If a server-side problem occurs during the bind processing.public void handle(Callback[] callbacks) throws UnsupportedCallbackException
handle
in interface CallbackHandler
callbacks
- The callbacks needed to provide information for the JAAS login process.UnsupportedCallbackException
- If an unexpected callback is included in the provided set.public ByteString requestAuthorizationIdentity() throws com.forgerock.opendj.cli.ClientException, LdapException
null
if the client is not
authenticated or is authenticated anonymously.com.forgerock.opendj.cli.ClientException
- If a client-side problem occurs during the request processing.LdapException
- If a server-side problem occurs during the request processing.Copyright 2010-2018 ForgeRock AS.