public interface GSSAPISASLBindRequest extends SASLBindRequest
The optional authorization identity is specified using an authorization ID,
or authzId
, as defined in RFC 4513 section 5.2.1.8.
Modifier and Type | Field and Description |
---|---|
static String |
QOP_AUTH
Indicates that the client will accept authentication only.
|
static String |
QOP_AUTH_CONF
Indicates that the client will accept authentication with connection
integrity protection and encryption.
|
static String |
QOP_AUTH_INT
Indicates that the client will accept authentication with connection
integrity protection.
|
static String |
SASL_MECHANISM_NAME
The name of the SASL mechanism based on GSS-API authentication.
|
AUTHENTICATION_TYPE_SASL, AUTHENTICATION_TYPE_SIMPLE, OBFUSCATED_PASSWORD
Modifier and Type | Method and Description |
---|---|
GSSAPISASLBindRequest |
addAdditionalAuthParam(String name,
String value)
Adds the provided additional authentication parameter to the list of
parameters to be passed to the underlying mechanism implementation.
|
GSSAPISASLBindRequest |
addControl(Control control)
Adds the provided control to this request.
|
GSSAPISASLBindRequest |
addQOP(String... qopValues)
Adds the provided quality of protection (QOP) values to the ordered list
of QOP values that the client is willing to accept.
|
BindClient |
createBindClient(String serverName)
Creates a new bind client which can be used to perform the authentication
process.
|
Map<String,String> |
getAdditionalAuthParams()
Returns a map containing the provided additional authentication
parameters to be passed to the underlying mechanism implementation.
|
String |
getAuthenticationID()
Returns the authentication ID of the user, which should be the user's
Kerberos principal.
|
byte |
getAuthenticationType()
Returns the authentication mechanism identifier for this SASL bind
request as defined by the LDAP protocol, which is always
0xA3 . |
String |
getAuthorizationID()
Returns the optional authorization ID of the user which represents an
alternate authorization identity which should be used for subsequent
operations performed on the connection.
|
<C extends Control> |
getControl(ControlDecoder<C> decoder,
DecodeOptions options)
Decodes and returns the first control in this request having an OID
corresponding to the provided control decoder.
|
List<Control> |
getControls()
Returns a
List containing the controls included with this
request. |
String |
getKDCAddress()
Returns the optional address of the Kerberos KDC (Key Distribution
Center).
|
int |
getMaxReceiveBufferSize()
Returns the maximum size of the receive buffer in bytes.
|
int |
getMaxSendBufferSize()
Returns the maximum size of the send buffer in bytes.
|
String |
getName()
Returns the name of the Directory object that the client wishes to bind
as, which is always the empty string for SASL authentication.
|
byte[] |
getPassword()
Returns the password of the user that the client wishes to bind as.
|
List<String> |
getQOPs()
Returns the ordered list of quality of protection (QOP) values that the
client is willing to accept.
|
String |
getRealm()
Returns the optional realm containing the user's account.
|
String |
getSASLMechanism()
Returns the SASL mechanism for this SASL bind request.
|
Subject |
getSubject()
Returns the Kerberos subject of the user to be authenticated.
|
boolean |
isServerAuth()
Returns
true if the server must authenticate to the client. |
GSSAPISASLBindRequest |
setAuthenticationID(String authenticationID)
Sets the authentication ID of the user, which should be the user's
Kerberos principal.
|
GSSAPISASLBindRequest |
setAuthorizationID(String authorizationID)
Sets the optional authorization ID of the user which represents an
alternate authorization identity which should be used for subsequent
operations performed on the connection.
|
GSSAPISASLBindRequest |
setKDCAddress(String address)
Sets the optional address of the Kerberos KDC (Key Distribution Center).
|
GSSAPISASLBindRequest |
setMaxReceiveBufferSize(int size)
Sets the maximum size of the receive buffer in bytes.
|
GSSAPISASLBindRequest |
setMaxSendBufferSize(int size)
Sets the maximum size of the send buffer in bytes.
|
GSSAPISASLBindRequest |
setPassword(byte[] password)
Sets the password of the user that the client wishes to bind as.
|
GSSAPISASLBindRequest |
setPassword(char[] password)
Sets the password of the user that the client wishes to bind as.
|
GSSAPISASLBindRequest |
setRealm(String realm)
Sets the optional realm containing the user's account.
|
GSSAPISASLBindRequest |
setServerAuth(boolean serverAuth)
Specifies whether the server must authenticate to the client.
|
GSSAPISASLBindRequest |
setSubject(Subject subject)
Sets the Kerberos subject of the user to be authenticated.
|
containsControl
static final String QOP_AUTH
static final String QOP_AUTH_CONF
static final String QOP_AUTH_INT
static final String SASL_MECHANISM_NAME
GSSAPISASLBindRequest addAdditionalAuthParam(String name, String value)
name
- The name of the additional authentication parameter.value
- The value of the additional authentication parameter.UnsupportedOperationException
- If this bind request does not permit additional
authentication parameters to be added.NullPointerException
- If name
or value
was null
.GSSAPISASLBindRequest addControl(Control control)
Request
addControl
in interface BindRequest
addControl
in interface Request
addControl
in interface SASLBindRequest
control
- The control to be added to this request.GSSAPISASLBindRequest addQOP(String... qopValues)
By default the client will accept AUTH
.
qopValues
- The quality of protection values that the client is willing to
accept.UnsupportedOperationException
- If this bind request does not permit QOP values to be added.NullPointerException
- If qopValues
was null
.QOP_AUTH
,
QOP_AUTH_INT
,
QOP_AUTH_CONF
BindClient createBindClient(String serverName) throws LdapException
BindRequest
createBindClient
in interface BindRequest
createBindClient
in interface SASLBindRequest
serverName
- The non-null fully-qualified host name of the server to
authenticate to.LdapException
- If an error occurred while creating the bind client context.Map<String,String> getAdditionalAuthParams()
String getAuthenticationID()
NOTE: this will not be used if a Subject
is specified.
byte getAuthenticationType()
0xA3
.getAuthenticationType
in interface BindRequest
getAuthenticationType
in interface SASLBindRequest
String getAuthorizationID()
null
.<C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options) throws DecodeException
Request
getControl
in interface BindRequest
getControl
in interface Request
getControl
in interface SASLBindRequest
C
- The type of control to be decoded and returned.decoder
- The control decoder.options
- The set of decode options which should be used when decoding
the control.null
if the control is not
included with this request.DecodeException
- If the control could not be decoded because it was malformed
in some way (e.g. the control value was missing, or its
content could not be decoded).List<Control> getControls()
Request
List
containing the controls included with this
request. The returned List
may be modified if permitted by this
request.getControls
in interface BindRequest
getControls
in interface Request
getControls
in interface SASLBindRequest
List
containing the controls.String getKDCAddress()
NOTE: this will not be used if a Subject
is specified.
null
.int getMaxReceiveBufferSize()
int getMaxSendBufferSize()
String getName()
getName
in interface BindRequest
getName
in interface SASLBindRequest
byte[] getPassword()
Unless otherwise indicated, implementations will store a reference to the returned password byte array, allowing applications to overwrite the password after it has been used.
NOTE: this will not be used if a Subject
is specified.
List<String> getQOPs()
By default the client will accept AUTH
.
String getRealm()
NOTE: this will not be used if a Subject
is specified.
null
.String getSASLMechanism()
SASLBindRequest
getSASLMechanism
in interface SASLBindRequest
Subject getSubject()
NOTE: if a Subject
is specified then the authentication
ID, KDC address, password, and realm, will be ignored.
boolean isServerAuth()
true
if the server must authenticate to the client. The
default is false
.true
if the server must authenticate to the client.GSSAPISASLBindRequest setAuthenticationID(String authenticationID)
NOTE: this will not be used if a Subject
is specified.
authenticationID
- The authentication ID of the user.LocalizedIllegalArgumentException
- If authenticationID
was non-empty and did not contain
a valid authorization ID type.NullPointerException
- If authenticationID
was null
.GSSAPISASLBindRequest setAuthorizationID(String authorizationID)
authorizationID
- The authorization ID of the user, which may be null
.LocalizedIllegalArgumentException
- If authorizationID
was non-empty and did not contain
a valid authorization ID type.GSSAPISASLBindRequest setKDCAddress(String address)
NOTE: this will not be used if a Subject
is specified.
address
- The address of the Kerberos KDC (Key Distribution Center),
which may be null
.UnsupportedOperationException
- If this bind request does not permit the KDC address to be
set.NullPointerException
- If address
was null
.GSSAPISASLBindRequest setMaxReceiveBufferSize(int size)
size
- The maximum size of the receive buffer in bytes.UnsupportedOperationException
- If this bind request does not permit the buffer size to be
set.GSSAPISASLBindRequest setMaxSendBufferSize(int size)
size
- The maximum size of the send buffer in bytes.UnsupportedOperationException
- If this bind request does not permit the buffer size to be
set.GSSAPISASLBindRequest setPassword(byte[] password)
Unless otherwise indicated, implementations will store a reference to the provided password byte array, allowing applications to overwrite the password after it has been used.
NOTE: this will not be used if a Subject
is specified.
password
- The password of the user that the client wishes to bind as,
which may be empty.UnsupportedOperationException
- If this bind request does not permit the password to be set.NullPointerException
- If password
was null
.GSSAPISASLBindRequest setPassword(char[] password)
NOTE: this will not be used if a Subject
is specified.
password
- The password of the user that the client wishes to bind as.UnsupportedOperationException
- If this bind request does not permit the password to be set.NullPointerException
- If password
was null
.GSSAPISASLBindRequest setRealm(String realm)
NOTE: this will not be used if a Subject
is specified.
realm
- The name of the realm containing the user's account, which may
be null
.UnsupportedOperationException
- If this bind request does not permit the realm to be set.NullPointerException
- If realm
was null
.GSSAPISASLBindRequest setServerAuth(boolean serverAuth)
false
.serverAuth
- true
if the server must authenticate to the client or
false
otherwise.UnsupportedOperationException
- If this bind request does not permit server auth to be set.GSSAPISASLBindRequest setSubject(Subject subject)
NOTE: if a Subject
is specified then the authentication
ID, KDC address, password, and realm, will be ignored.
subject
- The Kerberos subject of the user to be authenticated.UnsupportedOperationException
- If this bind request does not permit the Kerberos subject to
be set.NullPointerException
- If subject
was null
.Copyright 2010-2017 ForgeRock AS.