001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2008 Sun Microsystems, Inc. 015 * Portions Copyright 2011-2016 ForgeRock AS. 016 */ 017package org.opends.server.extensions; 018 019import org.forgerock.i18n.slf4j.LocalizedLogger; 020import org.forgerock.opendj.config.server.ConfigException; 021import org.forgerock.opendj.ldap.ByteString; 022import org.forgerock.opendj.ldap.ResultCode; 023import org.forgerock.opendj.server.config.server.AnonymousSASLMechanismHandlerCfg; 024import org.opends.server.api.SASLMechanismHandler; 025import org.opends.server.core.BindOperation; 026import org.opends.server.core.DirectoryServer; 027import org.opends.server.types.AdditionalLogItem; 028import org.opends.server.types.AuthenticationInfo; 029import org.opends.server.types.InitializationException; 030 031import static org.opends.server.util.ServerConstants.*; 032 033/** 034 * This class provides an implementation of a SASL mechanism, as defined in RFC 035 * 4505, that does not perform any authentication. That is, anyone attempting 036 * to bind with this SASL mechanism will be successful and will be given the 037 * rights of an unauthenticated user. The request may or may not include a set 038 * of SASL credentials which will serve as trace information. If provided, 039 * then that trace information will be written to the server error log. 040 */ 041public class AnonymousSASLMechanismHandler 042 extends SASLMechanismHandler<AnonymousSASLMechanismHandlerCfg> 043{ 044 private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass(); 045 046 /** 047 * Creates a new instance of this SASL mechanism handler. No initialization 048 * should be done in this method, as it should all be performed in the 049 * <CODE>initializeSASLMechanismHandler</CODE> method. 050 */ 051 public AnonymousSASLMechanismHandler() 052 { 053 super(); 054 } 055 056 @Override 057 public void initializeSASLMechanismHandler(AnonymousSASLMechanismHandlerCfg configuration) 058 throws ConfigException, InitializationException 059 { 060 // No real implementation is required. Simply register with the Directory 061 // Server for the ANONYMOUS mechanism. 062 DirectoryServer.registerSASLMechanismHandler(SASL_MECHANISM_ANONYMOUS, this); 063 } 064 065 @Override 066 public void finalizeSASLMechanismHandler() 067 { 068 DirectoryServer.deregisterSASLMechanismHandler(SASL_MECHANISM_ANONYMOUS); 069 } 070 071 @Override 072 public void processSASLBind(BindOperation bindOperation) 073 { 074 // See if the client provided SASL credentials including trace information. 075 // If so, then write it to the access log as additional log information, and 076 // as an informational message to the error log. 077 ByteString saslCredentials = bindOperation.getSASLCredentials(); 078 if (saslCredentials != null) 079 { 080 String credString = saslCredentials.toString(); 081 if (credString.length() > 0) 082 { 083 bindOperation.addAdditionalLogItem(AdditionalLogItem.quotedKeyValue( 084 getClass(), "trace", credString)); 085 } 086 } 087 088 // Authenticate the client anonymously and indicate that the bind was successful. 089 AuthenticationInfo authInfo = new AuthenticationInfo(); 090 bindOperation.setAuthenticationInfo(authInfo); 091 bindOperation.setResultCode(ResultCode.SUCCESS); 092 } 093 094 @Override 095 public boolean isPasswordBased(String mechanism) 096 { 097 // This is not a password-based mechanism. 098 return false; 099 } 100 101 @Override 102 public boolean isSecure(String mechanism) 103 { 104 // This is not a secure mechanism. 105 return false; 106 } 107}