001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2016 ForgeRock AS. 015 */ 016package org.forgerock.opendj.rest2ldap.authz; 017 018import org.forgerock.opendj.ldap.ConnectionFactory; 019import org.forgerock.opendj.ldap.DN; 020import org.forgerock.opendj.ldap.SearchScope; 021import org.forgerock.opendj.ldap.schema.Schema; 022 023 024/** 025 * Factory methods of {@link AuthenticationStrategy} allowing to perform authentication against LDAP server through 026 * different method. 027 */ 028public final class AuthenticationStrategies { 029 030 private AuthenticationStrategies() { 031 } 032 033 /** 034 * Creates an {@link AuthenticationStrategy} performing simple BIND authentication against an LDAP server. 035 * 036 * @param connectionFactory 037 * {@link ConnectionFactory} to the LDAP server used to perform the bind operation. 038 * @param bindDNTemplate 039 * Tempalte of the DN to use for the bind operation. The first %s will be replaced by the provided 040 * authentication-id (i.e: uid=%s,dc=example,dc=com) 041 * @param schema 042 * {@link Schema} used to validate the DN format.* 043 * @return a new simple bind {@link AuthenticationStrategy} 044 * @throws NullPointerException 045 * If a parameter is null 046 */ 047 public static AuthenticationStrategy newSimpleBindStrategy(ConnectionFactory connectionFactory, 048 String bindDNTemplate, Schema schema) { 049 return new SimpleBindStrategy(connectionFactory, bindDNTemplate, schema); 050 } 051 052 /** 053 * Creates an {@link AuthenticationStrategy} performing authentication against an LDAP server by first performing a 054 * lookup of the entry to bind with. This is to find the user DN to bind with from its metadata (i.e: email 055 * address). 056 * 057 * @param searchConnectionFactory 058 * {@link ConnectionFactory} to the LDAP server used to perform the lookup of the entry. 059 * @param bindConnectionFactory 060 * {@link ConnectionFactory} to the LDAP server used to perform the bind one the user's DN has been 061 * found. Can be the same than the searchConnectionFactory. 062 * @param baseDN 063 * Base DN of the search request performed to find the user's DN. 064 * @param searchScope 065 * {@link SearchScope} of the search request performed to find the user's DN. 066 * @param filterTemplate 067 * Filter of the search request (i.e: (&(email=%s)(objectClass=inetOrgPerson)) where the first %s will be 068 * replaced by the user's provided authentication-id. 069 * @return a new search then bind {@link AuthenticationStrategy} 070 * @throws NullPointerException 071 * If a parameter is null 072 */ 073 public static AuthenticationStrategy newSearchThenBindStrategy(ConnectionFactory searchConnectionFactory, 074 ConnectionFactory bindConnectionFactory, DN baseDN, SearchScope searchScope, String filterTemplate) { 075 return new SearchThenBindStrategy(searchConnectionFactory, bindConnectionFactory, baseDN, searchScope, 076 filterTemplate); 077 } 078 079 /** 080 * Creates an {@link AuthenticationStrategy} performing authentication against an LDAP server using a plain SASL 081 * bind request. 082 * 083 * @param connectionFactory 084 * {@link ConnectionFactory} to the LDAP server to authenticate with. 085 * @param authcIdTemplate 086 * Authentication identity template containing a single %s which will be replaced by the authenticating 087 * user's name. (i.e: (u:%s) 088 * @param schema 089 * Schema used to perform DN validation. 090 * @return a new SASL plain bind {@link AuthenticationStrategy} 091 * @throws NullPointerException 092 * If a parameter is null 093 */ 094 public static AuthenticationStrategy newSaslPlainStrategy(ConnectionFactory connectionFactory, Schema schema, 095 String authcIdTemplate) { 096 return new SaslPlainStrategy(connectionFactory, schema, authcIdTemplate); 097 } 098}