001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2016 ForgeRock AS.
015 */
016package org.forgerock.opendj.rest2ldap.authz;
017
018import org.forgerock.opendj.ldap.ConnectionFactory;
019import org.forgerock.opendj.ldap.DN;
020import org.forgerock.opendj.ldap.SearchScope;
021import org.forgerock.opendj.ldap.schema.Schema;
022
023
024/**
025 * Factory methods of {@link AuthenticationStrategy} allowing to perform authentication against LDAP server through
026 * different method.
027 */
028public final class AuthenticationStrategies {
029
030    private AuthenticationStrategies() {
031    }
032
033    /**
034     * Creates an {@link AuthenticationStrategy} performing simple BIND authentication against an LDAP server.
035     *
036     * @param connectionFactory
037     *            {@link ConnectionFactory} to the LDAP server used to perform the bind operation.
038     * @param bindDNTemplate
039     *            Tempalte of the DN to use for the bind operation. The first %s will be replaced by the provided
040     *            authentication-id (i.e: uid=%s,dc=example,dc=com)
041     * @param schema
042     *            {@link Schema} used to validate the DN format.*
043     * @return a new simple bind {@link AuthenticationStrategy}
044     * @throws NullPointerException
045     *             If a parameter is null
046     */
047    public static AuthenticationStrategy newSimpleBindStrategy(ConnectionFactory connectionFactory,
048            String bindDNTemplate, Schema schema) {
049        return new SimpleBindStrategy(connectionFactory, bindDNTemplate, schema);
050    }
051
052    /**
053     * Creates an {@link AuthenticationStrategy} performing authentication against an LDAP server by first performing a
054     * lookup of the entry to bind with. This is to find the user DN to bind with from its metadata (i.e: email
055     * address).
056     *
057     * @param searchConnectionFactory
058     *            {@link ConnectionFactory} to the LDAP server used to perform the lookup of the entry.
059     * @param bindConnectionFactory
060     *            {@link ConnectionFactory} to the LDAP server used to perform the bind one the user's DN has been
061     *            found. Can be the same than the searchConnectionFactory.
062     * @param baseDN
063     *            Base DN of the search request performed to find the user's DN.
064     * @param searchScope
065     *            {@link SearchScope} of the search request performed to find the user's DN.
066     * @param filterTemplate
067     *            Filter of the search request (i.e: (&(email=%s)(objectClass=inetOrgPerson)) where the first %s will be
068     *            replaced by the user's provided authentication-id.
069     * @return a new search then bind {@link AuthenticationStrategy}
070     * @throws NullPointerException
071     *             If a parameter is null
072     */
073    public static AuthenticationStrategy newSearchThenBindStrategy(ConnectionFactory searchConnectionFactory,
074            ConnectionFactory bindConnectionFactory, DN baseDN, SearchScope searchScope, String filterTemplate) {
075        return new SearchThenBindStrategy(searchConnectionFactory, bindConnectionFactory, baseDN, searchScope,
076                filterTemplate);
077    }
078
079    /**
080     * Creates an {@link AuthenticationStrategy} performing authentication against an LDAP server using a plain SASL
081     * bind request.
082     *
083     * @param connectionFactory
084     *            {@link ConnectionFactory} to the LDAP server to authenticate with.
085     * @param authcIdTemplate
086     *            Authentication identity template containing a single %s which will be replaced by the authenticating
087     *            user's name. (i.e: (u:%s)
088     * @param schema
089     *            Schema used to perform DN validation.
090     * @return a new SASL plain bind {@link AuthenticationStrategy}
091     * @throws NullPointerException
092     *             If a parameter is null
093     */
094    public static AuthenticationStrategy newSaslPlainStrategy(ConnectionFactory connectionFactory, Schema schema,
095                                                              String authcIdTemplate) {
096        return new SaslPlainStrategy(connectionFactory, schema, authcIdTemplate);
097    }
098}