001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2006-2008 Sun Microsystems, Inc.
015 * Portions Copyright 2014-2016 ForgeRock AS.
016 */
017package org.opends.server.types.operation;
018import org.forgerock.i18n.LocalizableMessage;
019
020
021
022import org.opends.server.types.AuthenticationType;
023import org.forgerock.opendj.ldap.ByteString;
024import org.forgerock.opendj.ldap.DN;
025import org.opends.server.types.Entry;
026
027
028
029/**
030 * This class defines a set of methods that are available for use by
031 * post-response plugins for bind operations.  Note that this
032 * interface is intended only to define an API for use by plugins and
033 * is not intended to be implemented by any custom classes.
034 */
035@org.opends.server.types.PublicAPI(
036     stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
037     mayInstantiate=false,
038     mayExtend=false,
039     mayInvoke=true)
040public interface PostResponseBindOperation
041       extends PostOperationOperation
042{
043  /**
044   * Retrieves the authentication type for this bind operation.
045   *
046   * @return  The authentication type for this bind operation.
047   */
048  AuthenticationType getAuthenticationType();
049
050
051
052  /**
053   * Retrieves a string representation of the protocol version
054   * associated with this bind request.
055   *
056   * @return  A string representation of the protocol version
057   *          associated with this bind request.
058   */
059  String getProtocolVersion();
060
061
062
063  /**
064   * Retrieves the raw, unprocessed bind DN for this bind operation as
065   * contained in the client request.  The value may not actually
066   * contain a valid DN, as no validation will have been performed.
067   *
068   * @return  The raw, unprocessed bind DN for this bind operation as
069   *          contained in the client request.
070   */
071  ByteString getRawBindDN();
072
073
074
075  /**
076   * Retrieves the bind DN for this bind operation.
077   *
078   * @return  The bind DN for this bind operation.
079   */
080  DN getBindDN();
081
082
083
084  /**
085   * Retrieves the simple authentication password for this bind
086   * operation.
087   *
088   * @return  The simple authentication password for this bind
089   *          operation.
090   */
091  ByteString getSimplePassword();
092
093
094
095  /**
096   * Retrieves the SASL mechanism for this bind operation.
097   *
098   * @return  The SASL mechanism for this bind operation, or
099   *          <CODE>null</CODE> if the bind does not use SASL
100   *          authentication.
101   */
102  String getSASLMechanism();
103
104
105
106  /**
107   * Retrieves the SASL credentials for this bind operation.
108   *
109   * @return  The SASL credentials for this bind operation, or
110   *          <CODE>null</CODE> if there are none or if the bind does
111   *          not use SASL authentication.
112   */
113  ByteString getSASLCredentials();
114
115
116
117  /**
118   * Retrieves the set of server SASL credentials to include in the
119   * bind response.
120   *
121   * @return  The set of server SASL credentials to include in the
122   *          bind response, or <CODE>null</CODE> if there are none.
123   */
124  ByteString getServerSASLCredentials();
125
126
127
128  /**
129   * Retrieves the user entry associated with the SASL authentication
130   * attempt.  This should be set by any SASL mechanism in which the
131   * processing was able to get far enough to make this determination,
132   * regardless of whether the authentication was ultimately
133   * successful.
134   *
135   * @return  The user entry associated with the SASL authentication
136   *          attempt, or <CODE>null</CODE> if it was not a SASL
137   *          authentication or the SASL processing was not able to
138   *          map the request to a user.
139   */
140  Entry getSASLAuthUserEntry();
141
142
143
144  /**
145   * Retrieves a human-readable message providing the reason that the
146   * authentication failed, if available.
147   *
148   * @return  A human-readable message providing the reason that the
149   *          authentication failed, or <CODE>null</CODE> if none is
150   *          available.
151   */
152  LocalizableMessage getAuthFailureReason();
153
154
155
156  /**
157   * Retrieves the user entry DN for this bind operation.  It will
158   * only be available if the bind processing has proceeded far enough
159   * to identify the user attempting to authenticate.
160   *
161   * @return  The user entry DN for this bind operation, or
162   *          <CODE>null</CODE> if the bind processing has not
163   *          progressed far enough to identify the user or if the
164   *          user DN could not be determined.
165   */
166  DN getUserEntryDN();
167}
168