001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2010 Sun Microsystems, Inc. 015 * Portions Copyright 2012-2014 ForgeRock AS. 016 */ 017 018package org.forgerock.opendj.ldap.requests; 019 020import java.util.List; 021 022import org.forgerock.opendj.ldap.DecodeException; 023import org.forgerock.opendj.ldap.DecodeOptions; 024import org.forgerock.opendj.ldap.LdapException; 025import org.forgerock.opendj.ldap.controls.Control; 026import org.forgerock.opendj.ldap.controls.ControlDecoder; 027 028/** 029 * The anonymous SASL bind request as defined in RFC 4505. This SASL mechanism 030 * allows a client to authenticate to the server without requiring the user to 031 * establish or otherwise disclose their identity to the server. That is, this 032 * mechanism provides an anonymous login method. This mechanism does not provide 033 * a security layer. 034 * <p> 035 * Clients should provide trace information, which has no semantic value, and 036 * can be used by administrators in order to identify the user. It should take 037 * one of two forms: an Internet email address, or an opaque string that does 038 * not contain the '@' (U+0040) character and that can be interpreted by the 039 * system administrator of the client's domain. For privacy reasons, an Internet 040 * email address or other information identifying the user should only be used 041 * with permission from the user. 042 * 043 * @see <a href="http://tools.ietf.org/html/rfc4505">RFC 4505 - Anonymous Simple 044 * Authentication and Security Layer (SASL) Mechanism </a> 045 */ 046public interface AnonymousSASLBindRequest extends SASLBindRequest { 047 048 /** 049 * The name of the SASL mechanism that does not provide any authentication 050 * but rather uses anonymous access. 051 */ 052 String SASL_MECHANISM_NAME = "ANONYMOUS"; 053 054 @Override 055 AnonymousSASLBindRequest addControl(Control control); 056 057 @Override 058 BindClient createBindClient(String serverName) throws LdapException; 059 060 /** 061 * Returns the authentication mechanism identifier for this SASL bind 062 * request as defined by the LDAP protocol, which is always {@code 0xA3}. 063 * 064 * @return The authentication mechanism identifier. 065 */ 066 @Override 067 byte getAuthenticationType(); 068 069 @Override 070 <C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options) 071 throws DecodeException; 072 073 @Override 074 List<Control> getControls(); 075 076 /** 077 * Returns the name of the Directory object that the client wishes to bind 078 * as, which is always the empty string for SASL authentication. 079 * 080 * @return The name of the Directory object that the client wishes to bind 081 * as. 082 */ 083 @Override 084 String getName(); 085 086 @Override 087 String getSASLMechanism(); 088 089 /** 090 * Returns the trace information, which has no semantic value, and can be 091 * used by administrators in order to identify the user. 092 * 093 * @return The trace information, which has no semantic value, and can be 094 * used by administrators in order to identify the user. 095 */ 096 String getTraceString(); 097 098 /** 099 * Sets the trace information, which has no semantic value, and can be used 100 * by administrators in order to identify the user. 101 * 102 * @param traceString 103 * The trace information, which has no semantic value, and can be 104 * used by administrators in order to identify the user. 105 * @return This bind request. 106 * @throws UnsupportedOperationException 107 * If this anonymous SASL request does not permit the trace 108 * information to be set. 109 * @throws NullPointerException 110 * If {@code traceString} was {@code null}. 111 */ 112 AnonymousSASLBindRequest setTraceString(String traceString); 113}