@PublicAPI(stability=VOLATILE, mayInstantiate=true, mayExtend=true, mayInvoke=true) public abstract class ClientConnection extends Object implements RequestHandler
Modifier and Type | Field and Description |
---|---|
protected AuthenticationInfo |
authenticationInfo
The set of authentication information for this client connection.
|
protected AtomicBoolean |
bindInProgress
Indicates if a bind request is currently in progress on this client
connection.
|
protected static long |
DEFAULT_WRITE_TIME_LIMIT_MS
Write time limit which will be used when the user configured 0 (to not wait indefinitely).
|
protected AtomicBoolean |
saslBindInProgress
Indicates whether a multistage SASL bind is currently in progress
on this client connection.
|
protected AtomicBoolean |
startTLSInProgress
Indicates if a Start TLS request is currently in progress on this client
connection.
|
Modifier | Constructor and Description |
---|---|
protected |
ClientConnection()
Performs the appropriate initialization generic to all client connections.
|
Modifier and Type | Method and Description |
---|---|
abstract void |
cancelAllOperations(CancelRequest cancelRequest)
Attempts to cancel all operations in progress on this connection.
|
abstract void |
cancelAllOperationsExcept(CancelRequest cancelRequest,
int messageID)
Attempts to cancel all operations in progress on this connection
except the operation with the specified message ID.
|
abstract CancelResult |
cancelOperation(int messageID,
CancelRequest cancelRequest)
Attempts to cancel the specified operation.
|
void |
deregisterPersistentSearch(PersistentSearch persistentSearch)
Deregisters the provided persistent search for this client.
|
abstract void |
disconnect(DisconnectReason disconnectReason,
boolean sendNotification,
LocalizableMessage message)
Closes the connection to the client, optionally sending it a
message indicating the reason for the closure.
|
protected void |
finalizeConnectionInternal()
Performs any internal cleanup that may be necessary when this
client connection is disconnected.
|
void |
finishBind()
Indicates a bind or start TLS request processing is finished
and the client connection may start processing data read from
the socket again.
|
void |
finishSaslBind()
Indicates a multistage SASL bind operation is finished and the
client connection may accept additional LDAP messages.
|
void |
finishStartTLS()
Indicates a bind or start TLS request processing is finished
and the client connection may start processing data read from
the socket again.
|
AuthenticationInfo |
getAuthenticationInfo()
Retrieves information about the authentication that has been
performed for this connection.
|
String |
getCertificateAlias()
Retrieves the alias of the server certificate that should be used
for operations requiring a server certificate.
|
ByteChannel |
getChannel()
Return the lowest level channel associated with a connection.
|
abstract String |
getClientAddress()
Retrieves a string representation of the address of the client.
|
String |
getClientHostPort()
Retrieves the address and port (if available) of the client
system, separated by a colon.
|
abstract int |
getClientPort()
Retrieves the port number for this connection on the client
system if available.
|
abstract ConnectionHandler<?> |
getConnectionHandler()
Retrieves the connection handler that accepted this client
connection.
|
abstract long |
getConnectionID()
Retrieves the unique identifier that has been assigned to this
connection.
|
long |
getConnectTime()
Retrieves the time that this connection was established, measured
in the number of milliseconds since January 1, 1970 UTC.
|
String |
getConnectTimeString()
Retrieves a string representation of the time that this
connection was established.
|
Set<Group<?>> |
getGroups(Operation operation)
Retrieves the set of groups in which the user associated with
this client connection may be considered to be a member.
|
long |
getIdleTime()
Retrieves the length of time in milliseconds that this client
connection has been idle.
|
long |
getIdleTimeLimit()
Retrieves the maximum length of time in milliseconds that this
client connection will be allowed to remain idle before it should
be disconnected.
|
org.forgerock.opendj.ldap.Dn |
getKeyManagerProviderDN()
Retrieves the DN of the key manager provider that should be used
for operations requiring access to a key manager.
|
abstract InetAddress |
getLocalAddress()
Retrieves the
java.net.InetAddress for the Directory
Server system to which the client has established the connection. |
int |
getLookthroughLimit()
Retrieves the default maximum number of entries that should
checked for matches during a search.
|
long |
getMaxBlockedWriteTimeLimit()
Retrieves the maximum length of time in milliseconds that
attempts to write data to the client should be allowed to block.
|
abstract String |
getMonitorSummary()
Retrieves a one-line summary of this client connection in a form
that is suitable for including in the monitor entry for the
associated connection handler.
|
abstract long |
getNumberOfOperations()
Retrieves the total number of operations performed
on this connection.
|
abstract Operation |
getOperationInProgress(int messageID)
Retrieves the operation in progress with the specified message ID.
|
abstract Collection<Operation> |
getOperationsInProgress()
Retrieves the set of operations in progress for this client
connection.
|
List<PersistentSearch> |
getPersistentSearches()
Retrieves the set of persistent searches registered for this client.
|
abstract String |
getProtocol()
Retrieves the protocol that the client is using to communicate
with the Directory Server.
|
abstract InetAddress |
getRemoteAddress()
Retrieves the
java.net.InetAddress associated with the
remote client system. |
Object |
getSASLAuthStateInfo()
Retrieves an opaque set of information that may be used for
processing multi-stage SASL binds.
|
abstract String |
getServerAddress()
Retrieves a string representation of the address on the server to
which the client connected.
|
String |
getServerHostPort()
Retrieves the address and port of the server system, separated by
a colon.
|
abstract int |
getServerPort()
Retrieves the port number for this connection on the server
system if available.
|
int |
getSizeLimit()
Retrieves the size limit that will be enforced for searches
performed using this client connection.
|
SocketChannel |
getSocketChannel()
Return the Socket channel associated with a connection.
|
abstract int |
getSSF()
Return the Security Strength Factor of a client connection.
|
int |
getTimeLimit()
Retrieves the time limit that will be enforced for searches
performed using this client connection.
|
org.forgerock.opendj.ldap.Dn |
getTrustManagerProviderDN()
Retrieves the DN of the trust manager provider that should be
used for operations requiring access to a trust manager.
|
Selector |
getWriteSelector()
Retrieves a
Selector that may be used to ensure that
write operations complete in a timely manner, or terminate the
connection in the event that they fail to do so. |
boolean |
hasAllPrivileges(Privilege[] privileges,
Operation operation)
Indicates whether the authenticate client has all of the
specified privileges.
|
static boolean |
hasPrivilege(Entry authorizationEntry,
Privilege privilege)
Indicate whether the specified authorization entry parameter
has the specified privilege.
|
boolean |
hasPrivilege(Privilege privilege,
Operation operation)
Indicates whether the authenticated client has the specified
privilege.
|
abstract boolean |
isConnectionValid()
Returns whether the Directory Server believes this connection to be valid
and available for communication.
|
boolean |
isInnerConnection()
Returns whether this connection is used for inner work not directly
requested by an external client.
|
boolean |
isMemberOf(Group<?> group,
Operation operation)
Indicates whether the user associated with this client connection
should be considered a member of the specified group, optionally
evaluated within the context of the provided operation.
|
abstract boolean |
isSecure()
Indicates whether this client connection is currently using a
secure mechanism to communicate with the server.
|
boolean |
mustChangePassword()
Indicates whether the user associated with this client connection
must change their password before they will be allowed to do
anything else.
|
void |
registerPersistentSearch(PersistentSearch persistentSearch)
Registers the provided persistent search for this client.
|
abstract boolean |
removeOperationInProgress(int messageID)
Removes the provided operation from the set of operations in
progress for this client connection.
|
abstract void |
requestTerminated(int requestMessageId)
Notifies that the request has been fully processed (successfully or not)
and that the responses have been sent (if applicable).
|
boolean |
sendIntermediateResponse(IntermediateResponse intermediateResponse)
Invokes the intermediate response plugins on the provided
response message and sends it to the client.
|
protected abstract boolean |
sendIntermediateResponseMessage(IntermediateResponse intermediateResponse)
Sends the provided intermediate response message to the client.
|
abstract void |
sendResponse(Operation operation)
Sends a response to the client based on the information in the
provided operation.
|
abstract void |
sendSearchEntry(SearchOperation searchOperation,
SearchResultEntry searchEntry)
Sends the provided search result entry to the client.
|
abstract boolean |
sendSearchReference(SearchOperation searchOperation,
SearchResultReference searchReference)
Sends the provided search result reference to the client.
|
void |
setAuthenticationInfo(AuthenticationInfo authenticationInfo)
Specifies information about the authentication that has been
performed for this connection.
|
void |
setIdleTimeLimit(long idleTimeLimit)
Specifies the maximum length of time in milliseconds that this
client connection will be allowed to remain idle before it should
be disconnected.
|
void |
setLookthroughLimit(int lookthroughLimit)
Specifies the default maximum number of entries that should
be checked for matches during a search.
|
void |
setMustChangePassword(boolean mustChangePassword)
Specifies whether the user associated with this client connection
must change their password before they will be allowed to do
anything else.
|
void |
setSASLAuthStateInfo(Object saslAuthState)
Specifies an opaque set of information that may be used for
processing multi-stage SASL binds.
|
void |
setSizeLimit(int sizeLimit)
Specifies the size limit that will be enforced for searches
performed using this client connection.
|
void |
setTimeLimit(int timeLimit)
Specifies the time limit that will be enforced for searches
performed using this client connection.
|
void |
setUnauthenticated()
Sets properties in this client connection to indicate that the
client is unauthenticated.
|
String |
toString()
Retrieves a string representation of this client connection.
|
abstract void |
toString(StringBuilder buffer)
Appends a string representation of this client connection to the
provided buffer.
|
void |
updateAuthenticationInfo(Entry oldEntry,
Entry newEntry)
Updates the cached entry associated with either the
authentication and/or authorization identity with the provided
version.
|
protected void |
updatePrivileges(Entry entry,
boolean isRoot)
Updates the privileges associated with this client connection
object based on the provided entry for the authentication
identity.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
handle
protected static final long DEFAULT_WRITE_TIME_LIMIT_MS
protected AuthenticationInfo authenticationInfo
protected AtomicBoolean saslBindInProgress
protected AtomicBoolean bindInProgress
protected AtomicBoolean startTLSInProgress
protected ClientConnection()
@PublicAPI(stability=PRIVATE, mayInstantiate=false, mayExtend=false, mayInvoke=true, notes="This method should only be invoked by connection handlers.") protected final void finalizeConnectionInternal()
AuthenticatedUsers
manager, and
will then invoke the finalizeClientConnection
method.public final long getConnectTime()
public final String getConnectTimeString()
public abstract long getConnectionID()
public abstract ConnectionHandler<?> getConnectionHandler()
public abstract String getProtocol()
public abstract String getClientAddress()
public abstract int getClientPort()
public final String getClientHostPort()
public abstract String getServerAddress()
public abstract int getServerPort()
public final String getServerHostPort()
public abstract InetAddress getRemoteAddress()
java.net.InetAddress
associated with the
remote client system.java.net.InetAddress
associated with the
remote client system. It may be null
if the
client is not connected over an IP-based connection.public abstract InetAddress getLocalAddress()
java.net.InetAddress
for the Directory
Server system to which the client has established the connection.java.net.InetAddress
for the Directory
Server system to which the client has established the
connection. It may be null
if the client is not
connected over an IP-based connection.public abstract boolean isConnectionValid()
public abstract boolean isSecure()
false
to true
if
if the client uses the StartTLS extended operation).true
if the client connection is currently using
a secure mechanism to communicate with the server, or
false
if not.public Selector getWriteSelector()
Selector
that may be used to ensure that
write operations complete in a timely manner, or terminate the
connection in the event that they fail to do so. This is an
optional method for client connections, and the default
implementation returns null
to indicate that the maximum
blocked write time limit is not supported for this connection.
Subclasses that do wish to support this functionality should
return a valid Selector
object.Selector
that may be used to ensure that
write operations complete in a timely manner, or
null
if this client connection does not support
maximum blocked write time limit functionality.public long getMaxBlockedWriteTimeLimit()
public abstract long getNumberOfOperations()
public abstract void sendResponse(Operation operation)
operation
- The operation for which to send the response.public abstract void requestTerminated(int requestMessageId)
requestMessageId
- The id of the request message.public abstract void sendSearchEntry(SearchOperation searchOperation, SearchResultEntry searchEntry) throws DirectoryException
searchOperation
- The search operation with which the
entry is associated.searchEntry
- The search result entry to be sent to
the client.DirectoryException
- If a problem occurs while attempting
to send the entry to the client and
the search should be terminated.public abstract boolean sendSearchReference(SearchOperation searchOperation, SearchResultReference searchReference) throws DirectoryException
searchOperation
- The search operation with which the
reference is associated.searchReference
- The search result reference to be sent
to the client.true
if the client is able to accept referrals,
or false
if the client cannot handle referrals
and no more attempts should be made to send them for the
associated search operation.DirectoryException
- If a problem occurs while attempting
to send the reference to the client
and the search should be terminated.public final boolean sendIntermediateResponse(IntermediateResponse intermediateResponse)
intermediateResponse
- The intermediate response message
to be sent.true
if processing on the associated operation
should continue, or false
if not.protected abstract boolean sendIntermediateResponseMessage(IntermediateResponse intermediateResponse)
intermediateResponse
- The intermediate response message
to be sent.true
if processing on the associated operation
should continue, or false
if not.public abstract void disconnect(DisconnectReason disconnectReason, boolean sendNotification, LocalizableMessage message)
disconnectClient
method within that operation should
be called rather than invoking this method directly.
finalizeConnectionInternal
method during the course of processing this method.disconnectReason
- The disconnect reason that provides the
generic cause for the disconnect.sendNotification
- Indicates whether to try to provide
notification to the client that the
connection will be closed.message
- The message to send to the client. It
may be null
if no notification
is to be sent.public final boolean mustChangePassword()
true
if the user associated with this client
connection must change their password before they will
be allowed to do anything else, or false
if not.public final void setMustChangePassword(boolean mustChangePassword)
mustChangePassword
- Specifies whether the user associated
with this client connection must
change their password before they
will be allowed to do anything else.public abstract Collection<Operation> getOperationsInProgress()
public abstract Operation getOperationInProgress(int messageID)
messageID
- The message ID of the operation to retrieve.null
if no such operation could be found.public abstract boolean removeOperationInProgress(int messageID)
messageID
- The message ID of the operation to remove from
the set of operations in progress.true
if the operation was found and removed from
the set of operations in progress, or false
if not.public final List<PersistentSearch> getPersistentSearches()
@PublicAPI(stability=PRIVATE, mayInstantiate=false, mayExtend=false, mayInvoke=false) public final void registerPersistentSearch(PersistentSearch persistentSearch)
DirectoryServer.registerPersistentSearch
and not through any other means.persistentSearch
- The persistent search to register for this client.@PublicAPI(stability=PRIVATE, mayInstantiate=false, mayExtend=false, mayInvoke=false) public final void deregisterPersistentSearch(PersistentSearch persistentSearch)
DirectoryServer.deregisterPersistentSearch
and not
through any other means.persistentSearch
- The persistent search to deregister for
this client.public abstract CancelResult cancelOperation(int messageID, CancelRequest cancelRequest)
messageID
- The message ID of the operation to cancel.cancelRequest
- An object providing additional information
about how the cancel should be processed.public abstract void cancelAllOperations(CancelRequest cancelRequest)
cancelRequest
- An object providing additional information
about how the cancel should be processed.public abstract void cancelAllOperationsExcept(CancelRequest cancelRequest, int messageID)
cancelRequest
- An object providing additional information
about how the cancel should be processed.messageID
- The message ID of the operation that
should not be canceled.public AuthenticationInfo getAuthenticationInfo()
public void setAuthenticationInfo(AuthenticationInfo authenticationInfo)
authenticationInfo
- Information about the authentication
that has been performed for this
connection. It should not be null
.public final void updateAuthenticationInfo(Entry oldEntry, Entry newEntry)
oldEntry
- The user entry currently serving as the
authentication and/or authorization identity.newEntry
- The updated entry that should replace the
existing entry. It may optionally have a
different DN than the old entry.public void setUnauthenticated()
public static boolean hasPrivilege(Entry authorizationEntry, Privilege privilege)
authorizationEntry
- The authentication entry to use.privilege
- The privilege to check for.true
if the authentication entry has the
specified privilege, or false
if not.public boolean hasPrivilege(Privilege privilege, Operation operation)
privilege
- The privilege for which to make the
determination.operation
- The operation being processed which needs to
make the privilege determination, or
null
if there is no associated
operation.true
if the authenticated client has the
specified privilege, or false
if not.public boolean hasAllPrivileges(Privilege[] privileges, Operation operation)
privileges
- The array of privileges for which to make the
determination.operation
- The operation being processed which needs to
make the privilege determination, or
null
if there is no associated
operation.true
if the authenticated client has all of the
specified privileges, or false
if not.protected final void updatePrivileges(Entry entry, boolean isRoot)
entry
- The entry for the authentication identity
associated with this client connection.isRoot
- Indicates whether the associated user is a root
user and should automatically inherit the root
privilege set.public final Object getSASLAuthStateInfo()
public final void setSASLAuthStateInfo(Object saslAuthState)
saslAuthState
- An opaque set of information that may be
used for processing multi-stage SASL
binds.public ByteChannel getChannel()
public SocketChannel getSocketChannel()
public final int getSizeLimit()
public void setSizeLimit(int sizeLimit)
sizeLimit
- The size limit that will be enforced for
searches performed using this client
connection.public final long getIdleTimeLimit()
public void setIdleTimeLimit(long idleTimeLimit)
idleTimeLimit
- The maximum length of time in milliseconds
that this client connection will be
allowed to remain idle before it should be
disconnected.public int getLookthroughLimit()
public void setLookthroughLimit(int lookthroughLimit)
lookthroughLimit
- The default maximum number of
entries that should be check for
matches during a search.public final int getTimeLimit()
public void setTimeLimit(int timeLimit)
timeLimit
- The time limit that will be enforced for
searches performed using this client
connection.public abstract String getMonitorSummary()
public boolean isMemberOf(Group<?> group, Operation operation) throws DirectoryException
null
, then the determination should be made
based on the authorization identity for this client connection.
Note that this is a point-in-time determination and the caller
must not cache the result.group
- The group for which to make the determination.operation
- The operation to use to obtain the
authorization identity for which to make the
determination, or null
if the
authorization identity should be obtained from
this client connection.true
if the target user is currently a member of
the specified group, or false
if not.DirectoryException
- If a problem occurs while attempting
to make the determination.public Set<Group<?>> getGroups(Operation operation) throws DirectoryException
null
, then it should be made based on the
authorization identity for this client connection. Note that
this is a point-in-time determination and the caller must not
cache the result.operation
- The operation to use to obtain the
authorization identity for which to retrieve
the associated groups, or null
if the
authorization identity should be obtained from
this client connection.DirectoryException
- If a problem occurs while attempting
to make the determination.public org.forgerock.opendj.ldap.Dn getKeyManagerProviderDN()
null
to indicate that no key
manager provider is available, but subclasses should override
this method to return a valid DN if they perform operations which
may need access to a key manager.null
if there is no key manager provider
configured for this client connection.public org.forgerock.opendj.ldap.Dn getTrustManagerProviderDN()
null
to indicate that no
trust manager provider is available, but subclasses should
override this method to return a valid DN if they perform
operations which may need access to a trust manager.null
if there is no trust manager provider
configured for this client connection.public String getCertificateAlias()
null
to indicate that any alias is
acceptable.null
if any alias is acceptable.public final String toString()
public abstract void toString(StringBuilder buffer)
buffer
- The buffer to which the information should be
appended.public long getIdleTime()
public abstract int getSSF()
public void finishBind()
public void finishStartTLS()
public void finishSaslBind()
public boolean isInnerConnection()
true
if this is an inner connection, false
otherwiseCopyright © 2010-2017 ForgeRock AS. All Rights Reserved.