public class LDAPAuthenticationHandler extends Object implements PrivilegedExceptionAction<Object>, CallbackHandler
AuthenticationHandler
object is to be used concurrently by
multiple threads, it must be externally synchronized.Constructor and Description |
---|
LDAPAuthenticationHandler(LDAPReader reader,
LDAPWriter writer,
String hostName,
AtomicInteger nextMessageID)
Creates a new instance of this authentication handler.
|
Modifier and Type | Method and Description |
---|---|
String |
doSASLBind(org.forgerock.opendj.ldap.ByteSequence bindDN,
org.forgerock.opendj.ldap.ByteSequence bindPassword,
String mechanism,
Map<String,List<String>> saslProperties,
List<Control> requestControls,
List<Control> responseControls)
Processes a SASL bind using the provided information.
|
String |
doSASLExternal(org.forgerock.opendj.ldap.ByteSequence bindDN,
Map<String,List<String>> saslProperties,
List<Control> requestControls,
List<Control> responseControls)
Processes a SASL EXTERNAL bind with the provided information.
|
String |
doSASLPlain(org.forgerock.opendj.ldap.ByteSequence bindDN,
org.forgerock.opendj.ldap.ByteSequence bindPassword,
Map<String,List<String>> saslProperties,
List<Control> requestControls,
List<Control> responseControls)
Processes a SASL PLAIN bind with the provided information.
|
String |
doSimpleBind(int ldapVersion,
org.forgerock.opendj.ldap.ByteSequence bindDN,
org.forgerock.opendj.ldap.ByteSequence bindPassword,
List<Control> requestControls,
List<Control> responseControls)
Processes a bind using simple authentication with the provided information.
|
static Map<String,LocalizableMessage> |
getSASLProperties(String mechanism)
Retrieves a list of the SASL properties that may be provided for the
specified SASL mechanism, mapped from the property names to their
corresponding descriptions.
|
static String[] |
getSupportedSASLMechanisms()
Retrieves a list of the SASL mechanisms that are supported by this client
library.
|
void |
handle(Callback[] callbacks)
Handles the authentication callbacks to provide information needed by the
JAAS login process.
|
org.forgerock.opendj.ldap.ByteString |
requestAuthorizationIdentity()
Uses the "Who Am I?" extended operation to request that the server provide
the client with the authorization identity for this connection.
|
Object |
run()
Performs a privileged operation under JAAS so that the local authentication
information can be available for the SASL bind to the Directory Server.
|
public LDAPAuthenticationHandler(LDAPReader reader, LDAPWriter writer, String hostName, AtomicInteger nextMessageID)
reader
- The LDAP reader that will be used to read data from
the server.writer
- The LDAP writer that will be used to send data to
the server.hostName
- The host name used to connect to the remote system
(fully-qualified if possible).nextMessageID
- The atomic integer that will be used to obtain
message IDs for request messages.public static String[] getSupportedSASLMechanisms()
public static Map<String,LocalizableMessage> getSASLProperties(String mechanism)
mechanism
- The name of the SASL mechanism for which to obtain the
list of supported properties.public String doSimpleBind(int ldapVersion, org.forgerock.opendj.ldap.ByteSequence bindDN, org.forgerock.opendj.ldap.ByteSequence bindPassword, List<Control> requestControls, List<Control> responseControls) throws com.forgerock.opendj.cli.ClientException, LDAPException
ldapVersion
- The LDAP protocol version to use for the bind
request.bindDN
- The DN to use to bind to the Directory Server, or
null
if it is to be an anonymous
bind.bindPassword
- The password to use to bind to the Directory
Server, or null
if it is to be an
anonymous bind.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.null
if there is no special
information available.com.forgerock.opendj.cli.ClientException
- If a client-side problem prevents the bind
attempt from succeeding.LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public String doSASLBind(org.forgerock.opendj.ldap.ByteSequence bindDN, org.forgerock.opendj.ldap.ByteSequence bindPassword, String mechanism, Map<String,List<String>> saslProperties, List<Control> requestControls, List<Control> responseControls) throws com.forgerock.opendj.cli.ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.bindPassword
- The password to use to bind to the Directory
Server, or null
if this is not a
password-based SASL mechanism.mechanism
- The name of the SASL mechanism to use to
authenticate to the Directory Server.saslProperties
- A set of additional properties that may be needed
to process the SASL bind.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.null
if there is no special
information available.com.forgerock.opendj.cli.ClientException
- If a client-side problem prevents the bind
attempt from succeeding.LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public String doSASLExternal(org.forgerock.opendj.ldap.ByteSequence bindDN, Map<String,List<String>> saslProperties, List<Control> requestControls, List<Control> responseControls) throws com.forgerock.opendj.cli.ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.saslProperties
- A set of additional properties that may be needed
to process the SASL bind. SASL EXTERNAL does not
take any properties, so this should be empty or
null
.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.null
if there is no special
information available.com.forgerock.opendj.cli.ClientException
- If a client-side problem prevents the bind
attempt from succeeding.LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public String doSASLPlain(org.forgerock.opendj.ldap.ByteSequence bindDN, org.forgerock.opendj.ldap.ByteSequence bindPassword, Map<String,List<String>> saslProperties, List<Control> requestControls, List<Control> responseControls) throws com.forgerock.opendj.cli.ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.bindPassword
- The password to use to bind to the Directory
Server.saslProperties
- A set of additional properties that may be needed
to process the SASL bind.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.null
if there is no special
information available.com.forgerock.opendj.cli.ClientException
- If a client-side problem prevents the bind
attempt from succeeding.LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public Object run() throws com.forgerock.opendj.cli.ClientException, LDAPException
run
in interface PrivilegedExceptionAction<Object>
PrivilegedExceptionAction
interface.com.forgerock.opendj.cli.ClientException
- If a client-side problem occurs during the bind
processing.LDAPException
- If a server-side problem occurs during the bind
processing.public void handle(Callback[] callbacks) throws UnsupportedCallbackException
handle
in interface CallbackHandler
callbacks
- The callbacks needed to provide information for the JAAS
login process.UnsupportedCallbackException
- If an unexpected callback is
included in the provided set.public org.forgerock.opendj.ldap.ByteString requestAuthorizationIdentity() throws com.forgerock.opendj.cli.ClientException, LDAPException
null
if the client is not authenticated or is
authenticated anonymously.com.forgerock.opendj.cli.ClientException
- If a client-side problem occurs during the
request processing.LDAPException
- If a server-side problem occurs during the request
processing.Copyright © 2010-2017 ForgeRock AS. All Rights Reserved.