org.forgerock.opendj.ldap.controls

Class ProxiedAuthV2RequestControl

java.lang.Object

org.forgerock.opendj.ldap.controls.ProxiedAuthV2RequestControl

All Implemented Interfaces:

Control

public final class ProxiedAuthV2RequestControl
extends Object
implements Control

The proxy authorization v2 request control as defined in RFC 4370. This control allows a user to request that an operation be performed using the authorization of another user.

The target user is specified using an authorization ID, or authzId, as defined in RFC 4513 section 5.2.1.8.

This example shows an application replacing a description on a user entry on behalf of a directory administrator.

 Connection connection = ...;
 String bindDN = "cn=My App,ou=Apps,dc=example,dc=com";          // Client app
 char[] password = ...;
 String targetDn = "uid=bjensen,ou=People,dc=example,dc=com";    // Regular user
 String authzId = "dn:uid=kvaughan,ou=People,dc=example,dc=com"; // Admin user

 ModifyRequest request =
         Requests.newModifyRequest(targetDn)
         .addControl(ProxiedAuthV2RequestControl.newControl(authzId))
         .addModification(ModificationType.REPLACE, "description",
                 "Done with proxied authz");

 connection.bind(bindDN, password);
 connection.modify(request);
 Entry entry = connection.readEntry(targetDn, "description");
 

See Also:

RFC 4370 - Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control , RFC 4513 - SASL Authorization Identities (authzId)

Field Summary

Fields

Modifier and Type	Field and Description
static ControlDecoder<ProxiedAuthV2RequestControl>	DECODER A decoder which can be used for decoding the proxied authorization v2 request control.
static String	OID The OID for the proxied authorization v2 control.

Method Summary

Modifier and Type	Method and Description
String	getAuthorizationId() Returns the authorization ID of the user whose authorization is to be used when performing the operation.
String	getOid() Returns the numeric OID associated with this control.
ByteString	getValue() Returns the value, if any, associated with this control.
boolean	hasValue() Returns true if this control has a value.
boolean	isCritical() Returns true if it is unacceptable to perform the operation without applying the semantics of this control.
static ProxiedAuthV2RequestControl	newControl(String authorizationId) Creates a new proxy authorization v2 request control with the provided authorization ID.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

OID

public static final String OID

The OID for the proxied authorization v2 control.

See Also:

Constant Field Values

DECODER

public static final ControlDecoder<ProxiedAuthV2RequestControl> DECODER

A decoder which can be used for decoding the proxied authorization v2 request control.

Method Detail

newControl

public static ProxiedAuthV2RequestControl newControl(String authorizationId)
                                              throws LocalizedIllegalArgumentException

Creates a new proxy authorization v2 request control with the provided authorization ID. The authorization ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.

Parameters:

authorizationId - The authorization ID of the user whose authorization is to be used when performing the operation.

Returns:

The new control.

Throws:

LocalizedIllegalArgumentException - If authorizationId was non-empty and did not contain a valid authorization ID type.

NullPointerException - If authorizationName was null.

getAuthorizationId

public String getAuthorizationId()

Returns the authorization ID of the user whose authorization is to be used when performing the operation. The authorization ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.

Returns:

The authorization ID of the user whose authorization is to be used when performing the operation.

getOid

public String getOid()

Description copied from interface: Control

Returns the numeric OID associated with this control.

Specified by:

getOid in interface Control

Returns:

The numeric OID associated with this control.

getValue

public ByteString getValue()

Description copied from interface: Control

Returns the value, if any, associated with this control. Its format is defined by the specification of this control.

Specified by:

getValue in interface Control

Returns:

The value associated with this control, or null if there is no value.

hasValue

public boolean hasValue()

Description copied from interface: Control

Returns true if this control has a value. In some circumstances it may be useful to determine if a control has a value, without actually calculating the value and incurring any performance costs.

Specified by:

hasValue in interface Control

Returns:

true if this control has a value, or false if there is no value.

isCritical

public boolean isCritical()

Description copied from interface: Control

Returns true if it is unacceptable to perform the operation without applying the semantics of this control.

The criticality field only has meaning in controls attached to request messages (except UnbindRequest). For controls attached to response messages and the UnbindRequest, the criticality field SHOULD be false, and MUST be ignored by the receiving protocol peer. A value of true indicates that it is unacceptable to perform the operation without applying the semantics of the control.

Specified by:

isCritical in interface Control

Returns:

true if this control must be processed by the Directory Server, or false if it can be ignored.

toString

public String toString()

Overrides:

toString in class Object