1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 * 19 */ 20 package org.apache.directory.server.core.authn; 21 22 23 import javax.naming.Context; 24 25 import org.apache.directory.server.core.DirectoryService; 26 import org.apache.directory.server.core.interceptor.context.BindOperationContext; 27 import org.apache.directory.server.core.partition.PartitionNexus; 28 import org.apache.directory.shared.ldap.name.LdapDN; 29 30 31 /** 32 * Authenticates users who access {@link PartitionNexus}. 33 * <p> 34 * {@link Authenticator}s are registered to and configured by 35 * {@link AuthenticationInterceptor} interceptor. 36 * <p> 37 * {@link AuthenticationInterceptor} authenticates users by calling 38 * {@link #authenticate(LdapDN,ServerContext)}, and then {@link Authenticator} 39 * checks JNDI {@link Context} environment properties 40 * ({@link Context#SECURITY_PRINCIPAL} and {@link Context#SECURITY_CREDENTIALS}) 41 * of current {@link Context}. 42 * 43 * @see AbstractAuthenticator 44 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 45 * @version $Rev: 679219 $ 46 */ 47 public interface Authenticator 48 { 49 /** 50 * Returns the type of this authenticator (e.g. <tt>'simple'</tt>, 51 * <tt>'none'</tt>,...). 52 */ 53 String getAuthenticatorType(); 54 55 56 /** 57 * Called by {@link AuthenticationInterceptor} to indicate that this 58 * authenticator is being placed into service. 59 */ 60 public void init( DirectoryService directoryService ) throws Exception; 61 62 63 /** 64 * Called by {@link AuthenticationInterceptor} to indicate that this 65 * authenticator is being removed from service. 66 */ 67 void destroy(); 68 69 70 /** 71 * Callback used to respond to password changes by invalidating a password 72 * cache if implemented. This is an additional feature of an authenticator 73 * which need not be implemented: empty implementation is sufficient. This 74 * is called on every del, modify, and modifyRdn operation. 75 * 76 * @param bindDn the already normalized distinguished name of the bind principal 77 */ 78 void invalidateCache( LdapDN bindDn ); 79 80 81 /** 82 * Performs authentication and returns the principal if succeeded. 83 */ 84 public LdapPrincipal authenticate( BindOperationContext opContext ) throws Exception; 85 }