|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opends.server.tools.LDAPAuthenticationHandler
public class LDAPAuthenticationHandler
This class provides a generic interface that LDAP clients can use to perform various kinds of authentication to the Directory Server. This handles both simple authentication as well as several SASL mechanisms including:
AuthenticationHandler
object is to be used concurrently by
multiple threads, it must be externally synchronized.
Constructor Summary | |
---|---|
LDAPAuthenticationHandler(LDAPReader reader,
LDAPWriter writer,
java.lang.String hostName,
java.util.concurrent.atomic.AtomicInteger nextMessageID)
Creates a new instance of this authentication handler. |
Method Summary | |
---|---|
java.lang.String |
doSASLAnonymous(ASN1OctetString bindDN,
java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties,
java.util.ArrayList<LDAPControl> requestControls,
java.util.ArrayList<LDAPControl> responseControls)
Processes a SASL ANONYMOUS bind with the provided information. |
java.lang.String |
doSASLBind(ASN1OctetString bindDN,
ASN1OctetString bindPassword,
java.lang.String mechanism,
java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties,
java.util.ArrayList<LDAPControl> requestControls,
java.util.ArrayList<LDAPControl> responseControls)
Processes a SASL bind using the provided information. |
java.lang.String |
doSASLCRAMMD5(ASN1OctetString bindDN,
ASN1OctetString bindPassword,
java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties,
java.util.ArrayList<LDAPControl> requestControls,
java.util.ArrayList<LDAPControl> responseControls)
Processes a SASL CRAM-MD5 bind with the provided information. |
java.lang.String |
doSASLDigestMD5(ASN1OctetString bindDN,
ASN1OctetString bindPassword,
java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties,
java.util.ArrayList<LDAPControl> requestControls,
java.util.ArrayList<LDAPControl> responseControls)
Processes a SASL DIGEST-MD5 bind with the provided information. |
java.lang.String |
doSASLExternal(ASN1OctetString bindDN,
java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties,
java.util.ArrayList<LDAPControl> requestControls,
java.util.ArrayList<LDAPControl> responseControls)
Processes a SASL EXTERNAL bind with the provided information. |
java.lang.String |
doSASLGSSAPI(ASN1OctetString bindDN,
ASN1OctetString bindPassword,
java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties,
java.util.ArrayList<LDAPControl> requestControls,
java.util.ArrayList<LDAPControl> responseControls)
Processes a SASL GSSAPI bind with the provided information. |
java.lang.String |
doSASLPlain(ASN1OctetString bindDN,
ASN1OctetString bindPassword,
java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties,
java.util.ArrayList<LDAPControl> requestControls,
java.util.ArrayList<LDAPControl> responseControls)
Processes a SASL PLAIN bind with the provided information. |
java.lang.String |
doSimpleBind(int ldapVersion,
ASN1OctetString bindDN,
ASN1OctetString bindPassword,
java.util.ArrayList<LDAPControl> requestControls,
java.util.ArrayList<LDAPControl> responseControls)
Processes a bind using simple authentication with the provided information. |
byte[] |
generateDigestMD5RspAuth(java.lang.String authID,
java.lang.String authzID,
byte[] password,
java.lang.String realm,
java.lang.String nonce,
java.lang.String cnonce,
java.lang.String nonceCount,
java.lang.String digestURI,
java.lang.String qop,
java.lang.String charset)
Generates the appropriate DIGEST-MD5 rspauth digest using the provided information. |
static java.util.LinkedHashMap<java.lang.String,Message> |
getSASLAnonymousProperties()
Retrieves the set of properties that a client may provide when performing a SASL ANONYMOUS bind, mapped from the property names to their corresponding descriptions. |
static java.util.LinkedHashMap<java.lang.String,Message> |
getSASLCRAMMD5Properties()
Retrieves the set of properties that a client may provide when performing a SASL CRAM-MD5 bind, mapped from the property names to their corresponding descriptions. |
static java.util.LinkedHashMap<java.lang.String,Message> |
getSASLDigestMD5Properties()
Retrieves the set of properties that a client may provide when performing a SASL DIGEST-MD5 bind, mapped from the property names to their corresponding descriptions. |
static java.util.LinkedHashMap<java.lang.String,Message> |
getSASLExternalProperties()
Retrieves the set of properties that a client may provide when performing a SASL EXTERNAL bind, mapped from the property names to their corresponding descriptions. |
static java.util.LinkedHashMap<java.lang.String,Message> |
getSASLGSSAPIProperties()
Retrieves the set of properties that a client may provide when performing a SASL EXTERNAL bind, mapped from the property names to their corresponding descriptions. |
static java.util.LinkedHashMap<java.lang.String,Message> |
getSASLPlainProperties()
Retrieves the set of properties that a client may provide when performing a SASL PLAIN bind, mapped from the property names to their corresponding descriptions. |
static java.util.LinkedHashMap<java.lang.String,Message> |
getSASLProperties(java.lang.String mechanism)
Retrieves a list of the SASL properties that may be provided for the specified SASL mechanism, mapped from the property names to their corresponding descriptions. |
static java.lang.String[] |
getSupportedSASLMechanisms()
Retrieves a list of the SASL mechanisms that are supported by this client library. |
void |
handle(javax.security.auth.callback.Callback[] callbacks)
Handles the authentication callbacks to provide information needed by the JAAS login process. |
ASN1OctetString |
requestAuthorizationIdentity()
Uses the "Who Am I?" extended operation to request that the server provide the client with the authorization identity for this connection. |
java.lang.Object |
run()
Performs a privileged operation under JAAS so that the local authentication information can be available for the SASL bind to the Directory Server. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public LDAPAuthenticationHandler(LDAPReader reader, LDAPWriter writer, java.lang.String hostName, java.util.concurrent.atomic.AtomicInteger nextMessageID)
reader
- The LDAP reader that will be used to read data from
the server.writer
- The LDAP writer that will be used to send data to
the server.hostName
- The host name used to connect to the remote system
(fully-qualified if possible).nextMessageID
- The atomic integer that will be used to obtain
message IDs for request messages.Method Detail |
---|
public static java.lang.String[] getSupportedSASLMechanisms()
public static java.util.LinkedHashMap<java.lang.String,Message> getSASLProperties(java.lang.String mechanism)
mechanism
- The name of the SASL mechanism for which to obtain the
list of supported properties.
public java.lang.String doSimpleBind(int ldapVersion, ASN1OctetString bindDN, ASN1OctetString bindPassword, java.util.ArrayList<LDAPControl> requestControls, java.util.ArrayList<LDAPControl> responseControls) throws ClientException, LDAPException
ldapVersion
- The LDAP protocol version to use for the bind
request.bindDN
- The DN to use to bind to the Directory Server, or
null
if it is to be an anonymous
bind.bindPassword
- The password to use to bind to the Directory
Server, or null
if it is to be an
anonymous bind.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.
null
if there is no special
information available.
ClientException
- If a client-side problem prevents the bind
attempt from succeeding.
LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public java.lang.String doSASLBind(ASN1OctetString bindDN, ASN1OctetString bindPassword, java.lang.String mechanism, java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties, java.util.ArrayList<LDAPControl> requestControls, java.util.ArrayList<LDAPControl> responseControls) throws ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.bindPassword
- The password to use to bind to the Directory
Server, or null
if this is not a
password-based SASL mechanism.mechanism
- The name of the SASL mechanism to use to
authenticate to the Directory Server.saslProperties
- A set of additional properties that may be needed
to process the SASL bind.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.
null
if there is no special
information available.
ClientException
- If a client-side problem prevents the bind
attempt from succeeding.
LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public java.lang.String doSASLAnonymous(ASN1OctetString bindDN, java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties, java.util.ArrayList<LDAPControl> requestControls, java.util.ArrayList<LDAPControl> responseControls) throws ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.saslProperties
- A set of additional properties that may be needed
to process the SASL bind.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.
null
if there is no special
information available.
ClientException
- If a client-side problem prevents the bind
attempt from succeeding.
LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public static java.util.LinkedHashMap<java.lang.String,Message> getSASLAnonymousProperties()
public java.lang.String doSASLCRAMMD5(ASN1OctetString bindDN, ASN1OctetString bindPassword, java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties, java.util.ArrayList<LDAPControl> requestControls, java.util.ArrayList<LDAPControl> responseControls) throws ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.bindPassword
- The password to use to bind to the Directory
Server.saslProperties
- A set of additional properties that may be needed
to process the SASL bind.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.
null
if there is no special
information available.
ClientException
- If a client-side problem prevents the bind
attempt from succeeding.
LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public static java.util.LinkedHashMap<java.lang.String,Message> getSASLCRAMMD5Properties()
public java.lang.String doSASLDigestMD5(ASN1OctetString bindDN, ASN1OctetString bindPassword, java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties, java.util.ArrayList<LDAPControl> requestControls, java.util.ArrayList<LDAPControl> responseControls) throws ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.bindPassword
- The password to use to bind to the Directory
Server.saslProperties
- A set of additional properties that may be needed
to process the SASL bind.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.
null
if there is no special
information available.
ClientException
- If a client-side problem prevents the bind
attempt from succeeding.
LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public byte[] generateDigestMD5RspAuth(java.lang.String authID, java.lang.String authzID, byte[] password, java.lang.String realm, java.lang.String nonce, java.lang.String cnonce, java.lang.String nonceCount, java.lang.String digestURI, java.lang.String qop, java.lang.String charset) throws java.io.UnsupportedEncodingException
authID
- The username from the authentication request.authzID
- The authorization ID from the request, or
null
if there is none.password
- The clear-text password for the user.realm
- The realm for which the authentication is to be
performed.nonce
- The random data generated by the server for use in the
digest.cnonce
- The random data generated by the client for use in the
digest.nonceCount
- The 8-digit hex string indicating the number of times
the provided nonce has been used by the client.digestURI
- The digest URI that specifies the service and host for
which the authentication is being performed.qop
- The quality of protection string for the
authentication.charset
- The character set used to encode the information.
java.io.UnsupportedEncodingException
- If the specified character set is
invalid for some reason.public static java.util.LinkedHashMap<java.lang.String,Message> getSASLDigestMD5Properties()
public java.lang.String doSASLExternal(ASN1OctetString bindDN, java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties, java.util.ArrayList<LDAPControl> requestControls, java.util.ArrayList<LDAPControl> responseControls) throws ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.saslProperties
- A set of additional properties that may be needed
to process the SASL bind. SASL EXTERNAL does not
take any properties, so this should be empty or
null
.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.
null
if there is no special
information available.
ClientException
- If a client-side problem prevents the bind
attempt from succeeding.
LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public static java.util.LinkedHashMap<java.lang.String,Message> getSASLExternalProperties()
public java.lang.String doSASLGSSAPI(ASN1OctetString bindDN, ASN1OctetString bindPassword, java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties, java.util.ArrayList<LDAPControl> requestControls, java.util.ArrayList<LDAPControl> responseControls) throws ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.bindPassword
- The password to use to bind to the Directory
Server.saslProperties
- A set of additional properties that may be needed
to process the SASL bind. SASL EXTERNAL does not
take any properties, so this should be empty or
null
.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.
null
if there is no special
information available.
ClientException
- If a client-side problem prevents the bind
attempt from succeeding.
LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public static java.util.LinkedHashMap<java.lang.String,Message> getSASLGSSAPIProperties()
public java.lang.String doSASLPlain(ASN1OctetString bindDN, ASN1OctetString bindPassword, java.util.Map<java.lang.String,java.util.List<java.lang.String>> saslProperties, java.util.ArrayList<LDAPControl> requestControls, java.util.ArrayList<LDAPControl> responseControls) throws ClientException, LDAPException
bindDN
- The DN to use to bind to the Directory Server, or
null
if the authentication identity
is to be set through some other means.bindPassword
- The password to use to bind to the Directory
Server.saslProperties
- A set of additional properties that may be needed
to process the SASL bind.requestControls
- The set of controls to include the request to the
server.responseControls
- A list to hold the set of controls included in
the response from the server.
null
if there is no special
information available.
ClientException
- If a client-side problem prevents the bind
attempt from succeeding.
LDAPException
- If the bind fails or some other server-side problem
occurs during processing.public static java.util.LinkedHashMap<java.lang.String,Message> getSASLPlainProperties()
public java.lang.Object run() throws ClientException, LDAPException
run
in interface java.security.PrivilegedExceptionAction<java.lang.Object>
PrivilegedExceptionAction
interface.
ClientException
- If a client-side problem occurs during the bind
processing.
LDAPException
- If a server-side problem occurs during the bind
processing.public void handle(javax.security.auth.callback.Callback[] callbacks) throws javax.security.auth.callback.UnsupportedCallbackException
handle
in interface javax.security.auth.callback.CallbackHandler
callbacks
- The callbacks needed to provide information for the JAAS
login process.
javax.security.auth.callback.UnsupportedCallbackException
- If an unexpected callback is
included in the provided set.public ASN1OctetString requestAuthorizationIdentity() throws ClientException, LDAPException
null
if the client is not authenticated or is
authenticated anonymously.
ClientException
- If a client-side problem occurs during the
request processing.
LDAPException
- If a server-side problem occurs during the request
processing.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |