001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2006-2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.extensions;
028    
029    
030    
031    import org.opends.messages.MessageBuilder;
032    import org.opends.server.admin.std.server.AnonymousSASLMechanismHandlerCfg;
033    import org.opends.server.api.SASLMechanismHandler;
034    import org.opends.server.config.ConfigException;
035    import org.opends.server.core.BindOperation;
036    import org.opends.server.core.DirectoryServer;
037    import org.opends.server.types.AuthenticationInfo;
038    import org.opends.server.types.ByteString;
039    import org.opends.server.types.InitializationException;
040    import org.opends.server.types.ResultCode;
041    
042    import static org.opends.messages.ExtensionMessages.*;
043    import static org.opends.server.loggers.ErrorLogger.*;
044    import static org.opends.server.util.ServerConstants.*;
045    
046    
047    
048    /**
049     * This class provides an implementation of a SASL mechanism, as defined in RFC
050     * 4505, that does not perform any authentication.  That is, anyone attempting
051     * to bind with this SASL mechanism will be successful and will be given the
052     * rights of an unauthenticated user.  The request may or may not include a set
053     * of SASL credentials which will serve as trace information.  If provided,
054     * then that trace information will be written to the server error log.
055     */
056    public class AnonymousSASLMechanismHandler
057           extends SASLMechanismHandler<AnonymousSASLMechanismHandlerCfg>
058    {
059      /**
060       * Creates a new instance of this SASL mechanism handler.  No initialization
061       * should be done in this method, as it should all be performed in the
062       * <CODE>initializeSASLMechanismHandler</CODE> method.
063       */
064      public AnonymousSASLMechanismHandler()
065      {
066        super();
067      }
068    
069    
070    
071      /**
072       * {@inheritDoc}
073       */
074      @Override()
075      public void initializeSASLMechanismHandler(AnonymousSASLMechanismHandlerCfg
076                                                      configuration)
077             throws ConfigException, InitializationException
078      {
079        // No real implementation is required.  Simply register with the Directory
080        // Server for the ANONYMOUS mechanism.
081        DirectoryServer.registerSASLMechanismHandler(SASL_MECHANISM_ANONYMOUS,
082                                                     this);
083      }
084    
085    
086    
087      /**
088       * {@inheritDoc}
089       */
090      @Override()
091      public void finalizeSASLMechanismHandler()
092      {
093        DirectoryServer.deregisterSASLMechanismHandler(SASL_MECHANISM_ANONYMOUS);
094      }
095    
096    
097    
098    
099      /**
100       * {@inheritDoc}
101       */
102      @Override()
103      public void processSASLBind(BindOperation bindOperation)
104      {
105        // See if the client provided SASL credentials including trace information.
106        // If so, then write it to the access log as additional log information, and
107        // as an informational message to the error log.
108        ByteString saslCredentials = bindOperation.getSASLCredentials();
109        if (saslCredentials != null)
110        {
111          String credString = saslCredentials.stringValue();
112          if (credString.length() > 0)
113          {
114            MessageBuilder mb = new MessageBuilder();
115            mb.append("trace='");
116            mb.append(credString);
117            mb.append("'");
118            bindOperation.appendAdditionalLogMessage(mb.toMessage());
119    
120            logError(INFO_SASLANONYMOUS_TRACE.
121                get(bindOperation.getConnectionID(), bindOperation.getOperationID(),
122                    credString));
123    
124          }
125        }
126    
127    
128        // Authenticate the client anonymously and indicate that the bind was
129        // successful.
130        AuthenticationInfo authInfo = new AuthenticationInfo();
131        bindOperation.setAuthenticationInfo(authInfo);
132        bindOperation.setResultCode(ResultCode.SUCCESS);
133      }
134    
135    
136    
137      /**
138       * {@inheritDoc}
139       */
140      @Override()
141      public boolean isPasswordBased(String mechanism)
142      {
143        // This is not a password-based mechanism.
144        return false;
145      }
146    
147    
148    
149      /**
150       * {@inheritDoc}
151       */
152      @Override()
153      public boolean isSecure(String mechanism)
154      {
155        // This is not a secure mechanism.
156        return false;
157      }
158    }
159