SASLMechanismHandler (UnboundID Server SDK)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.unboundid.directory.sdk.ds.api
Class SASLMechanismHandler

java.lang.Object
  com.unboundid.directory.sdk.ds.api.SASLMechanismHandler

All Implemented Interfaces:: Configurable, ExampleUsageProvider, Reconfigurable<SASLMechanismHandlerConfig>, UnboundIDExtension

@Extensible @DirectoryServerExtension @DirectoryProxyServerExtension(appliesToLocalContent=true, appliesToRemoteContent=true, notes="Any SASL bind requests received by the Directory Proxy Server will be processed by the Directory Proxy Server itself rather than being forwarded to backend servers. However, a SASL mechanism handler running in the Directory Proxy Server may perform internal operations which reference content in the backend servers as if it was contained locally in the server.") @SynchronizationServerExtension(appliesToLocalContent=true, appliesToSynchronizedContent=false) @ThreadSafety(level=INTERFACE_THREADSAFE) public abstract class SASLMechanismHandler
extends java.lang.Object
implements UnboundIDExtension, Reconfigurable<SASLMechanismHandlerConfig>, ExampleUsageProvider
extends java.lang.Object
implements UnboundIDExtension, Reconfigurable<SASLMechanismHandlerConfig>, ExampleUsageProvider

This class defines an API that must be implemented by extensions which add support for custom SASL mechanisms to the server, which can provide support for custom authentication (and optionally, authorization) methods.

Configuring SASL Mechanism Handlers

In order to configure a SASL mechanism handler created using this API, use a command like:

      dsconfig create-sasl-mechanism-handler \
           --handler-name "{handler-name}" \
           --type third-party \
           --set enabled:true \
           --set "extension-class:{class-name}" \
           --set "extension-argument:{name=value}"

where "{handler-name}" is the name to use for the SASL mechanism handler instance, "{class-name}" is the fully-qualified name of the Java class that extends com.unboundid.directory.sdk.ds.api.SASLMechanismHandler, and "{name=value}" represents name-value pairs for any arguments to provide to the handler. If multiple arguments should be provided to the SASL mechanism handler, then the "--set extension-argument:{name=value}" option should be provided multiple times.

Constructor Summary
`SASLMechanismHandler()` Creates a new instance of this SASL mechanism handler.

Method Summary
`com.unboundid.ldap.sdk.ResultCode`	`applyConfiguration(SASLMechanismHandlerConfig config, com.unboundid.util.args.ArgumentParser parser, java.util.List<java.lang.String> adminActionsRequired, java.util.List<java.lang.String> messages)` Attempts to apply the configuration from the provided argument parser to this extension.
`void`	`defineConfigArguments(com.unboundid.util.args.ArgumentParser parser)` Updates the provided argument parser to define any configuration arguments which may be used by this extension.
`void`	`finalizeSASLMechanismHandler()` Performs any cleanup which may be necessary when this SASL mechanism handler is to be taken out of service.
`java.util.Map<java.util.List<java.lang.String>,java.lang.String>`	`getExamplesArgumentSets()` Retrieves a map containing examples of configurations that may be used for this extension.
`abstract java.lang.String[]`	`getExtensionDescription()` Retrieves a human-readable description for this extension.
`abstract java.lang.String`	`getExtensionName()` Retrieves a human-readable name for this extension.
`abstract java.util.List<java.lang.String>`	`getSASLMechanismNames()` Retrieves a list of the names of the SASL mechanisms supported by this SASL mechanism handler.
`void`	`initializeSASLMechanismHandler(DirectoryServerContext serverContext, SASLMechanismHandlerConfig config, com.unboundid.util.args.ArgumentParser parser)` Initializes this SASL mechanism handler.
`boolean`	`isConfigurationAcceptable(SASLMechanismHandlerConfig config, com.unboundid.util.args.ArgumentParser parser, java.util.List<java.lang.String> unacceptableReasons)` Indicates whether the configuration represented by the provided argument parser is acceptable for use by this extension.
`abstract boolean`	`isPasswordBased(java.lang.String mechanism)` Indicates whether the SASL authentication process using the specified mechanism involves the use of a password stored locally in the server (optionally in combination with other forms of credentials).
`abstract boolean`	`isSecure(java.lang.String mechanism)` Indicates whether the SASL authentication process using the specified mechanism may be considered secure (i.e., that a third party able to observe the communication, potentially over an insecure communication channel, would not be able to reproduce the authentication process).
`abstract SASLBindResult`	`processSASLBind(OperationContext operationContext, SASLBindRequest bindRequest, SASLBindResultFactory resultFactory)` Performs the appropriate processing for the provided SASL bind request.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

SASLMechanismHandler

public SASLMechanismHandler()

Creates a new instance of this SASL mechanism handler. All SASL mechanism handler implementations must include a default constructor, but any initialization should generally be done in the initializeSASLMechanismHandler method.

Method Detail

getExtensionName

public abstract java.lang.String getExtensionName()

Retrieves a human-readable name for this extension.

Specified by:: getExtensionName in interface UnboundIDExtension

Returns:: A human-readable name for this extension.

getExtensionDescription

public abstract java.lang.String[] getExtensionDescription()

Retrieves a human-readable description for this extension. Each element of the array that is returned will be considered a separate paragraph in generated documentation.

Specified by:: getExtensionDescription in interface UnboundIDExtension

Returns:: A human-readable description for this extension, or null or an empty array if no description should be available.

defineConfigArguments

public void defineConfigArguments(com.unboundid.util.args.ArgumentParser parser)
                           throws com.unboundid.util.args.ArgumentException

Updates the provided argument parser to define any configuration arguments which may be used by this extension. The argument parser may also be updated to define relationships between arguments (e.g., to specify required, exclusive, or dependent argument sets).

Specified by:: defineConfigArguments in interface Configurable

Parameters:: parser - The argument parser to be updated with the configuration arguments which may be used by this extension.
Throws:: com.unboundid.util.args.ArgumentException - If a problem is encountered while updating the provided argument parser.

initializeSASLMechanismHandler

public void initializeSASLMechanismHandler(DirectoryServerContext serverContext,
                                           SASLMechanismHandlerConfig config,
                                           com.unboundid.util.args.ArgumentParser parser)
                                    throws com.unboundid.ldap.sdk.LDAPException

Initializes this SASL mechanism handler.

Parameters:: serverContext - A handle to the server context for the server in which this extension is running.; config - The general configuration for this SASL mechanism handler.; parser - The argument parser which has been initialized from the configuration for this SASL mechanism handler.
Throws:: com.unboundid.ldap.sdk.LDAPException - If a problem occurs while initializing this SASL mechanism handler.

isConfigurationAcceptable

public boolean isConfigurationAcceptable(SASLMechanismHandlerConfig config,
                                         com.unboundid.util.args.ArgumentParser parser,
                                         java.util.List<java.lang.String> unacceptableReasons)

Indicates whether the configuration represented by the provided argument parser is acceptable for use by this extension. The parser will have been used to parse any configuration available for this extension, and any automatic validation will have been performed. This method may be used to perform any more complex validation which cannot be performed automatically by the argument parser.

Specified by:: isConfigurationAcceptable in interface Reconfigurable<SASLMechanismHandlerConfig>

Parameters:: config - The general configuration for this extension.; parser - The argument parser that has been used to parse the proposed configuration for this extension.; unacceptableReasons - A list to which messages may be added to provide additional information about why the provided configuration is not acceptable.
Returns:: true if the configuration in the provided argument parser appears to be acceptable, or false if not.

applyConfiguration

public com.unboundid.ldap.sdk.ResultCode applyConfiguration(SASLMechanismHandlerConfig config,
                                                            com.unboundid.util.args.ArgumentParser parser,
                                                            java.util.List<java.lang.String> adminActionsRequired,
                                                            java.util.List<java.lang.String> messages)

Attempts to apply the configuration from the provided argument parser to this extension.

Specified by:: applyConfiguration in interface Reconfigurable<SASLMechanismHandlerConfig>

Parameters:: config - The general configuration for this extension.; parser - The argument parser that has been used to parse the new configuration for this extension.; adminActionsRequired - A list to which messages may be added to provide additional information about any additional administrative actions that may be required to apply some of the configuration changes.; messages - A list to which messages may be added to provide additional information about the processing performed by this method.
Returns:: A result code providing information about the result of applying the configuration change. A result of SUCCESS should be used to indicate that all processing completed successfully. Any other result will indicate that a problem occurred during processing.

finalizeSASLMechanismHandler

public void finalizeSASLMechanismHandler()

Performs any cleanup which may be necessary when this SASL mechanism handler is to be taken out of service.

getSASLMechanismNames

public abstract java.util.List<java.lang.String> getSASLMechanismNames()

Retrieves a list of the names of the SASL mechanisms supported by this SASL mechanism handler. This method will be invoked only immediately after the

initializeSASLMechanismHandler(com.unboundid.directory.sdk.ds.types.DirectoryServerContext, com.unboundid.directory.sdk.ds.config.SASLMechanismHandlerConfig, com.unboundid.util.args.ArgumentParser)

method is called.

Returns:: A list of the names of the SASL mechanisms supported by this SASL mechanism handler.

isSecure

public abstract boolean isSecure(java.lang.String mechanism)

Indicates whether the SASL authentication process using the specified mechanism may be considered secure (i.e., that a third party able to observe the communication, potentially over an insecure communication channel, would not be able to reproduce the authentication process).

Parameters:: mechanism - The name of the mechanism for which to make the determination. This will only be invoked with names of mechanisms returned by the getSASLMechanismNames() method.
Returns:: true if the specified SASL mechanism should be considered secure, or false if not.

isPasswordBased

public abstract boolean isPasswordBased(java.lang.String mechanism)

Indicates whether the SASL authentication process using the specified mechanism involves the use of a password stored locally in the server (optionally in combination with other forms of credentials).

Parameters:: mechanism - The name of the mechanism for which to make the determination. This will only be invoked with names of mechanisms returned by the getSASLMechanismNames() method.
Returns:: true if the specified SASL mechanism makes use of a local password, or false if not.

processSASLBind

public abstract SASLBindResult processSASLBind(OperationContext operationContext,
                                               SASLBindRequest bindRequest,
                                               SASLBindResultFactory resultFactory)

Performs the appropriate processing for the provided SASL bind request.

Parameters:: operationContext - The context for the bind operation.; bindRequest - The SASL bind request to be processed.; resultFactory - A factory object that will be used to construct the result to return.
Returns:: An object with information about the result of the SASL bind processing.

getExamplesArgumentSets

public java.util.Map<java.util.List<java.lang.String>,java.lang.String> getExamplesArgumentSets()

Retrieves a map containing examples of configurations that may be used for this extension. The map key should be a list of sample arguments, and the corresponding value should be a description of the behavior that will be exhibited by the extension when used with that configuration.

Specified by:: getExamplesArgumentSets in interface ExampleUsageProvider

Returns:: A map containing examples of configurations that may be used for this extension. It may be null or empty if there should not be any example argument sets.