com.unboundid.directory.sdk.ds.api

Class SASLMechanismHandler

java.lang.Object

com.unboundid.directory.sdk.ds.api.SASLMechanismHandler

All Implemented Interfaces:

Configurable, ExampleUsageProvider, Reconfigurable<SASLMechanismHandlerConfig>, UnboundIDExtension

@Extensible
 @DirectoryServerExtension
 @DirectoryProxyServerExtension(appliesToLocalContent=true,
                               appliesToRemoteContent=true,
                               notes="Any SASL bind requests received by the Directory Proxy Server will be processed by the Directory Proxy Server itself rather than being forwarded to backend servers.  However, a SASL mechanism handler running in the Directory Proxy Server may perform internal operations which reference content in the backend servers as if it was contained locally in the server.")
 @SynchronizationServerExtension(appliesToLocalContent=true,
                                appliesToSynchronizedContent=false)
 @ThreadSafety(level=INTERFACE_THREADSAFE)
public abstract class SASLMechanismHandler
extends java.lang.Object
implements UnboundIDExtension, Reconfigurable<SASLMechanismHandlerConfig>, ExampleUsageProvider

This class defines an API that must be implemented by extensions which add support for custom SASL mechanisms to the server, which can provide support for custom authentication (and optionally, authorization) methods.

Configuring SASL Mechanism Handlers

In order to configure a SASL mechanism handler created using this API, use a command like:

      dsconfig create-sasl-mechanism-handler \
           --handler-name "{handler-name}" \
           --type third-party \
           --set enabled:true \
           --set "extension-class:{class-name}" \
           --set "extension-argument:{name=value}"
 

where "{handler-name}" is the name to use for the SASL mechanism handler instance, "{class-name}" is the fully-qualified name of the Java class that extends com.unboundid.directory.sdk.ds.api.SASLMechanismHandler, and "{name=value}" represents name-value pairs for any arguments to provide to the handler. If multiple arguments should be provided to the SASL mechanism handler, then the "--set extension-argument:{name=value}" option should be provided multiple times.

Constructor Summary

Constructors

Constructor and Description
SASLMechanismHandler() Creates a new instance of this SASL mechanism handler.

Method Summary

Modifier and Type	Method and Description
com.unboundid.ldap.sdk.ResultCode	applyConfiguration(SASLMechanismHandlerConfig config, com.unboundid.util.args.ArgumentParser parser, java.util.List<java.lang.String> adminActionsRequired, java.util.List<java.lang.String> messages) Attempts to apply the configuration from the provided argument parser to this extension.
void	defineConfigArguments(com.unboundid.util.args.ArgumentParser parser) Updates the provided argument parser to define any configuration arguments which may be used by this extension.
void	finalizeSASLMechanismHandler() Performs any cleanup which may be necessary when this SASL mechanism handler is to be taken out of service.
java.util.Map<java.util.List<java.lang.String>,java.lang.String>	getExamplesArgumentSets() Retrieves a map containing examples of configurations that may be used for this extension.
abstract java.lang.String[]	getExtensionDescription() Retrieves a human-readable description for this extension.
abstract java.lang.String	getExtensionName() Retrieves a human-readable name for this extension.
abstract java.util.List<java.lang.String>	getSASLMechanismNames() Retrieves a list of the names of the SASL mechanisms supported by this SASL mechanism handler.
void	initializeSASLMechanismHandler(DirectoryServerContext serverContext, SASLMechanismHandlerConfig config, com.unboundid.util.args.ArgumentParser parser) Initializes this SASL mechanism handler.
boolean	isConfigurationAcceptable(SASLMechanismHandlerConfig config, com.unboundid.util.args.ArgumentParser parser, java.util.List<java.lang.String> unacceptableReasons) Indicates whether the configuration represented by the provided argument parser is acceptable for use by this extension.
java.lang.Boolean	isMechanismAvailableForUser(java.lang.String mechanism, java.lang.String passwordAttribute, Entry userEntry) Indicates whether the specified SASL mechanism, which is listed as supported by this handler, is available for use by the given user.
java.lang.Boolean	isMultiStageMechanism(java.lang.String mechanism) Indicates whether the specified SASL mechanism may require multiple stages to process.
abstract boolean	isPasswordBased(java.lang.String mechanism) Indicates whether the SASL authentication process using the specified mechanism involves the use of a password stored locally in the server (optionally in combination with other forms of credentials).
abstract boolean	isSecure(java.lang.String mechanism) Indicates whether the SASL authentication process using the specified mechanism may be considered secure (i.e., that a third party able to observe the communication, potentially over an insecure communication channel, would not be able to reproduce the authentication process).
abstract SASLBindResult	processSASLBind(OperationContext operationContext, SASLBindRequest bindRequest, SASLBindResultFactory resultFactory) Performs the appropriate processing for the provided SASL bind request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SASLMechanismHandler

public SASLMechanismHandler()

Creates a new instance of this SASL mechanism handler. All SASL mechanism handler implementations must include a default constructor, but any initialization should generally be done in the initializeSASLMechanismHandler method.

Method Detail

getExtensionName

public abstract java.lang.String getExtensionName()

Retrieves a human-readable name for this extension.

Specified by:

getExtensionName in interface UnboundIDExtension

Returns:

A human-readable name for this extension.

getExtensionDescription

public abstract java.lang.String[] getExtensionDescription()

Retrieves a human-readable description for this extension. Each element of the array that is returned will be considered a separate paragraph in generated documentation.

Specified by:

getExtensionDescription in interface UnboundIDExtension

Returns:

A human-readable description for this extension, or null or an empty array if no description should be available.

defineConfigArguments

public void defineConfigArguments(com.unboundid.util.args.ArgumentParser parser)
                           throws com.unboundid.util.args.ArgumentException

Updates the provided argument parser to define any configuration arguments which may be used by this extension. The argument parser may also be updated to define relationships between arguments (e.g., to specify required, exclusive, or dependent argument sets).

Specified by:

defineConfigArguments in interface Configurable

Parameters:

parser - The argument parser to be updated with the configuration arguments which may be used by this extension.

Throws:

com.unboundid.util.args.ArgumentException - If a problem is encountered while updating the provided argument parser.

initializeSASLMechanismHandler

public void initializeSASLMechanismHandler(DirectoryServerContext serverContext,
                                           SASLMechanismHandlerConfig config,
                                           com.unboundid.util.args.ArgumentParser parser)
                                    throws com.unboundid.ldap.sdk.LDAPException

Initializes this SASL mechanism handler.

Parameters:

serverContext - A handle to the server context for the server in which this extension is running.

config - The general configuration for this SASL mechanism handler.

parser - The argument parser which has been initialized from the configuration for this SASL mechanism handler.

Throws:

com.unboundid.ldap.sdk.LDAPException - If a problem occurs while initializing this SASL mechanism handler.

isConfigurationAcceptable

public boolean isConfigurationAcceptable(SASLMechanismHandlerConfig config,
                                         com.unboundid.util.args.ArgumentParser parser,
                                         java.util.List<java.lang.String> unacceptableReasons)

Indicates whether the configuration represented by the provided argument parser is acceptable for use by this extension. The parser will have been used to parse any configuration available for this extension, and any automatic validation will have been performed. This method may be used to perform any more complex validation which cannot be performed automatically by the argument parser.

Specified by:

isConfigurationAcceptable in interface Reconfigurable<SASLMechanismHandlerConfig>

Parameters:

config - The general configuration for this extension.

parser - The argument parser that has been used to parse the proposed configuration for this extension.

unacceptableReasons - A list to which messages may be added to provide additional information about why the provided configuration is not acceptable.

Returns:

true if the configuration in the provided argument parser appears to be acceptable, or false if not.

applyConfiguration

public com.unboundid.ldap.sdk.ResultCode applyConfiguration(SASLMechanismHandlerConfig config,
                                                            com.unboundid.util.args.ArgumentParser parser,
                                                            java.util.List<java.lang.String> adminActionsRequired,
                                                            java.util.List<java.lang.String> messages)

Attempts to apply the configuration from the provided argument parser to this extension.

Specified by:

applyConfiguration in interface Reconfigurable<SASLMechanismHandlerConfig>

Parameters:

config - The general configuration for this extension.

parser - The argument parser that has been used to parse the new configuration for this extension.

adminActionsRequired - A list to which messages may be added to provide additional information about any additional administrative actions that may be required to apply some of the configuration changes.

messages - A list to which messages may be added to provide additional information about the processing performed by this method.

Returns:

A result code providing information about the result of applying the configuration change. A result of SUCCESS should be used to indicate that all processing completed successfully. Any other result will indicate that a problem occurred during processing.

finalizeSASLMechanismHandler

public void finalizeSASLMechanismHandler()

Performs any cleanup which may be necessary when this SASL mechanism handler is to be taken out of service.

getSASLMechanismNames

public abstract java.util.List<java.lang.String> getSASLMechanismNames()

Retrieves a list of the names of the SASL mechanisms supported by this SASL mechanism handler. This method will be invoked only immediately after the initializeSASLMechanismHandler(com.unboundid.directory.sdk.ds.types.DirectoryServerContext, com.unboundid.directory.sdk.ds.config.SASLMechanismHandlerConfig, com.unboundid.util.args.ArgumentParser) method is called.

Returns:

A list of the names of the SASL mechanisms supported by this SASL mechanism handler.

isSecure

public abstract boolean isSecure(java.lang.String mechanism)

Indicates whether the SASL authentication process using the specified mechanism may be considered secure (i.e., that a third party able to observe the communication, potentially over an insecure communication channel, would not be able to reproduce the authentication process).

Parameters:

mechanism - The name of the mechanism for which to make the determination. This will only be invoked with names of mechanisms returned by the getSASLMechanismNames() method.

Returns:

true if the specified SASL mechanism should be considered secure, or false if not.

isPasswordBased

public abstract boolean isPasswordBased(java.lang.String mechanism)

Indicates whether the SASL authentication process using the specified mechanism involves the use of a password stored locally in the server (optionally in combination with other forms of credentials).

Parameters:

mechanism - The name of the mechanism for which to make the determination. This will only be invoked with names of mechanisms returned by the getSASLMechanismNames() method.

Returns:

true if the specified SASL mechanism makes use of a local password, or false if not.

processSASLBind

public abstract SASLBindResult processSASLBind(OperationContext operationContext,
                                               SASLBindRequest bindRequest,
                                               SASLBindResultFactory resultFactory)

Performs the appropriate processing for the provided SASL bind request.

Parameters:

operationContext - The context for the bind operation.

bindRequest - The SASL bind request to be processed.

resultFactory - A factory object that will be used to construct the result to return.

Returns:

An object with information about the result of the SASL bind processing.

getExamplesArgumentSets

public java.util.Map<java.util.List<java.lang.String>,java.lang.String> getExamplesArgumentSets()

Retrieves a map containing examples of configurations that may be used for this extension. The map key should be a list of sample arguments, and the corresponding value should be a description of the behavior that will be exhibited by the extension when used with that configuration.

Specified by:

getExamplesArgumentSets in interface ExampleUsageProvider

Returns:

A map containing examples of configurations that may be used for this extension. It may be null or empty if there should not be any example argument sets.

isMechanismAvailableForUser

public java.lang.Boolean isMechanismAvailableForUser(java.lang.String mechanism,
                                                     java.lang.String passwordAttribute,
                                                     Entry userEntry)

Indicates whether the specified SASL mechanism, which is listed as supported by this handler, is available for use by the given user.

Parameters:

mechanism - The name of the SASL mechanism for which to make the determination. It will be one of the mechanisms for which this handler is registered.

passwordAttribute - The name of the attribute used to hold the password for the user.

userEntry - The entry for the user for whom to make the determination.

Returns:

true if the SASL mechanism is supported for the user, false if not, or null if it could not be determined.

isMultiStageMechanism

public java.lang.Boolean isMultiStageMechanism(java.lang.String mechanism)

Indicates whether the specified SASL mechanism may require multiple stages to process.

Parameters:

mechanism - The mechanism for which to make the determination.

Returns:

true if the specified SASL mechanism may require multiple stages to process, false if not, or null if the answer is not known for the specified mechanism.