@NotExtensible @ThreadSafety(level=COMPLETELY_THREADSAFE) public interface SASLBindResultFactory
Modifier and Type | Method and Description |
---|---|
ContinuationSASLBindResult |
createContinuationResult(java.lang.String diagnosticMessage,
java.util.List<Control> controls,
ASN1OctetString serverSASLCredentials)
Creates a continuation SASL bind result (indicating that more processing
is required to complete the authentication) with the provided information.
|
FailureSASLBindResult |
createFailureResult(java.lang.String authenticationFailureReason,
java.lang.String diagnosticMessage,
java.lang.String matchedDN,
java.util.List<Control> controls,
ASN1OctetString serverSASLCredentials)
Creates a failure SASL bind result with the provided information.
|
FailureSASLBindResult |
createFailureResult(java.lang.String authenticationFailureReason,
java.lang.String diagnosticMessage,
java.lang.String matchedDN,
java.util.List<Control> controls,
ASN1OctetString serverSASLCredentials,
java.lang.String unsuccessfullyAuthenticatedUserDN)
Creates a failure SASL bind result with the provided information.
|
SuccessSASLBindResult |
createSuccessResult(java.lang.String authenticatedUserDN)
Creates a success SASL bind result in which the authentication and
authorization user identities are the same, and no diagnostic message,
controls, or server SASL credentials need to be returned.
|
SuccessSASLBindResult |
createSuccessResult(java.lang.String authenticatedUserDN,
java.lang.String authorizedUserDN,
java.lang.String diagnosticMessage,
java.util.List<Control> controls,
ASN1OctetString serverSASLCredentials)
Creates a success SASL bind result with the provided information.
|
SuccessSASLBindResult |
createSuccessResult(java.lang.String authenticatedUserDN,
java.lang.String authorizedUserDN,
java.lang.String diagnosticMessage,
java.util.List<Control> controls,
ASN1OctetString serverSASLCredentials,
ASN1OctetString passwordUsed)
Creates a success SASL bind result with the provided information.
|
boolean |
isUserPasswordValid(java.lang.String userDN,
ASN1OctetString password)
Indicates whether the provided password is valid for the specified user.
|
Entry |
mapUsernameToEntry(java.lang.String username)
Maps the provided username to a user entry using the identity mapper
associated with the SASL mechanism handler.
|
SuccessSASLBindResult createSuccessResult(java.lang.String authenticatedUserDN)
authenticatedUserDN
- The DN of the user that has been
authenticated. It may be null
if the
resulting authentication was anonymous.SuccessSASLBindResult createSuccessResult(java.lang.String authenticatedUserDN, java.lang.String authorizedUserDN, java.lang.String diagnosticMessage, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials)
authenticatedUserDN
- The DN of the user that has been
authenticated. It may be empty or
null
if the resulting authentication
was anonymous.authorizedUserDN
- The DN of the user that should be used as
the authorization identity for subsequent
operations requested on the connection. In
most cases, it should be the same as the
authenticated user DN, but it may be
different if an alternate authorization
identity was specified. It may be empty or
null
if the authorization identity
should be that of the anonymous user.diagnosticMessage
- The diagnostic message that should be
included in the response to the client. It
may be null
if no diagnostic message
is needed.controls
- The set of controls that should be included
in the response to the client. It may be
null
or empty if no response
controls are needed.serverSASLCredentials
- The server SASL credentials that should be
included in the response to the client. It
may be null
if no server SASL
credentials are needed.SuccessSASLBindResult createSuccessResult(java.lang.String authenticatedUserDN, java.lang.String authorizedUserDN, java.lang.String diagnosticMessage, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials, ASN1OctetString passwordUsed)
authenticatedUserDN
- The DN of the user that has been
authenticated. It may be empty or
null
if the resulting authentication
was anonymous.authorizedUserDN
- The DN of the user that should be used as
the authorization identity for subsequent
operations requested on the connection. In
most cases, it should be the same as the
authenticated user DN, but it may be
different if an alternate authorization
identity was specified. It may be empty or
null
if the authorization identity
should be that of the anonymous user.diagnosticMessage
- The diagnostic message that should be
included in the response to the client. It
may be null
if no diagnostic message
is needed.controls
- The set of controls that should be included
in the response to the client. It may be
null
or empty if no response
controls are needed.serverSASLCredentials
- The server SASL credentials that should be
included in the response to the client. It
may be null
if no server SASL
credentials are needed.passwordUsed
- The plaintext password that was used to
authenticate. This may be null
if
the associated SASL mechanism is not
password-based or if the plaintext password
is not available.ContinuationSASLBindResult createContinuationResult(java.lang.String diagnosticMessage, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials)
diagnosticMessage
- The diagnostic message that should be
included in the response to the client. It
may be null
if no diagnostic message
is needed.controls
- The set of controls that should be included
in the response to the client. It may be
null
or empty if no response
controls are needed.serverSASLCredentials
- The server SASL credentials that should be
included in the response to the client. It
may be null
if no server SASL
credentials are needed.FailureSASLBindResult createFailureResult(java.lang.String authenticationFailureReason, java.lang.String diagnosticMessage, java.lang.String matchedDN, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials)
authenticationFailureReason
- A message that explains the reason for
the authentication failure. This will
be recorded in the server access log
but not included in the response to
return to the client.diagnosticMessage
- The diagnostic message that should be
included in the response to the
client. It may be null
if no
diagnostic message is needed.matchedDN
- The matched DN that should be included
in the response to the client. It may
be null
if no matched DN is
needed.controls
- The set of controls that should be
included in the response to the
client. It may be null
or
empty if no response controls are
needed.serverSASLCredentials
- The server SASL credentials that
should be included in the response to
the client. It may be null
if
no server SASL credentials are needed.FailureSASLBindResult createFailureResult(java.lang.String authenticationFailureReason, java.lang.String diagnosticMessage, java.lang.String matchedDN, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials, java.lang.String unsuccessfullyAuthenticatedUserDN)
authenticationFailureReason
- A message that explains the
reason for the authentication
failure. This will be recorded
in the server access log but not
included in the response to
return to the client.diagnosticMessage
- The diagnostic message that
should be included in the
response to the client. It may
be null
if no diagnostic
message is needed.matchedDN
- The matched DN that should be
included in the response to the
client. It may be null
if no matched DN is needed.controls
- The set of controls that should
be included in the response to
the client. It may be
null
or empty if no
response controls are needed.serverSASLCredentials
- The server SASL credentials that
should be included in the
response to the client. It may
be null
if no server
SASL credentials are needed.unsuccessfullyAuthenticatedUserDN
- The DN of the user that tried
to authenticate but was unable
to do so successfully, if
applicable.boolean isUserPasswordValid(java.lang.String userDN, ASN1OctetString password) throws LDAPException
userDN
- The DN of the user entry for which to make the
determination. It must not be null
or empty.password
- The bytes comprising the non-encoded clear-text password
for which the determination is to be made. It must not
be null
or empty.true
if the given password is contained in the specified
user entry, or false
if not.LDAPException
- If a problem is encountered while attempting to
make the determination.Entry mapUsernameToEntry(java.lang.String username) throws LDAPException
username
- The username to be mapped to a user entry.LDAPException
- If no identity mapper is associated with the SASL
mechanism handler, or if the identity mapper cannot
be used to map the username to exactly one entry.