Interface SASLBindResultFactory
-
@NotExtensible @ThreadSafety(level=COMPLETELY_THREADSAFE) public interface SASLBindResultFactory
This interface provides methods that may be used to construct SASL bind result objects.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description ContinuationSASLBindResult
createContinuationResult(java.lang.String diagnosticMessage, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials)
Creates a continuation SASL bind result (indicating that more processing is required to complete the authentication) with the provided information.FailureSASLBindResult
createFailureResult(java.lang.String authenticationFailureReason, java.lang.String diagnosticMessage, java.lang.String matchedDN, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials)
Creates a failure SASL bind result with the provided information.FailureSASLBindResult
createFailureResult(java.lang.String authenticationFailureReason, java.lang.String diagnosticMessage, java.lang.String matchedDN, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials, java.lang.String unsuccessfullyAuthenticatedUserDN)
Creates a failure SASL bind result with the provided information.SuccessSASLBindResult
createSuccessResult(java.lang.String authenticatedUserDN)
Creates a success SASL bind result in which the authentication and authorization user identities are the same, and no diagnostic message, controls, or server SASL credentials need to be returned.SuccessSASLBindResult
createSuccessResult(java.lang.String authenticatedUserDN, java.lang.String authorizedUserDN, java.lang.String diagnosticMessage, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials)
Creates a success SASL bind result with the provided information.SuccessSASLBindResult
createSuccessResult(java.lang.String authenticatedUserDN, java.lang.String authorizedUserDN, java.lang.String diagnosticMessage, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials, ASN1OctetString passwordUsed)
Creates a success SASL bind result with the provided information.boolean
isUserPasswordValid(java.lang.String userDN, ASN1OctetString password)
Indicates whether the provided password is valid for the specified user.Entry
mapUsernameToEntry(java.lang.String username)
Maps the provided username to a user entry using the identity mapper associated with the SASL mechanism handler.
-
-
-
Method Detail
-
createSuccessResult
SuccessSASLBindResult createSuccessResult(java.lang.String authenticatedUserDN)
Creates a success SASL bind result in which the authentication and authorization user identities are the same, and no diagnostic message, controls, or server SASL credentials need to be returned.- Parameters:
authenticatedUserDN
- The DN of the user that has been authenticated. It may benull
if the resulting authentication was anonymous.- Returns:
- The created success SASL bind result.
-
createSuccessResult
SuccessSASLBindResult createSuccessResult(java.lang.String authenticatedUserDN, java.lang.String authorizedUserDN, java.lang.String diagnosticMessage, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials)
Creates a success SASL bind result with the provided information.- Parameters:
authenticatedUserDN
- The DN of the user that has been authenticated. It may be empty ornull
if the resulting authentication was anonymous.authorizedUserDN
- The DN of the user that should be used as the authorization identity for subsequent operations requested on the connection. In most cases, it should be the same as the authenticated user DN, but it may be different if an alternate authorization identity was specified. It may be empty ornull
if the authorization identity should be that of the anonymous user.diagnosticMessage
- The diagnostic message that should be included in the response to the client. It may benull
if no diagnostic message is needed.controls
- The set of controls that should be included in the response to the client. It may benull
or empty if no response controls are needed.serverSASLCredentials
- The server SASL credentials that should be included in the response to the client. It may benull
if no server SASL credentials are needed.- Returns:
- The created success SASL bind result.
-
createSuccessResult
SuccessSASLBindResult createSuccessResult(java.lang.String authenticatedUserDN, java.lang.String authorizedUserDN, java.lang.String diagnosticMessage, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials, ASN1OctetString passwordUsed)
Creates a success SASL bind result with the provided information.- Parameters:
authenticatedUserDN
- The DN of the user that has been authenticated. It may be empty ornull
if the resulting authentication was anonymous.authorizedUserDN
- The DN of the user that should be used as the authorization identity for subsequent operations requested on the connection. In most cases, it should be the same as the authenticated user DN, but it may be different if an alternate authorization identity was specified. It may be empty ornull
if the authorization identity should be that of the anonymous user.diagnosticMessage
- The diagnostic message that should be included in the response to the client. It may benull
if no diagnostic message is needed.controls
- The set of controls that should be included in the response to the client. It may benull
or empty if no response controls are needed.serverSASLCredentials
- The server SASL credentials that should be included in the response to the client. It may benull
if no server SASL credentials are needed.passwordUsed
- The plaintext password that was used to authenticate. This may benull
if the associated SASL mechanism is not password-based or if the plaintext password is not available.- Returns:
- The created success SASL bind result.
-
createContinuationResult
ContinuationSASLBindResult createContinuationResult(java.lang.String diagnosticMessage, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials)
Creates a continuation SASL bind result (indicating that more processing is required to complete the authentication) with the provided information.- Parameters:
diagnosticMessage
- The diagnostic message that should be included in the response to the client. It may benull
if no diagnostic message is needed.controls
- The set of controls that should be included in the response to the client. It may benull
or empty if no response controls are needed.serverSASLCredentials
- The server SASL credentials that should be included in the response to the client. It may benull
if no server SASL credentials are needed.- Returns:
- The created continuation SASL bind result.
-
createFailureResult
FailureSASLBindResult createFailureResult(java.lang.String authenticationFailureReason, java.lang.String diagnosticMessage, java.lang.String matchedDN, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials)
Creates a failure SASL bind result with the provided information.- Parameters:
authenticationFailureReason
- A message that explains the reason for the authentication failure. This will be recorded in the server access log but not included in the response to return to the client.diagnosticMessage
- The diagnostic message that should be included in the response to the client. It may benull
if no diagnostic message is needed.matchedDN
- The matched DN that should be included in the response to the client. It may benull
if no matched DN is needed.controls
- The set of controls that should be included in the response to the client. It may benull
or empty if no response controls are needed.serverSASLCredentials
- The server SASL credentials that should be included in the response to the client. It may benull
if no server SASL credentials are needed.- Returns:
- The created failure SASL bind result.
-
createFailureResult
FailureSASLBindResult createFailureResult(java.lang.String authenticationFailureReason, java.lang.String diagnosticMessage, java.lang.String matchedDN, java.util.List<Control> controls, ASN1OctetString serverSASLCredentials, java.lang.String unsuccessfullyAuthenticatedUserDN)
Creates a failure SASL bind result with the provided information.- Parameters:
authenticationFailureReason
- A message that explains the reason for the authentication failure. This will be recorded in the server access log but not included in the response to return to the client.diagnosticMessage
- The diagnostic message that should be included in the response to the client. It may benull
if no diagnostic message is needed.matchedDN
- The matched DN that should be included in the response to the client. It may benull
if no matched DN is needed.controls
- The set of controls that should be included in the response to the client. It may benull
or empty if no response controls are needed.serverSASLCredentials
- The server SASL credentials that should be included in the response to the client. It may benull
if no server SASL credentials are needed.unsuccessfullyAuthenticatedUserDN
- The DN of the user that tried to authenticate but was unable to do so successfully, if applicable.- Returns:
- The created failure SASL bind result.
-
isUserPasswordValid
boolean isUserPasswordValid(java.lang.String userDN, ASN1OctetString password) throws LDAPException
Indicates whether the provided password is valid for the specified user. Note that absolutely no password policy processing will be performed. This method merely determines whether the provided password is contained in the specified user entry.- Parameters:
userDN
- The DN of the user entry for which to make the determination. It must not benull
or empty.password
- The bytes comprising the non-encoded clear-text password for which the determination is to be made. It must not benull
or empty.- Returns:
true
if the given password is contained in the specified user entry, orfalse
if not.- Throws:
LDAPException
- If a problem is encountered while attempting to make the determination.
-
mapUsernameToEntry
Entry mapUsernameToEntry(java.lang.String username) throws LDAPException
Maps the provided username to a user entry using the identity mapper associated with the SASL mechanism handler.- Parameters:
username
- The username to be mapped to a user entry.- Returns:
- The entry for the user identified by the associated identity mapper.
- Throws:
LDAPException
- If no identity mapper is associated with the SASL mechanism handler, or if the identity mapper cannot be used to map the username to exactly one entry.
-
-