Package org.forgerock.opendj.ldap.controls

Class ProxiedAuthV2RequestControl

java.lang.Object
org.forgerock.opendj.ldap.controls.ProxiedAuthV2RequestControl
All Implemented Interfaces:
Control
public final class ProxiedAuthV2RequestControl extends Object implements Control
The proxy authorization v2 request control as defined in RFC 4370. This control allows a user to request that an operation be performed using the authorization of another user.

The target user is specified using an authorization ID, or authzId, as defined in RFC 4513 section 5.2.1.8.

This example shows an application replacing a description on a user entry on behalf of a directory administrator. 

 Connection connection = ...;
 String bindDN = "cn=My App,ou=Apps,dc=example,dc=com";          // Client app
 char[] password = ...;
 String targetDn = "uid=bjensen,ou=People,dc=example,dc=com";    // Regular user
 String authzId = "dn:uid=kvaughan,ou=People,dc=example,dc=com"; // Admin user

 ModifyRequest request =
         Requests.newModifyRequest(targetDn)
         .addControl(ProxiedAuthV2RequestControl.newControl(authzId))
         .addModification(ModificationType.REPLACE, "description",
                 "Done with proxied authz");

 connection.bind(bindDN, password);
 connection.modify(request);
 Entry entry = connection.readEntry(targetDn, "description");
See Also:

  • Field Details

  • Method Details

    • newControl

      public static ProxiedAuthV2RequestControl newControl(String authorizationId) throws LocalizedIllegalArgumentException
      Creates a new proxy authorization v2 request control with the provided authorization ID. The authorization ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Parameters:
      authorizationId - The authorization ID of the user whose authorization is to be used when performing the operation.
      Returns:
      The new control.
      Throws:
      LocalizedIllegalArgumentException - If authorizationId was non-empty and did not contain a valid authorization ID type.
      NullPointerException - If authorizationName was null.

    • getAuthorizationId

      public String getAuthorizationId()
      Returns the authorization ID of the user whose authorization is to be used when performing the operation. The authorization ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Returns:
      The authorization ID of the user whose authorization is to be used when performing the operation.

    • getOid

      public String getOid()
      Description copied from interface: Control
      Returns the numeric OID associated with this control.
      Specified by:
      getOid in interface Control
      Returns:
      The numeric OID associated with this control.

    • getValue

      public ByteString getValue()
      Description copied from interface: Control
      Returns the value, if any, associated with this control. Its format is defined by the specification of this control.
      Specified by:
      getValue in interface Control
      Returns:
      The value associated with this control, or null if there is no value.

    • hasValue

      public boolean hasValue()
      Description copied from interface: Control
      Returns true if this control has a value. In some circumstances it may be useful to determine if a control has a value, without actually calculating the value and incurring any performance costs.
      Specified by:
      hasValue in interface Control
      Returns:
      true if this control has a value, or false if there is no value.

    • isCritical

      public boolean isCritical()
      Description copied from interface: Control
      Returns true if it is unacceptable to perform the operation without applying the semantics of this control.

      The criticality field only has meaning in controls attached to request messages (except UnbindRequest). For controls attached to response messages and the UnbindRequest, the criticality field SHOULD be false, and MUST be ignored by the receiving protocol peer. A value of true indicates that it is unacceptable to perform the operation without applying the semantics of the control.

      Specified by:
      isCritical in interface Control
      Returns:
      true if this control must be processed by the Directory Server, or false if it can be ignored.

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getAlias

      public String getAlias()
      Description copied from interface: Control
      Returns the control "friendly name" alias for the control.
      Specified by:
      getAlias in interface Control
      Returns:
      "Friendly name" alias for the control.