Package org.opends.server.api
Class SASLMechanismHandler<T extends SaslMechanismHandlerCfg>
- java.lang.Object
-
- org.opends.server.api.SASLMechanismHandler<T>
-
- Type Parameters:
T- The type of configuration handled by this SASL mechanism handler.
- Direct Known Subclasses:
AnonymousSASLMechanismHandler,CRAMMD5SASLMechanismHandler,DigestMD5SASLMechanismHandler,ExternalSASLMechanismHandler,GSSAPISASLMechanismHandler,PlainSASLMechanismHandler,ScramSha256SASLMechanismHandler,ScramSha512SASLMechanismHandler
@PublicAPI(stability=VOLATILE, mayInstantiate=false, mayExtend=true, mayInvoke=false) public abstract class SASLMechanismHandler<T extends SaslMechanismHandlerCfg> extends Object
This class defines the set of methods and structures that must be implemented by a Directory Server module that implements the functionality required for one or more SASL mechanisms.
-
-
Constructor Summary
Constructors Constructor Description SASLMechanismHandler()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description voidfinalizeSASLMechanismHandler()Performs any finalization that may be necessary for this SASL mechanism handler.abstract StringgetMechanismName()Returns the SASL mechanism name.abstract voidinitializeSASLMechanismHandler(T configuration, ServerContext serverContext)Initializes this SASL mechanism handler based on the information in the provided configuration entry.booleanisConfigurationAcceptable(T configuration, List<LocalizableMessage> unacceptableReasons)Indicates whether the provided configuration is acceptable for this SASL mechanism handler.abstract booleanisPasswordBased()Indicates whether this SASL mechanism is password-based or uses some other form of credentials (e.g., an SSL client certificate or Kerberos ticket).abstract booleanisSecure()Indicates whether this SASL mechanism should be considered secure (i.e., it does not expose the authentication credentials in a manner that is useful to a third-party observer, and other aspects of the authentication are generally secure).abstract voidprocessSASLBind(BindOperation bindOperation)Processes the SASL bind operation.
-
-
-
Method Detail
-
getMechanismName
public abstract String getMechanismName()
Returns the SASL mechanism name.- Returns:
- the SASL mechanism name.
-
initializeSASLMechanismHandler
public abstract void initializeSASLMechanismHandler(T configuration, ServerContext serverContext) throws ConfigException, InitializationException
Initializes this SASL mechanism handler based on the information in the provided configuration entry. It should also register itself with the Directory Server for the particular kinds of SASL mechanisms that it will process.- Parameters:
configuration- The configuration to use to initialize this SASL mechanism handler.serverContext- The server context- Throws:
ConfigException- If an unrecoverable problem arises in the process of performing the initialization.InitializationException- If a problem occurs during initialization that is not related to the server configuration.
-
isConfigurationAcceptable
public boolean isConfigurationAcceptable(T configuration, List<LocalizableMessage> unacceptableReasons)
Indicates whether the provided configuration is acceptable for this SASL mechanism handler. It should be possible to call this method on an uninitialized SASL mechanism handler instance in order to determine whether the SASL mechanism handler would be able to use the provided configuration.- Parameters:
configuration- The SASL mechanism handler configuration for which to make the determination.unacceptableReasons- A list that may be used to hold the reasons that the provided configuration is not acceptable.- Returns:
trueif the provided configuration is acceptable for this SASL mechanism handler, orfalseif not.
-
finalizeSASLMechanismHandler
public void finalizeSASLMechanismHandler()
Performs any finalization that may be necessary for this SASL mechanism handler. By default, no finalization is performed.
-
processSASLBind
public abstract void processSASLBind(BindOperation bindOperation)
Processes the SASL bind operation. SASL mechanism implementations must ensure that the following actions are taken during the processing of this method:- The
BindOperation.setResultCodemethod must be used to set the appropriate result code. - If the SASL processing gets far enough to be able to map the request to a user entry (regardless of whether
the authentication is ultimately successful), then this method must call the
BindOperation.setSASLAuthUserEntrymethod to provide it with the entry for the user that attempted to authenticate. - If the bind processing was successful, then the
BindOperation.setAuthenticationInfomethod must be used to set the authentication info for the bind operation. - If the bind processing was not successful, then the
BindOperation.setAuthFailureReasonmethod should be used to provide a message explaining why the authentication failed.
- Parameters:
bindOperation- The SASL bind operation to be processed.
- The
-
isPasswordBased
public abstract boolean isPasswordBased()
Indicates whether this SASL mechanism is password-based or uses some other form of credentials (e.g., an SSL client certificate or Kerberos ticket).- Returns:
trueif this SASL mechanism is password-based, orfalseif it uses some other form of credentials.
-
isSecure
public abstract boolean isSecure()
Indicates whether this SASL mechanism should be considered secure (i.e., it does not expose the authentication credentials in a manner that is useful to a third-party observer, and other aspects of the authentication are generally secure).- Returns:
trueif this SASL mechanism should be considered secure, orfalseif not.
-
-