Package org.forgerock.opendj.rest2ldap.authz

Class AuthenticationStrategies

java.lang.Object

org.forgerock.opendj.rest2ldap.authz.AuthenticationStrategies

public final class AuthenticationStrategies
extends Object

Factory methods of AuthenticationStrategy allowing to perform authentication against LDAP server through different method.

Method Summary

Modifier and Type	Method	Description
static AuthenticationStrategy	newSaslPlainStrategy(LdapClient ldapClient, Schema schema, String authcIdTemplate)	Creates an AuthenticationStrategy performing authentication against an LDAP server using a plain SASL bind request.
static AuthenticationStrategy	newSaslScramStrategy(LdapClient ldapClient, ScramMechanism scramMechanism, Schema schema, String authcIdTemplate)	Creates an AuthenticationStrategy performing authentication against an LDAP server using a SCRAM SASL bind request.
static AuthenticationStrategy	newSearchThenBindStrategy(LdapClient searchLdapClient, LdapClient bindLdapClient, Dn baseDN, SearchScope searchScope, String filterTemplate)	Creates an AuthenticationStrategy performing authentication against an LDAP server by first performing a lookup of the entry to bind with.
static AuthenticationStrategy	newSimpleBindStrategy(LdapClient ldapClient, String bindDNTemplate, Schema schema)	Creates an AuthenticationStrategy performing simple BIND authentication against an LDAP server.
static AuthenticationStrategy	newSimpleBindStrategy(LdapClient ldapClient, Function<String,Dn> dnMapper)	Creates an AuthenticationStrategy performing simple BIND authentication against an LDAP server.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

newSimpleBindStrategy

public static AuthenticationStrategy newSimpleBindStrategy(LdapClient ldapClient,
                                                           String bindDNTemplate,
                                                           Schema schema)

Creates an AuthenticationStrategy performing simple BIND authentication against an LDAP server.

Parameters:

ldapClient - LdapClient to the LDAP server used to perform the bind operation.

bindDNTemplate - Template of the DN to use for the bind operation. The first %s will be replaced by the provided authentication-id (i.e: uid=%s,dc=example,dc=com)

schema - Schema used to validate the DN format.*

Returns:

a new simple bind AuthenticationStrategy

Throws:

NullPointerException - If a parameter is null

newSimpleBindStrategy

public static AuthenticationStrategy newSimpleBindStrategy(LdapClient ldapClient,
                                                           Function<String,Dn> dnMapper)

Creates an AuthenticationStrategy performing simple BIND authentication against an LDAP server.

Parameters:

ldapClient - LdapClient to the LDAP server used to perform the bind operation.

dnMapper - mapper that converts a String into a DN.

Returns:

a new simple bind AuthenticationStrategy

Throws:

NullPointerException - If a parameter is null

newSearchThenBindStrategy

public static AuthenticationStrategy newSearchThenBindStrategy(LdapClient searchLdapClient,
                                                               LdapClient bindLdapClient,
                                                               Dn baseDN,
                                                               SearchScope searchScope,
                                                               String filterTemplate)

Creates an AuthenticationStrategy performing authentication against an LDAP server by first performing a lookup of the entry to bind with. This is to find the user DN to bind with from its metadata (i.e: email address).

Parameters:

searchLdapClient - LdapClient to the LDAP server used to perform the lookup of the entry.

bindLdapClient - LdapClient to the LDAP server used to perform the bind one the user's DN has been found. Can be the same than the searchConnectionFactory.

baseDN - Base DN of the search request performed to find the user's DN.

searchScope - SearchScope of the search request performed to find the user's DN.

filterTemplate - Filter of the search request (i.e: (&(email=%s)(objectClass=inetOrgPerson)) where the first %s will be replaced by the user's provided authentication-id.

Returns:

a new search then bind AuthenticationStrategy

Throws:

NullPointerException - If a parameter is null

newSaslPlainStrategy

public static AuthenticationStrategy newSaslPlainStrategy(LdapClient ldapClient,
                                                          Schema schema,
                                                          String authcIdTemplate)

Creates an AuthenticationStrategy performing authentication against an LDAP server using a plain SASL bind request.

Parameters:

ldapClient - LdapClient to the LDAP server to authenticate with.

authcIdTemplate - Authentication identity template containing a single %s which will be replaced by the authenticating user's name. (i.e: (u:%s)

schema - Schema used to perform DN validation.

Returns:

a new SASL plain bind AuthenticationStrategy

Throws:

NullPointerException - If a parameter is null

newSaslScramStrategy

public static AuthenticationStrategy newSaslScramStrategy(LdapClient ldapClient,
                                                          ScramMechanism scramMechanism,
                                                          Schema schema,
                                                          String authcIdTemplate)

Creates an AuthenticationStrategy performing authentication against an LDAP server using a SCRAM SASL bind request.

Parameters:

ldapClient - LdapClient to the LDAP server to authenticate with.

scramMechanism - The SCRAM mechanism which should be used.

schema - Schema used to perform DN validation.

authcIdTemplate - Authentication identity template containing a single %s which will be replaced by the authenticating user's name. (i.e: (u:%s)

Returns:

a new SASL SCRAM bind AuthenticationStrategy

Throws:

NullPointerException - If a parameter is null