Package org.opends.server.core
Class BindOperation
java.lang.Object
org.opends.server.types.Operation
org.opends.server.core.BindOperation
- All Implemented Interfaces:
PluginOperation,PostCommitOperation,PostOperationBindOperation,PostOperationOperation,PostResponseBindOperation,PostResponseOperation,PreOperationBindOperation,PreOperationOperation,PreParseBindOperation,PreParseOperation
public final class BindOperation
extends Operation
implements PreOperationBindOperation, PreParseBindOperation, PostOperationBindOperation, PostResponseBindOperation
This class defines an operation that may be used to authenticate a user to the Directory Server. Note that for
security restrictions, response messages that may be returned to the client must be carefully cleaned to ensure that
they do not provide a malicious client with information that may be useful in an attack. This does impact the
debuggability of the server, but that can be addressed by calling the
setAuthFailureReason(LocalizableMessage) method, which can provide a reason for a failure in a form that
will not be returned to the client but may be written to a log file.-
Field Summary
Fields inherited from class org.opends.server.types.Operation
backend, context, out, pluginConfigManager, request, serverContext -
Constructor Summary
ConstructorsConstructorDescriptionBindOperation(RequestContext context, LocalBackend<?> backend, BindRequest request, Consumer<ResponseStream> out) Creates a new bind operation. -
Method Summary
Modifier and TypeMethodDescriptionvoidaddResponseControl(Control control) Adds the provided control to the set of controls to include in the response to the client.Retrieves the authentication type for this bind operation.Retrieves a human-readable message providing the reason that the authentication failed, if available.Retrieves the bind DN for this bind operation.Returns the request associated to this operation.Retrieves the set of controls to include in the response to the client.Retrieves the user entry associated with the SASL authentication attempt.Retrieves the SASL credentials for this bind operation.Retrieves the SASL mechanism for this bind operation.Returns theSaslServerto use by the underlying connection, ornullif SASL integrity and/or privacy protection must not be enabled.Retrieves the set of server SASL credentials to include in the bind response.Retrieves the simple authentication password for this bind operation.Retrieves the user entry DN for this bind operation.protected voidInvokes any applicable post-response plugins.protected booleanInvokes any applicable pre-parse plugins.protected ResultGenerates a result for this operation.voidremoveResponseControl(Control control) Removes the provided control from the set of controls to include in the response to the client.voidrunFakePasswordMatches(Dn bindDn, ByteString password) When using cost based hashes, ensure similar response times when login with non-existing vs.protected booleanrunImpl()Performs the work of actually processing this operation.voidsetAuthenticationInfo(AuthenticationInfo authInfo) Specifies the authentication info that resulted from processing this bind operation.voidSpecifies the reason that the authentication failed.voidSpecifies the bind DN for this bind operation.voidsetSASLAuthUserEntry(Entry saslAuthUserEntry) Specifies the user entry associated with the SASL authentication attempt.voidsetSASLCredentials(String saslMechanism, ByteString saslCredentials) Specifies the SASL credentials for this bind operation.voidsetSaslServer(SaslServer saslServer) Sets the SASL server.voidsetServerSASLCredentials(ByteString serverSASLCredentials) Specifies the set of server SASL credentials to include in the bind response.voidsetSimplePassword(ByteString simplePassword) Specifies the simple authentication password for this bind operation.voidtoString(StringBuilder buffer) Appends a string representation of this operation to the provided buffer.Methods inherited from class org.opends.server.types.Operation
addAdditionalLogItem, addPasswordPolicyWarningToLog, addPostReadResponse, addPreReadResponse, addRequestControl, appendErrorMessage, appendMaskedErrorMessage, checkAttributeConformsToSyntax, checkIfBackendIsWritable, checkIfCanceled, createLdapException, equals, evaluateProxyAuthControls, getAdditionalLogItems, getAttachment, getAttachments, getAuthorizationDN, getAuthorizationEntry, getClientConnection, getConnectionID, getErrorMessage, getLargestEntrySize, getMatchedDN, getMessageID, getOperationID, getProxiedAuthorizationDN, getReferralURLs, getRequestContext, getRequestControl, getRequestControls, getResultCode, hashCode, hasPrivilege, hasRequestControl, isInternalOperation, isProxyAuthzControl, isSynchronizationOperation, mustCheckSchema, processOperationResult, removeAllDisallowedControls, run, sendResponses, sendResult, setAttachment, setErrorMessage, setMatchedDN, setReferralURLs, setResult, setResult, setResultCode, setResultCodeAndMessageNoInfoDisclosure, toString, trySetLargestEntrySizeMethods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, waitMethods inherited from interface org.opends.server.types.operation.PluginOperation
checkIfCanceled, getAttachment, getAttachments, getClientConnection, getConnectionID, getMessageID, getOperationID, getRequestControl, getRequestControl, getRequestControls, hasPrivilege, isInternalOperation, isSynchronizationOperation, setAttachment, toStringMethods inherited from interface org.opends.server.types.operation.PostOperationOperation
addAdditionalLogItem, appendErrorMessage, getAdditionalLogItems, getAuthorizationDN, getErrorMessage, getMatchedDN, getReferralURLs, getResultCode, setErrorMessage, setMatchedDN, setReferralURLs, setResult, setResultCodeMethods inherited from interface org.opends.server.types.operation.PreOperationOperation
addAdditionalLogItem, appendErrorMessage, getAdditionalLogItems, getAuthorizationDN, getErrorMessage, sendResponses, setErrorMessageMethods inherited from interface org.opends.server.types.operation.PreParseOperation
addAdditionalLogItem, addRequestControl, appendErrorMessage, getAdditionalLogItems, getErrorMessage, sendResponses, setErrorMessage
-
Constructor Details
-
BindOperation
public BindOperation(RequestContext context, LocalBackend<?> backend, BindRequest request, Consumer<ResponseStream> out) Creates a new bind operation.- Parameters:
context- The context.backend- The local backend in which this request is to be processed.request- The request.out- A consumer responsible for sending responses to the client.
-
-
Method Details
-
getAuthenticationType
Description copied from interface:PreOperationBindOperationRetrieves the authentication type for this bind operation.- Specified by:
getAuthenticationTypein interfacePostOperationBindOperation- Specified by:
getAuthenticationTypein interfacePostResponseBindOperation- Specified by:
getAuthenticationTypein interfacePreOperationBindOperation- Specified by:
getAuthenticationTypein interfacePreParseBindOperation- Returns:
- The authentication type for this bind operation.
-
setBindDN
Description copied from interface:PreParseBindOperationSpecifies the bind DN for this bind operation.- Specified by:
setBindDNin interfacePreParseBindOperation- Parameters:
bindDN- The bind DN for this bind
-
getBindDN
Description copied from interface:PreOperationBindOperationRetrieves the bind DN for this bind operation.- Specified by:
getBindDNin interfacePostOperationBindOperation- Specified by:
getBindDNin interfacePostResponseBindOperation- Specified by:
getBindDNin interfacePreOperationBindOperation- Specified by:
getBindDNin interfacePreParseBindOperation- Returns:
- The bind DN for this bind operation.
-
getSimplePassword
Description copied from interface:PreOperationBindOperationRetrieves the simple authentication password for this bind operation.- Specified by:
getSimplePasswordin interfacePostOperationBindOperation- Specified by:
getSimplePasswordin interfacePostResponseBindOperation- Specified by:
getSimplePasswordin interfacePreOperationBindOperation- Specified by:
getSimplePasswordin interfacePreParseBindOperation- Returns:
- The simple authentication password for this bind operation.
-
setSimplePassword
Description copied from interface:PreParseBindOperationSpecifies the simple authentication password for this bind operation.- Specified by:
setSimplePasswordin interfacePreParseBindOperation- Parameters:
simplePassword- The simple authentication password for this bind operation.
-
getSASLMechanism
Description copied from interface:PreOperationBindOperationRetrieves the SASL mechanism for this bind operation.- Specified by:
getSASLMechanismin interfacePostOperationBindOperation- Specified by:
getSASLMechanismin interfacePostResponseBindOperation- Specified by:
getSASLMechanismin interfacePreOperationBindOperation- Specified by:
getSASLMechanismin interfacePreParseBindOperation- Returns:
- The SASL mechanism for this bind operation, or
nullif the bind does not use SASL authentication.
-
getSASLCredentials
Description copied from interface:PreOperationBindOperationRetrieves the SASL credentials for this bind operation.- Specified by:
getSASLCredentialsin interfacePostOperationBindOperation- Specified by:
getSASLCredentialsin interfacePostResponseBindOperation- Specified by:
getSASLCredentialsin interfacePreOperationBindOperation- Specified by:
getSASLCredentialsin interfacePreParseBindOperation- Returns:
- The SASL credentials for this bind operation, or
nullif there are none or if the bind does not use SASL authentication.
-
setSASLCredentials
Description copied from interface:PreParseBindOperationSpecifies the SASL credentials for this bind operation.- Specified by:
setSASLCredentialsin interfacePreParseBindOperation- Parameters:
saslMechanism- The SASL mechanism for this bind operation.saslCredentials- The SASL credentials for this bind operation, ornullif there are none.
-
getServerSASLCredentials
Description copied from interface:PostOperationBindOperationRetrieves the set of server SASL credentials to include in the bind response.- Specified by:
getServerSASLCredentialsin interfacePostOperationBindOperation- Specified by:
getServerSASLCredentialsin interfacePostResponseBindOperation- Returns:
- The set of server SASL credentials to include in the bind response, or
nullif there are none.
-
setServerSASLCredentials
Description copied from interface:PreOperationBindOperationSpecifies the set of server SASL credentials to include in the bind response.- Specified by:
setServerSASLCredentialsin interfacePostOperationBindOperation- Specified by:
setServerSASLCredentialsin interfacePreOperationBindOperation- Specified by:
setServerSASLCredentialsin interfacePreParseBindOperation- Parameters:
serverSASLCredentials- The set of server SASL credentials to include in the bind response.
-
getSASLAuthUserEntry
Description copied from interface:PostOperationBindOperationRetrieves the user entry associated with the SASL authentication attempt. This should be set by any SASL mechanism in which the processing was able to get far enough to make this determination, regardless of whether the authentication was ultimately successful.- Specified by:
getSASLAuthUserEntryin interfacePostOperationBindOperation- Specified by:
getSASLAuthUserEntryin interfacePostResponseBindOperation- Returns:
- The user entry associated with the SASL authentication attempt, or
nullif it was not a SASL authentication or the SASL processing was not able to map the request to a user.
-
setSASLAuthUserEntry
Specifies the user entry associated with the SASL authentication attempt. This should be set by any SASL mechanism in which the processing was able to get far enough to make this determination, regardless of whether the authentication was ultimately successful.- Parameters:
saslAuthUserEntry- The user entry associated with the SASL authentication attempt.
-
getAuthFailureReason
Description copied from interface:PostOperationBindOperationRetrieves a human-readable message providing the reason that the authentication failed, if available.- Specified by:
getAuthFailureReasonin interfacePostOperationBindOperation- Specified by:
getAuthFailureReasonin interfacePostResponseBindOperation- Returns:
- A human-readable message providing the reason that the authentication failed, or
nullif none is available.
-
setAuthFailureReason
Description copied from interface:PreOperationBindOperationSpecifies the reason that the authentication failed.- Specified by:
setAuthFailureReasonin interfacePostOperationBindOperation- Specified by:
setAuthFailureReasonin interfacePreOperationBindOperation- Specified by:
setAuthFailureReasonin interfacePreParseBindOperation- Parameters:
reason- A human-readable message providing the reason that the authentication failed.
-
getUserEntryDN
Description copied from interface:PreOperationBindOperationRetrieves the user entry DN for this bind operation. It will only be available for simple bind operations (and may be different than the bind DN from the client request).- Specified by:
getUserEntryDNin interfacePostOperationBindOperation- Specified by:
getUserEntryDNin interfacePostResponseBindOperation- Specified by:
getUserEntryDNin interfacePreOperationBindOperation- Returns:
- The user entry DN for this bind operation, or
nullif the bind processing has not progressed far enough to identify the user or if the user DN could not be determined.
-
setAuthenticationInfo
Specifies the authentication info that resulted from processing this bind operation. This method must only be called by SASL mechanism handlers during the course of processing theprocessSASLBindmethod.- Parameters:
authInfo- The authentication info that resulted from processing this bind operation.
-
getRequest
Description copied from class:OperationReturns the request associated to this operation.- Specified by:
getRequestin interfacePluginOperation- Overrides:
getRequestin classOperation- Returns:
- The request associated to this operation.
-
getResponseControls
Description copied from interface:PluginOperationRetrieves the set of controls to include in the response to the client. The contents of this list must not be altered.- Specified by:
getResponseControlsin interfacePluginOperation- Returns:
- The set of controls to include in the response to the client.
-
addResponseControl
Description copied from class:OperationAdds the provided control to the set of controls to include in the response to the client.This method may not be called by post-response plugins.
- Specified by:
addResponseControlin interfacePostOperationOperation- Specified by:
addResponseControlin interfacePreOperationOperation- Specified by:
addResponseControlin interfacePreParseOperation- Specified by:
addResponseControlin classOperation- Parameters:
control- The control to add to the set of controls to include in the response to the client.
-
removeResponseControl
Description copied from class:OperationRemoves the provided control from the set of controls to include in the response to the client.This method may not be called by post-response plugins.
- Specified by:
removeResponseControlin interfacePostOperationOperation- Specified by:
removeResponseControlin interfacePreOperationOperation- Specified by:
removeResponseControlin interfacePreParseOperation- Specified by:
removeResponseControlin classOperation- Parameters:
control- The control to remove from the set of controls to include in the response to the client.
-
toString
Description copied from interface:PluginOperationAppends a string representation of this operation to the provided buffer.- Specified by:
toStringin interfacePluginOperation- Specified by:
toStringin classOperation- Parameters:
buffer- The buffer into which a string representation of this operation should be appended.
-
runImpl
Description copied from class:OperationPerforms the work of actually processing this operation.- Specified by:
runImplin classOperation- Returns:
trueif the result should be sent immediately, orfalseif it will be sent later, e.g. as part of a persistent search.- Throws:
LdapException- If an error occurred when processing the operation.
-
invokePreParsePlugins
protected boolean invokePreParsePlugins()Description copied from class:OperationInvokes any applicable pre-parse plugins.- Specified by:
invokePreParsePluginsin classOperation- Returns:
trueif processing should continue.
-
invokePostResponsePlugins
protected void invokePostResponsePlugins()Description copied from class:OperationInvokes any applicable post-response plugins.- Specified by:
invokePostResponsePluginsin classOperation
-
operationToResult
Description copied from class:OperationGenerates a result for this operation.- Overrides:
operationToResultin classOperation- Returns:
- The result.
-
getSaslServer
Returns theSaslServerto use by the underlying connection, ornullif SASL integrity and/or privacy protection must not be enabled.- Returns:
- The
SaslServerto use by the underlying connection, ornullif SASL integrity and/or privacy protection must not enabled.
-
setSaslServer
Sets the SASL server.- Parameters:
saslServer- the SASL server to set
-
runFakePasswordMatches
When using cost based hashes, ensure similar response times when login with non-existing vs. existing users, this also applies to other failure conditions.- Parameters:
bindDn- the bind DNpassword- the bind password- Throws:
LdapException- If a problem occurs while attempting to encode the password.
-