Class Authorization
java.lang.Object
org.forgerock.opendj.hdap.authz.Authorization
Factory methods to create
Filter performing authentication and authorizations.-
Method Summary
Modifier and TypeMethodDescriptionstatic org.forgerock.http.FilternewAuthorizationFilter(Iterable<? extends ConditionalFilters.ConditionalFilter> filters) Creates a newFilterin charge of injecting anLdapClientContext.newConditionalDirectConnectionFilter(LdapClient ldapClient, Supplier<io.opentelemetry.api.OpenTelemetry> openTelemetrySupplier) Creates aConditionalFilters.ConditionalFilterinjecting anLdapClientContextwith a connection issued from the given connectionFactory.newConditionalHttpBasicAuthenticationFilter(AuthenticationStrategy authenticationStrategy, Function<org.forgerock.http.protocol.Headers, Pair<String, String>, NeverThrowsException> credentialsExtractor) Creates a newConditionalFilters.ConditionalFilterperforming authentication.static org.forgerock.http.FilternewProxyAuthorizationFilter(LdapClient ldapClient, Supplier<io.opentelemetry.api.OpenTelemetry> openTelemetrySupplier) Creates a filter injecting anLdapClientContextgiven the information provided in theSecurityContext.
-
Method Details
-
newAuthorizationFilter
public static org.forgerock.http.Filter newAuthorizationFilter(Iterable<? extends ConditionalFilters.ConditionalFilter> filters) Creates a newFilterin charge of injecting anLdapClientContext. ThisFiltertries each of the provided filters until one can apply. If no filter can be applied, the last filter in the list will be applied allowing it to formulate a valid, implementation specific, error response.- Parameters:
filters-Iterableof authorizationConditionalFiltersto try. If empty, the returned filter will always respond with 403 Forbidden.- Returns:
- A new authorization
Filter
-
newConditionalHttpBasicAuthenticationFilter
public static ConditionalFilters.ConditionalFilter newConditionalHttpBasicAuthenticationFilter(AuthenticationStrategy authenticationStrategy, Function<org.forgerock.http.protocol.Headers, Pair<String, String>, NeverThrowsException> credentialsExtractor) Creates a newConditionalFilters.ConditionalFilterperforming authentication. If authentication succeed, it injects aSecurityContextwith the authenticationId provided by the user. Otherwise, returns a HTTP 401 - Unauthorized response. The condition of thisConditionalFilters.ConditionalFilterwill return true if the supplied requests contains credentials information, false otherwise.- Parameters:
authenticationStrategy-AuthenticationStrategyto validate the user's provided credentials.credentialsExtractor- Function to extract the credentials from the received request.- Returns:
- a new
ConditionalFilters.ConditionalFilter - Throws:
NullPointerException- if a parameter is null.
-
newConditionalDirectConnectionFilter
public static ConditionalFilters.ConditionalFilter newConditionalDirectConnectionFilter(LdapClient ldapClient, Supplier<io.opentelemetry.api.OpenTelemetry> openTelemetrySupplier) Creates aConditionalFilters.ConditionalFilterinjecting anLdapClientContextwith a connection issued from the given connectionFactory. The condition is always true.- Parameters:
ldapClient- The ldap client used to get theLdapClientSocketto injectopenTelemetrySupplier- A supplier for the openTelemetry instance- Returns:
- A new
ConditionalFilters.ConditionalFilter. - Throws:
NullPointerException- if connectionFactory is null
-
newProxyAuthorizationFilter
public static org.forgerock.http.Filter newProxyAuthorizationFilter(LdapClient ldapClient, Supplier<io.opentelemetry.api.OpenTelemetry> openTelemetrySupplier) Creates a filter injecting anLdapClientContextgiven the information provided in theSecurityContext. The connection contained in the createdLdapClientContextwill add aProxiedAuthV2RequestControlto each LDAP requests.- Parameters:
ldapClient- The ldap client used to create the connection which will be injected in theLdapClientContextopenTelemetrySupplier- A supplier for the openTelemetry instance- Returns:
- A new filter.
- Throws:
NullPointerException- if connectionFactory is null
-