Package org.opends.server.core

Class BindOperation

java.lang.Object

org.opends.server.types.Operation

org.opends.server.core.BindOperation

All Implemented Interfaces:

PluginOperation, PostCommitOperation, PostOperationBindOperation, PostOperationOperation, PostResponseBindOperation, PostResponseOperation, PreOperationBindOperation, PreOperationOperation, PreParseBindOperation, PreParseOperation

public final class BindOperation
extends Operation
implements PreOperationBindOperation, PreParseBindOperation, PostOperationBindOperation, PostResponseBindOperation

This class defines an operation that may be used to authenticate a user to the Directory Server.

Field Summary

Fields inherited from class org.opends.server.types.Operation

backend, context, out, pluginConfigManager, request, result, serverContext

Constructor Summary

Constructors

Constructor	Description
BindOperation(RequestContext context, LocalBackend<?> backend, BindRequest request, Consumer<Response> out, ServerContext serverContext)	Creates a new bind operation.

Method Summary

Modifier and Type	Method	Description
AuthenticationType	getAuthenticationType()	Retrieves the authentication type for this bind operation.
Dn	getBindDN()	Retrieves the bind DN for this bind operation.
BindRequest	getRequest()	Returns the request associated to this operation.
Entry	getSASLAuthUserEntry()	Retrieves the user entry associated with the SASL authentication attempt.
ByteString	getSASLCredentials()	Retrieves the SASL credentials for this bind operation.
String	getSASLMechanism()	Retrieves the SASL mechanism for this bind operation.
SaslServer	getSaslServer()	Returns the SaslServer to use by the underlying connection, or null if SASL integrity and/or privacy protection must not be enabled.
ByteString	getServerSASLCredentials()	Retrieves the set of server SASL credentials to include in the bind response.
ByteString	getSimplePassword()	Retrieves the simple authentication password for this bind operation.
Dn	getUserEntryDN()	Retrieves the user entry DN for this bind operation.
protected void	invokePostResponsePlugins()	Invokes any applicable post-response plugins.
protected void	invokePreParsePlugins()	Invokes any applicable pre-parse plugins.
protected Result	operationToResult(Result result)	Generates a result for this operation.
void	runFakePasswordMatches(Dn bindDn, ByteString password)	When using cost based hashes, ensure similar response times when login with non-existing vs.
protected Result	runImpl()	Performs the work of actually processing this operation.
void	setAuthenticationInfo(AuthenticationInfo authInfo)	Specifies the authentication info that resulted from processing this bind operation.
void	setBindDN(Dn bindDN)	Specifies the bind DN for this bind operation.
void	setSASLAuthUserEntry(Entry saslAuthUserEntry)	Specifies the user entry associated with the SASL authentication attempt.
void	setSASLCredentials(String saslMechanism, ByteString saslCredentials)	Specifies the SASL credentials for this bind operation.
void	setSaslServer(SaslServer saslServer)	Sets the SASL server.
void	setServerSASLCredentials(ByteString serverSASLCredentials)	Specifies the set of server SASL credentials to include in the bind response.
void	setSimplePassword(ByteString simplePassword)	Specifies the simple authentication password for this bind operation.
void	toString(StringBuilder buffer)	Appends a string representation of this operation to the provided buffer.

Methods inherited from class org.opends.server.types.Operation

addAdditionalLogItem, addPasswordPolicyWarningToLog, addPostReadResponse, addPreReadResponse, addRequestControl, addResponseControl, checkAttributeConformsToSyntax, checkIfBackendIsWritable, checkIfCanceled, createLdapException, equals, evaluateProxyAuthControls, filterNonDisclosableMatchedDn, getAccessControlHandler, getAdditionalLogItems, getAttachment, getAttachments, getAuthorizationDN, getAuthorizationEntry, getClientConnection, getConnectionID, getMessageID, getOperationID, getProxiedAuthorizationDN, getRequestContext, getRequestControl, getRequestControls, getResponseControls, getResult, getResultCode, hashCode, hasPrivilege, hasRequestControl, isInternalOperation, isProxyAuthzControl, isSynchronizationOperation, mustCheckSchema, removeAllDisallowedControls, removeResponseControl, run, sendIntermediateResponse, sendResult, setAttachment, setResult, setResult, toString, trySetLargestEntrySize

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.opends.server.types.operation.PluginOperation

checkIfCanceled, getAttachment, getAttachments, getClientConnection, getConnectionID, getMessageID, getOperationID, getRequestControl, getRequestControl, getRequestControls, getResponseControls, hasPrivilege, isInternalOperation, isSynchronizationOperation, setAttachment, toString

Methods inherited from interface org.opends.server.types.operation.PostOperationOperation

addAdditionalLogItem, addResponseControl, getAdditionalLogItems, getAuthorizationDN, getResultCode, removeResponseControl, setResult, setResult

Methods inherited from interface org.opends.server.types.operation.PreOperationOperation

addAdditionalLogItem, addResponseControl, getAdditionalLogItems, getAuthorizationDN, removeResponseControl, sendIntermediateResponse

Methods inherited from interface org.opends.server.types.operation.PreParseOperation

addAdditionalLogItem, addRequestControl, addResponseControl, getAdditionalLogItems, removeResponseControl, sendIntermediateResponse

Constructor Details

BindOperation

public BindOperation(RequestContext context,
 LocalBackend<?> backend,
 BindRequest request,
 Consumer<Response> out,
 ServerContext serverContext)

Creates a new bind operation.

Parameters:

context - The context.

backend - The local backend in which this request is to be processed.

request - The request.

out - A consumer responsible for sending responses to the client.

serverContext - the server context

Method Details

getAuthenticationType

public AuthenticationType getAuthenticationType()

Description copied from interface: PreOperationBindOperation

Retrieves the authentication type for this bind operation.

Specified by:

getAuthenticationType in interface PostOperationBindOperation

Specified by:

getAuthenticationType in interface PostResponseBindOperation

Specified by:

getAuthenticationType in interface PreOperationBindOperation

Specified by:

getAuthenticationType in interface PreParseBindOperation

Returns:

The authentication type for this bind operation.

setBindDN

public void setBindDN(Dn bindDN)

Description copied from interface: PreParseBindOperation

Specifies the bind DN for this bind operation.

Specified by:

setBindDN in interface PreParseBindOperation

Parameters:

bindDN - The bind DN for this bind

getBindDN

public Dn getBindDN()

Description copied from interface: PreOperationBindOperation

Retrieves the bind DN for this bind operation.

Specified by:

getBindDN in interface PostOperationBindOperation

Specified by:

getBindDN in interface PostResponseBindOperation

Specified by:

getBindDN in interface PreOperationBindOperation

Specified by:

getBindDN in interface PreParseBindOperation

Returns:

The bind DN for this bind operation.

getSimplePassword

public ByteString getSimplePassword()

Description copied from interface: PreOperationBindOperation

Retrieves the simple authentication password for this bind operation.

Specified by:

getSimplePassword in interface PostOperationBindOperation

Specified by:

getSimplePassword in interface PostResponseBindOperation

Specified by:

getSimplePassword in interface PreOperationBindOperation

Specified by:

getSimplePassword in interface PreParseBindOperation

Returns:

The simple authentication password for this bind operation.

setSimplePassword

public void setSimplePassword(ByteString simplePassword)

Description copied from interface: PreParseBindOperation

Specifies the simple authentication password for this bind operation.

Specified by:

setSimplePassword in interface PreParseBindOperation

Parameters:

simplePassword - The simple authentication password for this bind operation.

getSASLMechanism

public String getSASLMechanism()

Description copied from interface: PreOperationBindOperation

Retrieves the SASL mechanism for this bind operation.

Specified by:

getSASLMechanism in interface PostOperationBindOperation

Specified by:

getSASLMechanism in interface PostResponseBindOperation

Specified by:

getSASLMechanism in interface PreOperationBindOperation

Specified by:

getSASLMechanism in interface PreParseBindOperation

Returns:

The SASL mechanism for this bind operation, or null if the bind does not use SASL authentication.

getSASLCredentials

public ByteString getSASLCredentials()

Description copied from interface: PreOperationBindOperation

Retrieves the SASL credentials for this bind operation.

Specified by:

getSASLCredentials in interface PostOperationBindOperation

Specified by:

getSASLCredentials in interface PostResponseBindOperation

Specified by:

getSASLCredentials in interface PreOperationBindOperation

Specified by:

getSASLCredentials in interface PreParseBindOperation

Returns:

The SASL credentials for this bind operation, or null if there are none or if the bind does not use SASL authentication.

setSASLCredentials

public void setSASLCredentials(String saslMechanism,
 ByteString saslCredentials)

Description copied from interface: PreParseBindOperation

Specifies the SASL credentials for this bind operation.

Specified by:

setSASLCredentials in interface PreParseBindOperation

Parameters:

saslMechanism - The SASL mechanism for this bind operation.

saslCredentials - The SASL credentials for this bind operation, or null if there are none.

getServerSASLCredentials

public ByteString getServerSASLCredentials()

Description copied from interface: PostOperationBindOperation

Retrieves the set of server SASL credentials to include in the bind response.

Specified by:

getServerSASLCredentials in interface PostOperationBindOperation

Specified by:

getServerSASLCredentials in interface PostResponseBindOperation

Returns:

The set of server SASL credentials to include in the bind response, or null if there are none.

setServerSASLCredentials

public void setServerSASLCredentials(ByteString serverSASLCredentials)

Description copied from interface: PreOperationBindOperation

Specifies the set of server SASL credentials to include in the bind response.

Specified by:

setServerSASLCredentials in interface PostOperationBindOperation

Specified by:

setServerSASLCredentials in interface PreOperationBindOperation

Specified by:

setServerSASLCredentials in interface PreParseBindOperation

Parameters:

serverSASLCredentials - The set of server SASL credentials to include in the bind response.

getSASLAuthUserEntry

public Entry getSASLAuthUserEntry()

Description copied from interface: PostOperationBindOperation

Retrieves the user entry associated with the SASL authentication attempt. This should be set by any SASL mechanism in which the processing was able to get far enough to make this determination, regardless of whether the authentication was ultimately successful.

Specified by:

getSASLAuthUserEntry in interface PostOperationBindOperation

Specified by:

getSASLAuthUserEntry in interface PostResponseBindOperation

Returns:

The user entry associated with the SASL authentication attempt, or null if it was not a SASL authentication or the SASL processing was not able to map the request to a user.

setSASLAuthUserEntry

public void setSASLAuthUserEntry(Entry saslAuthUserEntry)

Specifies the user entry associated with the SASL authentication attempt. This should be set by any SASL mechanism in which the processing was able to get far enough to make this determination, regardless of whether the authentication was ultimately successful.

Parameters:

saslAuthUserEntry - The user entry associated with the SASL authentication attempt.

getUserEntryDN

public Dn getUserEntryDN()

Description copied from interface: PreOperationBindOperation

Retrieves the user entry DN for this bind operation. It will only be available for simple bind operations (and may be different than the bind DN from the client request).

Specified by:

getUserEntryDN in interface PostOperationBindOperation

Specified by:

getUserEntryDN in interface PostResponseBindOperation

Specified by:

getUserEntryDN in interface PreOperationBindOperation

Returns:

The user entry DN for this bind operation, or null if the bind processing has not progressed far enough to identify the user or if the user DN could not be determined.

setAuthenticationInfo

public void setAuthenticationInfo(AuthenticationInfo authInfo)

Specifies the authentication info that resulted from processing this bind operation. This method must only be called by SASL mechanism handlers during the course of processing the processSASLBind method.

Parameters:

authInfo - The authentication info that resulted from processing this bind operation.

getRequest

public BindRequest getRequest()

Description copied from class: Operation

Returns the request associated to this operation.

Specified by:

getRequest in interface PluginOperation

Overrides:

getRequest in class Operation

Returns:

The request associated to this operation.

toString

public void toString(StringBuilder buffer)

Description copied from interface: PluginOperation

Appends a string representation of this operation to the provided buffer.

Specified by:

toString in interface PluginOperation

Specified by:

toString in class Operation

Parameters:

buffer - The buffer into which a string representation of this operation should be appended.

runImpl

protected Result runImpl()
                  throws LdapException

Description copied from class: Operation

Performs the work of actually processing this operation.

Specified by:

runImpl in class Operation

Returns:

null if the result is delayed (e.g. persistent search), Result otherwise.

Throws:

LdapException - If an error occurred when processing the operation.

invokePreParsePlugins

protected void invokePreParsePlugins()
                              throws LdapException

Description copied from class: Operation

Invokes any applicable pre-parse plugins.

Specified by:

invokePreParsePlugins in class Operation

Throws:

LdapException - If an error occurred when invoking the pre-parse plugins.

invokePostResponsePlugins

protected void invokePostResponsePlugins()

Description copied from class: Operation

Invokes any applicable post-response plugins.

Specified by:

invokePostResponsePlugins in class Operation

operationToResult

protected Result operationToResult(Result result)

Description copied from class: Operation

Generates a result for this operation.

Overrides:

operationToResult in class Operation

Parameters:

result - The result to convert.

Returns:

The result.

getSaslServer

public SaslServer getSaslServer()

Returns the SaslServer to use by the underlying connection, or null if SASL integrity and/or privacy protection must not be enabled.

Returns:

The SaslServer to use by the underlying connection, or null if SASL integrity and/or privacy protection must not enabled.

setSaslServer

public void setSaslServer(SaslServer saslServer)

Sets the SASL server.

Parameters:

saslServer - the SASL server to set

runFakePasswordMatches

public void runFakePasswordMatches(Dn bindDn,
 ByteString password)
                            throws LdapException

When using cost based hashes, ensure similar response times when login with non-existing vs. existing users, this also applies to other failure conditions.

Parameters:

bindDn - the bind DN

password - the bind password

Throws:

LdapException - If a problem occurs while attempting to encode the password.