Package org.forgerock.opendj.ldap.requests

Interface CRAMMD5SASLBindRequest

All Superinterfaces:
BindRequest, Request, SASLBindRequest
public interface CRAMMD5SASLBindRequest extends SASLBindRequest
The CRAM-MD5 SASL bind request as defined in draft-ietf-sasl-crammd5. This SASL mechanism allows a client to perform a simple challenge-response authentication method, using a keyed MD5 digest. This mechanism does not provide a security layer.

The CRAM-MD5 mechanism is intended to have limited use on the Internet. The mechanism offers inadequate protection against common attacks against application-level protocols and is prone to interoperability problems.

The authentication identity is specified using an authorization ID, or authzId, as defined in RFC 4513 section 5.2.1.8.

See Also:

  • Field Details

  • Method Details

    • addControl

      CRAMMD5SASLBindRequest addControl(Control control)
      Description copied from interface: Request
      Adds the provided control to this request.
      Specified by:
      addControl in interface BindRequest
      Specified by:
      addControl in interface Request
      Specified by:
      addControl in interface SASLBindRequest
      Parameters:
      control - The control to be added to this request.
      Returns:
      This request.

    • createBindClient

      BindClient createBindClient(String serverName) throws LdapException
      Description copied from interface: BindRequest
      Creates a new bind client which can be used to perform the authentication process. This method is called by protocol implementations and is not intended for use by applications.
      Specified by:
      createBindClient in interface BindRequest
      Specified by:
      createBindClient in interface SASLBindRequest
      Parameters:
      serverName - The non-null fully-qualified host name of the server to authenticate to.
      Returns:
      The new bind client.
      Throws:
      LdapException - If an error occurred while creating the bind client context.

    • getAuthenticationID

      String getAuthenticationID()
      Returns the authentication ID of the user. The authentication ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Returns:
      The authentication ID of the user.

    • getAuthenticationType

      byte getAuthenticationType()
      Returns the authentication mechanism identifier for this SASL bind request as defined by the LDAP protocol, which is always 0xA3.
      Specified by:
      getAuthenticationType in interface BindRequest
      Specified by:
      getAuthenticationType in interface SASLBindRequest
      Returns:
      The authentication mechanism identifier.

    • getControl

      <C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options) throws DecodeException
      Description copied from interface: Request
      Decodes and returns the first control in this request having an OID corresponding to the provided control decoder.
      Specified by:
      getControl in interface BindRequest
      Specified by:
      getControl in interface Request
      Specified by:
      getControl in interface SASLBindRequest
      Type Parameters:
      C - The type of control to be decoded and returned.
      Parameters:
      decoder - The control decoder.
      options - The set of decode options which should be used when decoding the control.
      Returns:
      The decoded control, or null if the control is not included with this request.
      Throws:
      DecodeException - If the control could not be decoded because it was malformed in some way (e.g. the control value was missing, or its content could not be decoded).

    • getControls

      List<Control> getControls()
      Description copied from interface: Request
      Returns a List containing the controls included with this request. The returned List may be modified if permitted by this request.
      Specified by:
      getControls in interface BindRequest
      Specified by:
      getControls in interface Request
      Specified by:
      getControls in interface SASLBindRequest
      Returns:
      A List containing the controls.

    • getName

      String getName()
      Returns the name of the Directory object that the client wishes to bind as, which is always the empty string for SASL authentication.
      Specified by:
      getName in interface BindRequest
      Specified by:
      getName in interface SASLBindRequest
      Returns:
      The name of the Directory object that the client wishes to bind as.

    • getPassword

      byte[] getPassword()
      Returns the password of the user that the client wishes to bind as.

      Unless otherwise indicated, implementations will store a reference to the returned password byte array, allowing applications to overwrite the password after it has been used.

      Returns:
      The password of the user that the client wishes to bind as.

    • getSASLMechanism

      String getSASLMechanism()
      Description copied from interface: SASLBindRequest
      Returns the SASL mechanism for this SASL bind request.
      Specified by:
      getSASLMechanism in interface SASLBindRequest
      Returns:
      The SASL mechanism for this bind request.

    • setAuthenticationID

      CRAMMD5SASLBindRequest setAuthenticationID(String authenticationID)
      Sets the authentication ID of the user. The authentication ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Parameters:
      authenticationID - The authentication ID of the user.
      Returns:
      This bind request
      Throws:
      UnsupportedOperationException - If this bind request does not permit the authentication ID to be set..
      org.forgerock.i18n.LocalizedIllegalArgumentException - If authenticationID was non-empty and did not contain a valid authorization ID type.
      NullPointerException - If authenticationID was null.

    • setPassword

      CRAMMD5SASLBindRequest setPassword(byte[] password)
      Sets the password of the user that the client wishes to bind as.

      Unless otherwise indicated, implementations will store a reference to the provided password byte array, allowing applications to overwrite the password after it has been used.

      Parameters:
      password - The password of the user that the client wishes to bind as, which may be empty.
      Returns:
      This bind request.
      Throws:
      UnsupportedOperationException - If this bind request does not permit the password to be set.
      NullPointerException - If password was null.

    • setPassword

      CRAMMD5SASLBindRequest setPassword(char[] password)
      Sets the password of the user that the client wishes to bind as. The password will be converted to a UTF-8 octet string.
      Parameters:
      password - The password of the user that the client wishes to bind as.
      Returns:
      This bind request.
      Throws:
      UnsupportedOperationException - If this bind request does not permit the password to be set.
      NullPointerException - If password was null.