Package org.forgerock.opendj.ldap.requests

Interface ExternalSASLBindRequest

All Superinterfaces:
BindRequest, Request, SASLBindRequest
public interface ExternalSASLBindRequest extends SASLBindRequest
The External SASL bind request as defined in RFC 4422. This SASL mechanism allows a client to request the server to use credentials established by means external to the mechanism to authenticate the client. The external means may be, for instance, SSL or TLS.

A client may either request that its authorization identity be automatically derived from its authentication credentials exchanged at a lower security layer, or it may explicitly provide a desired authorization identity.

The optional authorization identity is specified using an authorization ID, or authzId, as defined in RFC 4513 section 5.2.1.8.

See Also:

  • Field Details

  • Method Details

    • addControl

      ExternalSASLBindRequest addControl(Control control)
      Description copied from interface: Request
      Adds the provided control to this request.
      Specified by:
      addControl in interface BindRequest
      Specified by:
      addControl in interface Request
      Specified by:
      addControl in interface SASLBindRequest
      Parameters:
      control - The control to be added to this request.
      Returns:
      This request.

    • createBindClient

      BindClient createBindClient(String serverName) throws LdapException
      Description copied from interface: BindRequest
      Creates a new bind client which can be used to perform the authentication process. This method is called by protocol implementations and is not intended for use by applications.
      Specified by:
      createBindClient in interface BindRequest
      Specified by:
      createBindClient in interface SASLBindRequest
      Parameters:
      serverName - The non-null fully-qualified host name of the server to authenticate to.
      Returns:
      The new bind client.
      Throws:
      LdapException - If an error occurred while creating the bind client context.

    • getAuthenticationType

      byte getAuthenticationType()
      Returns the authentication mechanism identifier for this SASL bind request as defined by the LDAP protocol, which is always 0xA3.
      Specified by:
      getAuthenticationType in interface BindRequest
      Specified by:
      getAuthenticationType in interface SASLBindRequest
      Returns:
      The authentication mechanism identifier.

    • getAuthorizationID

      String getAuthorizationID()
      Returns the optional desired authorization ID of the user, or null if the authorization ID should derived from authentication credentials exchanged at a lower security layer. The authorization ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Returns:
      The desired authorization ID of the user, which may be null .

    • getControl

      <C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options) throws DecodeException
      Description copied from interface: Request
      Decodes and returns the first control in this request having an OID corresponding to the provided control decoder.
      Specified by:
      getControl in interface BindRequest
      Specified by:
      getControl in interface Request
      Specified by:
      getControl in interface SASLBindRequest
      Type Parameters:
      C - The type of control to be decoded and returned.
      Parameters:
      decoder - The control decoder.
      options - The set of decode options which should be used when decoding the control.
      Returns:
      The decoded control, or null if the control is not included with this request.
      Throws:
      DecodeException - If the control could not be decoded because it was malformed in some way (e.g. the control value was missing, or its content could not be decoded).

    • getControls

      List<Control> getControls()
      Description copied from interface: Request
      Returns a List containing the controls included with this request. The returned List may be modified if permitted by this request.
      Specified by:
      getControls in interface BindRequest
      Specified by:
      getControls in interface Request
      Specified by:
      getControls in interface SASLBindRequest
      Returns:
      A List containing the controls.

    • getName

      String getName()
      Returns the name of the Directory object that the client wishes to bind as, which is always the empty string for SASL authentication.
      Specified by:
      getName in interface BindRequest
      Specified by:
      getName in interface SASLBindRequest
      Returns:
      The name of the Directory object that the client wishes to bind as.

    • getSASLMechanism

      String getSASLMechanism()
      Description copied from interface: SASLBindRequest
      Returns the SASL mechanism for this SASL bind request.
      Specified by:
      getSASLMechanism in interface SASLBindRequest
      Returns:
      The SASL mechanism for this bind request.

    • setAuthorizationID

      ExternalSASLBindRequest setAuthorizationID(String authorizationID)
      Sets the optional desired authorization ID of the user, or null if the authorization ID should derived from authentication credentials exchanged at a lower security layer. The authorization ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Parameters:
      authorizationID - The desired authorization ID of the user, which may be null.
      Returns:
      This bind request.
      Throws:
      UnsupportedOperationException - If this external SASL request does not permit the authorization ID to be set.
      org.forgerock.i18n.LocalizedIllegalArgumentException - If authorizationID was non-empty and did not contain a valid authorization ID type.