Package org.forgerock.opendj.ldap.requests

Interface PlainSASLBindRequest

All Superinterfaces:
BindRequest, Request, SASLBindRequest
public interface PlainSASLBindRequest extends SASLBindRequest
The Plain SASL bind request as defined in RFC 4616. This SASL mechanism allows a client to authenticate to the server with an authentication ID and password. This mechanism does not provide a security layer.

The authentication and optional authorization identity is specified using an authorization ID, or authzId, as defined in RFC 4513 section 5.2.1.8. 

 String authcid = ...;        // Authentication ID, e.g. dn:<dn>, u:<uid>
 String authzid = ...;        // Authorization ID, e.g. dn:<dn>, u:<uid>
 char[] password = ...;
 Connection connection = ...; // Use StartTLS to protect the request

 PlainSASLBindRequest request =
         Requests.newPlainSASLBindRequest(authcid, password)
         .setAuthorizationID(authzid);

 connection.bind(request);
 // Authenticated if the connection succeeds
See Also:

  • Field Details

  • Method Details

    • addControl

      PlainSASLBindRequest addControl(Control control)
      Description copied from interface: Request
      Adds the provided control to this request.
      Specified by:
      addControl in interface BindRequest
      Specified by:
      addControl in interface Request
      Specified by:
      addControl in interface SASLBindRequest
      Parameters:
      control - The control to be added to this request.
      Returns:
      This request.

    • createBindClient

      BindClient createBindClient(String serverName) throws LdapException
      Description copied from interface: BindRequest
      Creates a new bind client which can be used to perform the authentication process. This method is called by protocol implementations and is not intended for use by applications.
      Specified by:
      createBindClient in interface BindRequest
      Specified by:
      createBindClient in interface SASLBindRequest
      Parameters:
      serverName - The non-null fully-qualified host name of the server to authenticate to.
      Returns:
      The new bind client.
      Throws:
      LdapException - If an error occurred while creating the bind client context.

    • getAuthenticationID

      String getAuthenticationID()
      Returns the authentication ID of the user. The authentication ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Returns:
      The authentication ID of the user.

    • getAuthenticationType

      byte getAuthenticationType()
      Returns the authentication mechanism identifier for this SASL bind request as defined by the LDAP protocol, which is always 0xA3.
      Specified by:
      getAuthenticationType in interface BindRequest
      Specified by:
      getAuthenticationType in interface SASLBindRequest
      Returns:
      The authentication mechanism identifier.

    • getAuthorizationID

      String getAuthorizationID()
      Returns the optional authorization ID of the user which represents an alternate authorization identity which should be used for subsequent operations performed on the connection. The authorization ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Returns:
      The authorization ID of the user, which may be null.

    • getControl

      <C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options) throws DecodeException
      Description copied from interface: Request
      Decodes and returns the first control in this request having an OID corresponding to the provided control decoder.
      Specified by:
      getControl in interface BindRequest
      Specified by:
      getControl in interface Request
      Specified by:
      getControl in interface SASLBindRequest
      Type Parameters:
      C - The type of control to be decoded and returned.
      Parameters:
      decoder - The control decoder.
      options - The set of decode options which should be used when decoding the control.
      Returns:
      The decoded control, or null if the control is not included with this request.
      Throws:
      DecodeException - If the control could not be decoded because it was malformed in some way (e.g. the control value was missing, or its content could not be decoded).

    • getControls

      List<Control> getControls()
      Description copied from interface: Request
      Returns a List containing the controls included with this request. The returned List may be modified if permitted by this request.
      Specified by:
      getControls in interface BindRequest
      Specified by:
      getControls in interface Request
      Specified by:
      getControls in interface SASLBindRequest
      Returns:
      A List containing the controls.

    • getName

      String getName()
      Returns the name of the Directory object that the client wishes to bind as, which is always the empty string for SASL authentication.
      Specified by:
      getName in interface BindRequest
      Specified by:
      getName in interface SASLBindRequest
      Returns:
      The name of the Directory object that the client wishes to bind as.

    • getPassword

      byte[] getPassword()
      Returns the password of the user that the client wishes to bind as.

      Unless otherwise indicated, implementations will store a reference to the returned password byte array, allowing applications to overwrite the password after it has been used.

      Returns:
      The password of the user that the client wishes to bind as.

    • getSASLMechanism

      String getSASLMechanism()
      Description copied from interface: SASLBindRequest
      Returns the SASL mechanism for this SASL bind request.
      Specified by:
      getSASLMechanism in interface SASLBindRequest
      Returns:
      The SASL mechanism for this bind request.

    • setAuthenticationID

      PlainSASLBindRequest setAuthenticationID(String authenticationID)
      Sets the authentication ID of the user. The authentication ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Parameters:
      authenticationID - The authentication ID of the user.
      Returns:
      This bind request.
      Throws:
      UnsupportedOperationException - If this bind request does not permit the authentication ID to be set.
      org.forgerock.i18n.LocalizedIllegalArgumentException - If authenticationID was non-empty and did not contain a valid authorization ID type.
      NullPointerException - If authenticationID was null.

    • setAuthorizationID

      PlainSASLBindRequest setAuthorizationID(String authorizationID)
      Sets the optional authorization ID of the user which represents an alternate authorization identity which should be used for subsequent operations performed on the connection. The authorization ID usually has the form "dn:" immediately followed by the distinguished name of the user, or "u:" followed by a user ID string, but other forms are permitted.
      Parameters:
      authorizationID - The authorization ID of the user, which may be null.
      Returns:
      This bind request.
      Throws:
      UnsupportedOperationException - If this bind request does not permit the authorization ID to be set.
      org.forgerock.i18n.LocalizedIllegalArgumentException - If authorizationID was non-empty and did not contain a valid authorization ID type.

    • setPassword

      PlainSASLBindRequest setPassword(byte[] password)
      Sets the password of the user that the client wishes to bind as.

      Unless otherwise indicated, implementations will store a reference to the provided password byte array, allowing applications to overwrite the password after it has been used.

      Parameters:
      password - The password of the user that the client wishes to bind as, which may be empty.
      Returns:
      This bind request.
      Throws:
      UnsupportedOperationException - If this bind request does not permit the password to be set.
      NullPointerException - If password was null.

    • setPassword

      PlainSASLBindRequest setPassword(char[] password)
      Sets the password of the user that the client wishes to bind as. The password will be converted to a UTF-8 octet string.
      Parameters:
      password - The password of the user that the client wishes to bind as.
      Returns:
      This bind request.
      Throws:
      UnsupportedOperationException - If this bind request does not permit the password to be set.
      NullPointerException - If password was null.