Source code

001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2016 ForgeRock AS.
015 * Portions Copyright 2022 Wren Security.
016 */
017package org.forgerock.opendj.rest2ldap.authz;
018
019import org.forgerock.opendj.ldap.ConnectionFactory;
020import org.forgerock.opendj.ldap.DN;
021import org.forgerock.opendj.ldap.SearchScope;
022import org.forgerock.opendj.ldap.schema.Schema;
023
024
025/**
026 * Factory methods of {@link AuthenticationStrategy} allowing to perform authentication against LDAP server through
027 * different method.
028 */
029public final class AuthenticationStrategies {
030
031    private AuthenticationStrategies() {
032    }
033
034    /**
035     * Creates an {@link AuthenticationStrategy} performing simple BIND authentication against an LDAP server.
036     *
037     * @param connectionFactory
038     *            {@link ConnectionFactory} to the LDAP server used to perform the bind operation.
039     * @param bindDNTemplate
040     *            Tempalte of the DN to use for the bind operation. The first %s will be replaced by the provided
041     *            authentication-id (i.e: uid=%s,dc=example,dc=com)
042     * @param schema
043     *            {@link Schema} used to validate the DN format.*
044     * @return a new simple bind {@link AuthenticationStrategy}
045     * @throws NullPointerException
046     *             If a parameter is null
047     */
048    public static AuthenticationStrategy newSimpleBindStrategy(ConnectionFactory connectionFactory,
049            String bindDNTemplate, Schema schema) {
050        return new SimpleBindStrategy(connectionFactory, bindDNTemplate, schema);
051    }
052
053    /**
054     * Creates an {@link AuthenticationStrategy} performing authentication against an LDAP server by first performing a
055     * lookup of the entry to bind with. This is to find the user DN to bind with from its metadata (i.e: email
056     * address).
057     *
058     * @param searchConnectionFactory
059     *            {@link ConnectionFactory} to the LDAP server used to perform the lookup of the entry.
060     * @param bindConnectionFactory
061     *            {@link ConnectionFactory} to the LDAP server used to perform the bind one the user's DN has been
062     *            found. Can be the same than the searchConnectionFactory.
063     * @param baseDN
064     *            Base DN of the search request performed to find the user's DN.
065     * @param searchScope
066     *            {@link SearchScope} of the search request performed to find the user's DN.
067     * @param filterTemplate
068     *            Filter of the search request (i.e: (&amp;(email=%s)(objectClass=inetOrgPerson)) where the first %s will be
069     *            replaced by the user's provided authentication-id.
070     * @return a new search then bind {@link AuthenticationStrategy}
071     * @throws NullPointerException
072     *             If a parameter is null
073     */
074    public static AuthenticationStrategy newSearchThenBindStrategy(ConnectionFactory searchConnectionFactory,
075            ConnectionFactory bindConnectionFactory, DN baseDN, SearchScope searchScope, String filterTemplate) {
076        return new SearchThenBindStrategy(searchConnectionFactory, bindConnectionFactory, baseDN, searchScope,
077                filterTemplate);
078    }
079
080    /**
081     * Creates an {@link AuthenticationStrategy} performing authentication against an LDAP server using a plain SASL
082     * bind request.
083     *
084     * @param connectionFactory
085     *            {@link ConnectionFactory} to the LDAP server to authenticate with.
086     * @param authcIdTemplate
087     *            Authentication identity template containing a single %s which will be replaced by the authenticating
088     *            user's name. (i.e: (u:%s)
089     * @param schema
090     *            Schema used to perform DN validation.
091     * @return a new SASL plain bind {@link AuthenticationStrategy}
092     * @throws NullPointerException
093     *             If a parameter is null
094     */
095    public static AuthenticationStrategy newSaslPlainStrategy(ConnectionFactory connectionFactory, Schema schema,
096                                                              String authcIdTemplate) {
097        return new SaslPlainStrategy(connectionFactory, schema, authcIdTemplate);
098    }
099}