org.apache.directory.server.ldap.handlers.request

Class BindRequestHandler

java.lang.Object

org.apache.directory.server.ldap.handlers.LdapRequestHandler<org.apache.directory.api.ldap.model.message.BindRequest>

org.apache.directory.server.ldap.handlers.request.BindRequestHandler

All Implemented Interfaces:

org.apache.mina.handler.demux.MessageHandler<org.apache.directory.api.ldap.model.message.BindRequest>

public class BindRequestHandler
extends LdapRequestHandler<org.apache.directory.api.ldap.model.message.BindRequest>

A single reply MessageReceived handler for BindRequests. Implements server-side of RFC 2222, sections 4.2 and 4.3.

Field Summary

Fields

Modifier and Type	Field and Description
private java.util.Map<java.lang.String,MechanismHandler>	handlers A Hashed Adapter mapping SASL mechanisms to their handlers.
private static org.slf4j.Logger	LOG

Fields inherited from class org.apache.directory.server.ldap.handlers.LdapRequestHandler

ldapServer

Fields inherited from interface org.apache.mina.handler.demux.MessageHandler

NOOP

Constructor Summary

Constructors

Constructor and Description
BindRequestHandler()

Method Summary

Modifier and Type	Method and Description
private boolean	checkMechanism(java.lang.String saslMechanism) Check if the mechanism exists.
private void	generateSaslChallengeOrComplete(LdapSession ldapSession, javax.security.sasl.SaslServer ss, org.apache.directory.api.ldap.model.message.BindRequest bindRequest) For challenge/response exchange, generate the challenge.
void	handle(LdapSession ldapSession, org.apache.directory.api.ldap.model.message.BindRequest bindRequest) Deal with a received BindRequest
void	handleSaslAuth(LdapSession ldapSession, org.apache.directory.api.ldap.model.message.BindRequest bindRequest) Handle the SASL authentication.
private void	handleSaslAuthPending(LdapSession ldapSession, org.apache.directory.api.ldap.model.message.BindRequest bindRequest)
void	handleSimpleAuth(LdapSession ldapSession, org.apache.directory.api.ldap.model.message.BindRequest bindRequest) Handle the Simple authentication.
private void	sendAuthMethNotSupported(LdapSession ldapSession, org.apache.directory.api.ldap.model.message.BindRequest bindRequest) Send back an AUTH-METH-NOT-SUPPORTED error message to the client
private void	sendBindSuccess(LdapSession ldapSession, org.apache.directory.api.ldap.model.message.BindRequest bindRequest, byte[] tokenBytes) Send a SUCCESS message back to the client.
private void	sendInvalidCredentials(LdapSession ldapSession, org.apache.directory.api.ldap.model.message.BindRequest bindRequest, java.lang.Exception e) Send back an INVALID-CREDENTIAL error message to the user.
void	setSaslMechanismHandlers(java.util.Map<java.lang.String,MechanismHandler> handlers) Set the mechanisms handler map.

Methods inherited from class org.apache.directory.server.ldap.handlers.LdapRequestHandler

getLdapServer, handleException, handleMessage, isConfidentialityRequirementSatisfied, rejectWithoutConfidentiality, setLdapServer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

handlers

private java.util.Map<java.lang.String,MechanismHandler> handlers

A Hashed Adapter mapping SASL mechanisms to their handlers.

Constructor Detail

BindRequestHandler

public BindRequestHandler()

Method Detail

setSaslMechanismHandlers

public void setSaslMechanismHandlers(java.util.Map<java.lang.String,MechanismHandler> handlers)

Set the mechanisms handler map.

Parameters:

handlers - The associations btween a machanism and its handler

handleSimpleAuth

public void handleSimpleAuth(LdapSession ldapSession,
                             org.apache.directory.api.ldap.model.message.BindRequest bindRequest)
                      throws java.lang.Exception

Handle the Simple authentication.

Parameters:

ldapSession - The associated Session

bindRequest - The BindRequest received

Throws:

java.lang.Exception - If the authentication cannot be done

checkMechanism

private boolean checkMechanism(java.lang.String saslMechanism)
                        throws java.lang.Exception

Check if the mechanism exists.

Throws:

java.lang.Exception

generateSaslChallengeOrComplete

private void generateSaslChallengeOrComplete(LdapSession ldapSession,
                                             javax.security.sasl.SaslServer ss,
                                             org.apache.directory.api.ldap.model.message.BindRequest bindRequest)
                                      throws java.lang.Exception

For challenge/response exchange, generate the challenge. If the exchange is complete then send bind success.

Parameters:

ldapSession -

ss -

bindRequest -

Throws:

java.lang.Exception

sendAuthMethNotSupported

private void sendAuthMethNotSupported(LdapSession ldapSession,
                                      org.apache.directory.api.ldap.model.message.BindRequest bindRequest)

Send back an AUTH-METH-NOT-SUPPORTED error message to the client

sendInvalidCredentials

private void sendInvalidCredentials(LdapSession ldapSession,
                                    org.apache.directory.api.ldap.model.message.BindRequest bindRequest,
                                    java.lang.Exception e)

Send back an INVALID-CREDENTIAL error message to the user. If we have an exception as a third argument, then send back the associated message to the client.

sendBindSuccess

private void sendBindSuccess(LdapSession ldapSession,
                             org.apache.directory.api.ldap.model.message.BindRequest bindRequest,
                             byte[] tokenBytes)

Send a SUCCESS message back to the client.

handleSaslAuthPending

private void handleSaslAuthPending(LdapSession ldapSession,
                                   org.apache.directory.api.ldap.model.message.BindRequest bindRequest)
                            throws java.lang.Exception

Throws:

java.lang.Exception

handleSaslAuth

public void handleSaslAuth(LdapSession ldapSession,
                           org.apache.directory.api.ldap.model.message.BindRequest bindRequest)
                    throws java.lang.Exception

Handle the SASL authentication. If the mechanism is known, we are facing three cases :

• The user does not has a session yet
• The user already has a session
• The user has started a SASL negotiation

In the first case, we initiate a SaslBind session, which will be used all along the negotiation.
In the second case, we first have to unbind the user, and initiate a new SaslBind session.
In the third case, we have sub cases :
• The mechanism is not provided : that means the user want to reset the current negotiation. We move back to an Anonymous state
• The mechanism is provided : the user is initializing a new negotiation with another mechanism. The current SaslBind session is reinitialized

Parameters:

ldapSession - The associated Session

bindRequest - The BindRequest received

Throws:

java.lang.Exception - If the authentication cannot be done

handle

public void handle(LdapSession ldapSession,
                   org.apache.directory.api.ldap.model.message.BindRequest bindRequest)
            throws java.lang.Exception

Deal with a received BindRequest

Specified by:

handle in class LdapRequestHandler<org.apache.directory.api.ldap.model.message.BindRequest>

Parameters:

ldapSession - The current session

bindRequest - The received BindRequest

Throws:

java.lang.Exception - If the authentication cannot be handled