001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2010 Sun Microsystems, Inc. 025 * Portions Copyright 2012-2014 ForgeRock AS. 026 */ 027 028package org.forgerock.opendj.ldap.requests; 029 030import java.util.List; 031 032import org.forgerock.opendj.ldap.DecodeException; 033import org.forgerock.opendj.ldap.DecodeOptions; 034import org.forgerock.opendj.ldap.LdapException; 035import org.forgerock.opendj.ldap.controls.Control; 036import org.forgerock.opendj.ldap.controls.ControlDecoder; 037 038/** 039 * The anonymous SASL bind request as defined in RFC 4505. This SASL mechanism 040 * allows a client to authenticate to the server without requiring the user to 041 * establish or otherwise disclose their identity to the server. That is, this 042 * mechanism provides an anonymous login method. This mechanism does not provide 043 * a security layer. 044 * <p> 045 * Clients should provide trace information, which has no semantic value, and 046 * can be used by administrators in order to identify the user. It should take 047 * one of two forms: an Internet email address, or an opaque string that does 048 * not contain the '@' (U+0040) character and that can be interpreted by the 049 * system administrator of the client's domain. For privacy reasons, an Internet 050 * email address or other information identifying the user should only be used 051 * with permission from the user. 052 * 053 * @see <a href="http://tools.ietf.org/html/rfc4505">RFC 4505 - Anonymous Simple 054 * Authentication and Security Layer (SASL) Mechanism </a> 055 */ 056public interface AnonymousSASLBindRequest extends SASLBindRequest { 057 058 /** 059 * The name of the SASL mechanism that does not provide any authentication 060 * but rather uses anonymous access. 061 */ 062 String SASL_MECHANISM_NAME = "ANONYMOUS"; 063 064 @Override 065 AnonymousSASLBindRequest addControl(Control control); 066 067 @Override 068 BindClient createBindClient(String serverName) throws LdapException; 069 070 /** 071 * Returns the authentication mechanism identifier for this SASL bind 072 * request as defined by the LDAP protocol, which is always {@code 0xA3}. 073 * 074 * @return The authentication mechanism identifier. 075 */ 076 @Override 077 byte getAuthenticationType(); 078 079 @Override 080 <C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options) 081 throws DecodeException; 082 083 @Override 084 List<Control> getControls(); 085 086 /** 087 * Returns the name of the Directory object that the client wishes to bind 088 * as, which is always the empty string for SASL authentication. 089 * 090 * @return The name of the Directory object that the client wishes to bind 091 * as. 092 */ 093 @Override 094 String getName(); 095 096 @Override 097 String getSASLMechanism(); 098 099 /** 100 * Returns the trace information, which has no semantic value, and can be 101 * used by administrators in order to identify the user. 102 * 103 * @return The trace information, which has no semantic value, and can be 104 * used by administrators in order to identify the user. 105 */ 106 String getTraceString(); 107 108 /** 109 * Sets the trace information, which has no semantic value, and can be used 110 * by administrators in order to identify the user. 111 * 112 * @param traceString 113 * The trace information, which has no semantic value, and can be 114 * used by administrators in order to identify the user. 115 * @return This bind request. 116 * @throws UnsupportedOperationException 117 * If this anonymous SASL request does not permit the trace 118 * information to be set. 119 * @throws NullPointerException 120 * If {@code traceString} was {@code null}. 121 */ 122 AnonymousSASLBindRequest setTraceString(String traceString); 123}