001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2010 Sun Microsystems, Inc.
025 */
026
027package org.forgerock.opendj.ldap.requests;
028
029import java.util.List;
030
031import org.forgerock.opendj.ldap.ByteString;
032import org.forgerock.opendj.ldap.DecodeException;
033import org.forgerock.opendj.ldap.DecodeOptions;
034import org.forgerock.opendj.ldap.controls.Control;
035import org.forgerock.opendj.ldap.controls.ControlDecoder;
036import org.forgerock.opendj.ldap.responses.ExtendedResultDecoder;
037import org.forgerock.opendj.ldap.responses.WhoAmIExtendedResult;
038
039/**
040 * The who am I extended request as defined in RFC 4532. This operation allows
041 * clients to obtain the primary authorization identity, in its primary form,
042 * that the server has associated with the user or application entity.
043 * <p>
044 * The following example demonstrates use of the Who Am I? request and response.
045 *
046 * <pre>
047 * Connection connection = ...;
048 * String name = ...;
049 * char[] password = ...;
050 *
051 * Result result = connection.bind(name, password);
052 * if (result.isSuccess()) {
053 *     WhoAmIExtendedRequest request = Requests.newWhoAmIExtendedRequest();
054 *     WhoAmIExtendedResult extResult = connection.extendedRequest(request);
055 *
056 *     if (extResult.isSuccess()) {
057 *         // Authz ID: "  + extResult.getAuthorizationID());
058 *     }
059 * }
060 * </pre>
061 *
062 * This operation may preferable to the Authorization Identity Controls
063 * mechanism defined in RFC 3829, which uses Bind request and response controls
064 * to request and return the authorization identity. Bind controls are not
065 * protected by security layers established by the Bind operation that includes
066 * them. While it is possible to establish security layers using StartTLS prior
067 * to the Bind operation, it is often desirable to use security layers
068 * established by the Bind operation. An extended operation sent after a Bind
069 * operation is protected by the security layers established by the Bind
070 * operation.
071 *
072 * @see WhoAmIExtendedResult
073 * @see org.forgerock.opendj.ldap.controls.AuthorizationIdentityRequestControl
074 * @see <a href="http://tools.ietf.org/html/rfc4532">RFC 4532 - Lightweight
075 *      Directory Access Protocol (LDAP) "Who am I?" Operation </a>
076 * @see <a href="http://tools.ietf.org/html/rfc3829">RFC 3829 - Lightweight
077 *      Directory Access Protocol (LDAP) Authorization Identity Request and
078 *      Response Controls </a>
079 */
080public interface WhoAmIExtendedRequest extends ExtendedRequest<WhoAmIExtendedResult> {
081
082    /**
083     * A decoder which can be used to decode who am I extended operation
084     * requests.
085     */
086    ExtendedRequestDecoder<WhoAmIExtendedRequest, WhoAmIExtendedResult> DECODER =
087            new WhoAmIExtendedRequestImpl.RequestDecoder();
088
089    /**
090     * The OID for the who am I extended operation request.
091     */
092    String OID = "1.3.6.1.4.1.4203.1.11.3";
093
094    @Override
095    WhoAmIExtendedRequest addControl(Control control);
096
097    @Override
098    <C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options)
099            throws DecodeException;
100
101    @Override
102    List<Control> getControls();
103
104    @Override
105    String getOID();
106
107    @Override
108    ExtendedResultDecoder<WhoAmIExtendedResult> getResultDecoder();
109
110    @Override
111    ByteString getValue();
112
113    @Override
114    boolean hasValue();
115}