001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2010 Sun Microsystems, Inc. 025 * Portions Copyright 2014 ForgeRock AS 026 */ 027 028package org.forgerock.opendj.ldap.requests; 029 030import org.forgerock.opendj.ldap.ConnectionSecurityLayer; 031import org.forgerock.opendj.ldap.LdapException; 032import org.forgerock.opendj.ldap.responses.BindResult; 033 034/** 035 * An authentication client which can be used to bind to a server. Specifically, 036 * a bind client manages the state associated with multi-stage authentication 037 * attempts and responds to any challenges returned by the server. 038 */ 039public interface BindClient { 040 /** 041 * Disposes of any system resources or security-sensitive information that 042 * this bind client might be using. Invoking this method invalidates this 043 * instance. 044 */ 045 void dispose(); 046 047 /** 048 * Evaluates the provided bind result and returns {@code true} if 049 * authentication has completed successfully, or {@code false} if additional 050 * authentication steps are required (for example during a multi-stage SASL 051 * authentication attempt). 052 * <p> 053 * If additional steps are required then implementations must update their 054 * internal state based on information contained in the bind result (for 055 * example, using the server provided SASL credentials). 056 * 057 * @param result 058 * The bind result to be evaluated. 059 * @return {@code true} if authentication has completed successfully, of 060 * {@code false} if additional steps are required. 061 * @throws LdapException 062 * If the evaluation failed for some reason and authentication 063 * cannot continue. 064 */ 065 boolean evaluateResult(BindResult result) throws LdapException; 066 067 /** 068 * Returns a connection security layer, but only if this bind client has 069 * negotiated integrity and/or privacy protection for the underlying 070 * connection. This method should only be called once authentication has 071 * completed. 072 * 073 * @return A connection security layer, or {@code null} if none was 074 * negotiated. 075 */ 076 ConnectionSecurityLayer getConnectionSecurityLayer(); 077 078 /** 079 * Returns the next bind request which should be used for the next stage of 080 * authentication. Initially, this will be a copy of the original bind 081 * request used to create this bind client. 082 * 083 * @return The next bind request which should be used for the next stage of 084 * authentication. 085 */ 086 GenericBindRequest nextBindRequest(); 087 088}