001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2006-2008 Sun Microsystems, Inc.
025 *      Portions Copyright 2014-2015 ForgeRock AS
026 */
027package org.opends.server.types.operation;
028import org.forgerock.i18n.LocalizableMessage;
029
030
031
032import org.opends.server.types.AuthenticationType;
033import org.forgerock.opendj.ldap.ByteString;
034import org.opends.server.types.DN;
035import org.opends.server.types.Entry;
036
037
038
039/**
040 * This class defines a set of methods that are available for use by
041 * post-operation plugins for bind operations.  Note that this
042 * interface is intended only to define an API for use by plugins and
043 * is not intended to be implemented by any custom classes.
044 */
045@org.opends.server.types.PublicAPI(
046     stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
047     mayInstantiate=false,
048     mayExtend=false,
049     mayInvoke=true)
050public interface PostOperationBindOperation
051       extends PostOperationOperation
052{
053  /**
054   * Retrieves the authentication type for this bind operation.
055   *
056   * @return  The authentication type for this bind operation.
057   */
058  AuthenticationType getAuthenticationType();
059
060
061
062  /**
063   * Retrieves a string representation of the protocol version
064   * associated with this bind request.
065   *
066   * @return  A string representation of the protocol version
067   *          associated with this bind request.
068   */
069  String getProtocolVersion();
070
071
072
073  /**
074   * Retrieves the raw, unprocessed bind DN for this bind operation as
075   * contained in the client request.  The value may not actually
076   * contain a valid DN, as no validation will have been performed.
077   *
078   * @return  The raw, unprocessed bind DN for this bind operation as
079   *          contained in the client request.
080   */
081  ByteString getRawBindDN();
082
083
084
085  /**
086   * Retrieves the bind DN for this bind operation.
087   *
088   * @return  The bind DN for this bind operation.
089   */
090  DN getBindDN();
091
092
093
094  /**
095   * Retrieves the simple authentication password for this bind operation.
096   *
097   * @return  The simple authentication password for this bind
098   *          operation.
099   */
100  ByteString getSimplePassword();
101
102
103
104  /**
105   * Retrieves the SASL mechanism for this bind operation.
106   *
107   * @return  The SASL mechanism for this bind operation, or
108   *          <CODE>null</CODE> if the bind does not use SASL
109   *          authentication.
110   */
111  String getSASLMechanism();
112
113
114
115  /**
116   * Retrieves the SASL credentials for this bind operation.
117   *
118   * @return  The SASL credentials for this bind operation, or
119   *          <CODE>null</CODE> if there are none or if the bind does
120   *          not use SASL authentication.
121   */
122  ByteString getSASLCredentials();
123
124
125
126  /**
127   * Retrieves the set of server SASL credentials to include in the
128   * bind response.
129   *
130   * @return  The set of server SASL credentials to include in the
131   *          bind response, or <CODE>null</CODE> if there are none.
132   */
133  ByteString getServerSASLCredentials();
134
135
136
137  /**
138   * Specifies the set of server SASL credentials to include in the
139   * bind response.
140   *
141   * @param  serverSASLCredentials  The set of server SASL credentials
142   *                                to include in the bind response.
143   */
144  void setServerSASLCredentials(ByteString serverSASLCredentials);
145
146
147
148  /**
149   * Retrieves the user entry associated with the SASL authentication
150   * attempt.  This should be set by any SASL mechanism in which the
151   * processing was able to get far enough to make this determination,
152   * regardless of whether the authentication was ultimately
153   * successful.
154   *
155   * @return  The user entry associated with the SASL authentication
156   *          attempt, or <CODE>null</CODE> if it was not a SASL
157   *          authentication or the SASL processing was not able to
158   *          map the request to a user.
159   */
160  Entry getSASLAuthUserEntry();
161
162
163
164  /**
165   * Retrieves a human-readable message providing the reason that the
166   * authentication failed, if available.
167   *
168   * @return  A human-readable message providing the reason that the
169   *          authentication failed, or <CODE>null</CODE> if none is
170   *          available.
171   */
172  LocalizableMessage getAuthFailureReason();
173
174
175
176  /**
177   * Specifies the reason that the authentication failed.
178   *
179   * @param  reason  A human-readable message providing the reason
180   *                 that the authentication failed.
181   */
182  void setAuthFailureReason(LocalizableMessage reason);
183
184
185
186  /**
187   * Retrieves the user entry DN for this bind operation.  It will
188   * only be available if the bind processing has proceeded far enough
189   * to identify the user attempting to authenticate.
190   *
191   * @return  The user entry DN for this bind operation, or
192   *          <CODE>null</CODE> if the bind processing has not
193   *          progressed far enough to identify the user or if the
194   *          user DN could not be determined.
195   */
196  DN getUserEntryDN();
197}
198