com.unboundid.ldap.sdk.unboundidds.extensions

Class DeliverSingleUseTokenExtendedRequest

java.lang.Object

com.unboundid.ldap.sdk.LDAPRequest

com.unboundid.ldap.sdk.ExtendedRequest

com.unboundid.ldap.sdk.unboundidds.extensions.DeliverSingleUseTokenExtendedRequest

All Implemented Interfaces:

ProtocolOp, ReadOnlyLDAPRequest, java.io.Serializable

@NotMutable
 @ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class DeliverSingleUseTokenExtendedRequest
extends ExtendedRequest

This class provides an implementation of an extended request that can be used to trigger the delivery of a temporary single-use token to a specified user via some out-of-band mechanism. It can be used for security purposes (e.g., as part of step-up authentication), for data validation purposes (e.g., to verify that a user can receive e-mail messages at a given address or SMS messages at a given phone number), or for other purposes in which it could be useful to deliver and consume a token through some out-of-band mechanism.

NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

This extended request has an OID of "1.3.6.1.4.1.30221.2.6.49" and it must have a value with the following encoding:

   DeliverSingleUseTokenRequestValue ::= SEQUENCE {
        userDN                         LDAPDN,
        tokenID                        OCTET STRING,
        validityDurationMillis         [0] INTEGER OPTIONAL,
        messageSubject                 [1] OCTET STRING OPTIONAL,
        fullTextBeforeToken            [2] OCTET STRING OPTIONAL,
        fullTextAfterToken             [3] OCTET STRING OPTIONAL,
        compactTextBeforeToken         [4] OCTET STRING OPTIONAL,
        compactTextAfterToken          [5] OCTET STRING OPTIONAL,
        preferredDeliveryMechanism     [6] SEQUENCE OF SEQUENCE {
             mechanismName     OCTET STRING,
             recipientID       OCTET STRING OPTIONAL },
        deliverIfPasswordExpired       [7] BOOLEAN DEFAULT FALSE,
        deliverIfAccountLocked         [8] BOOLEAN DEFAULT FALSE,
        deliverIfAccountDisabled       [9] BOOLEAN DEFAULT FALSE,
        deliverIfAccountExpired        [10] BOOLEAN DEFAULT FALSE,
        ... }
 

See Also:

DeliverSingleUseTokenExtendedResult, ConsumeSingleUseTokenExtendedRequest, Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	DELIVER_SINGLE_USE_TOKEN_REQUEST_OID The OID (1.3.6.1.4.1.30221.2.6.49) for the deliver single-use token extended request.

Fields inherited from class com.unboundid.ldap.sdk.ExtendedRequest

TYPE_EXTENDED_REQUEST_OID, TYPE_EXTENDED_REQUEST_VALUE

Constructor Summary

Constructors

Constructor and Description
DeliverSingleUseTokenExtendedRequest(ExtendedRequest request) Decodes the provided extended request as a deliver single-use token extended request.
DeliverSingleUseTokenExtendedRequest(java.lang.String userDN, java.lang.String tokenID, java.lang.Long validityDurationMillis, java.lang.String messageSubject, java.lang.String fullTextBeforeToken, java.lang.String fullTextAfterToken, java.lang.String compactTextBeforeToken, java.lang.String compactTextAfterToken, java.util.List<ObjectPair<java.lang.String,java.lang.String>> preferredDeliveryMechanisms, boolean deliverIfPasswordExpired, boolean deliverIfAccountLocked, boolean deliverIfAccountDisabled, boolean deliverIfAccountExpired, Control... controls) Creates a new deliver single-use token extended request with the provided information.

Method Summary

Modifier and Type	Method and Description
boolean	deliverIfAccountDisabled() Indicates whether to attempt to generate and deliver a token if the target user's account has been disabled by an administrator.
boolean	deliverIfAccountExpired() Indicates whether to attempt to generate and deliver a token if the target user's account has expired.
boolean	deliverIfAccountLocked() Indicates whether to attempt to generate and deliver a token if the target user's account is locked for some reason (e.g., because there have been too many failed authentication attempts, because the account has been idle for too long, or because the password was not changed soon enough after an administrative reset).
boolean	deliverIfPasswordExpired() Indicates whether to attempt to generate and deliver a token if the target user's password is expired.
DeliverSingleUseTokenExtendedRequest	duplicate() Creates a new instance of this LDAP request that may be modified without impacting this request.
DeliverSingleUseTokenExtendedRequest	duplicate(Control[] controls) Creates a new instance of this LDAP request that may be modified without impacting this request.
java.lang.String	getCompactTextAfterToken() Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.
java.lang.String	getCompactTextBeforeToken() Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.
java.lang.String	getExtendedRequestName() Retrieves the user-friendly name for the extended request, if available.
java.lang.String	getFullTextAfterToken() Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.
java.lang.String	getFullTextBeforeToken() Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.
java.lang.String	getMessageSubject() Retrieves the text (if any) that should be used as the message subject for delivery mechanisms that can make use of a subject.
java.util.List<ObjectPair<java.lang.String,java.lang.String>>	getPreferredDeliveryMechanisms() Retrieves a list of the preferred delivery mechanisms that should be used to provide the generated token to the target user.
java.lang.String	getTokenID() Retrieves an identifier for the token, which can differentiate between separate uses of this extended operation for different purposes, and should be provided when consuming the token via the ConsumeSingleUseTokenExtendedRequest.
java.lang.String	getUserDN() Retrieves the DN of the user for whom the token should be generated and delivered.
java.lang.Long	getValidityDurationMillis() Retrieves the maximum length of time in milliseconds that the generated token should be considered valid, if defined.
DeliverSingleUseTokenExtendedResult	process(LDAPConnection connection, int depth) Sends this extended request to the directory server over the provided connection and returns the associated response.
void	toString(java.lang.StringBuilder buffer) Appends a string representation of this request to the provided buffer.

Methods inherited from class com.unboundid.ldap.sdk.ExtendedRequest

encodeProtocolOp, getLastMessageID, getOID, getOperationType, getProtocolOpType, getValue, hasValue, responseReceived, toCode, writeTo

Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest

followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getReferralConnectorInternal, getReferralDepth, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setReferralDepth, setResponseTimeoutMillis, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DELIVER_SINGLE_USE_TOKEN_REQUEST_OID

@NotNull
public static final java.lang.String DELIVER_SINGLE_USE_TOKEN_REQUEST_OID

The OID (1.3.6.1.4.1.30221.2.6.49) for the deliver single-use token extended request.

See Also:

Constant Field Values

Constructor Detail

DeliverSingleUseTokenExtendedRequest

public DeliverSingleUseTokenExtendedRequest(@NotNull
                                            java.lang.String userDN,
                                            @NotNull
                                            java.lang.String tokenID,
                                            @Nullable
                                            java.lang.Long validityDurationMillis,
                                            @Nullable
                                            java.lang.String messageSubject,
                                            @Nullable
                                            java.lang.String fullTextBeforeToken,
                                            @Nullable
                                            java.lang.String fullTextAfterToken,
                                            @Nullable
                                            java.lang.String compactTextBeforeToken,
                                            @Nullable
                                            java.lang.String compactTextAfterToken,
                                            @Nullable
                                            java.util.List<ObjectPair<java.lang.String,java.lang.String>> preferredDeliveryMechanisms,
                                            boolean deliverIfPasswordExpired,
                                            boolean deliverIfAccountLocked,
                                            boolean deliverIfAccountDisabled,
                                            boolean deliverIfAccountExpired,
                                            @Nullable
                                            Control... controls)

Creates a new deliver single-use token extended request with the provided information.

Parameters:

userDN - The DN of the user for whom the token should be generated and delivered. It must not be null.

tokenID - An identifier for the token, which can differentiate between separate uses of this extended operation for different purposes. This token ID should be provided in the request to consume the token that has been delivered. It must not be null.

validityDurationMillis - The maximum length of time in milliseconds that the generated token should be considered valid. It may be null if the server should determine the token validity duration. If it is non-null, then the value must be greater than zero.

messageSubject - The text (if any) that should be used as the message subject if the delivery mechanism accepts a subject. This may be null if no subject is required or a subject should be automatically generated.

fullTextBeforeToken - The text (if any) that should appear before the generated single-use token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may be null if no text is required before the token.

fullTextAfterToken - The text (if any) that should appear after the generated single-use token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may be null if no text is required after the token.

compactTextBeforeToken - The text (if any) that should appear before the generated single-use token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may be null if no text is required before the token.

compactTextAfterToken - The text (if any) that should appear after the generated single-use token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may be null if no text is required after the token.

preferredDeliveryMechanisms - An optional list of the preferred delivery mechanisms that should be used to convey the token to the target user. It may be null or empty if the server should determine the delivery mechanisms to attempt. If a list of preferred delivery mechanisms is provided, the server will only attempt to deliver the token through these mechanisms, with attempts made in the order specified in this list.

deliverIfPasswordExpired - Indicates whether to generate and deliver a token if the target user's password is expired.

deliverIfAccountLocked - Indicates whether to generate and deliver a token if the target user's account is locked for some reason (e.g., too many failed authentication attempts, the account has been idle for too long, the user failed to change his/her password in a timely manner after an administrative reset, etc.).

deliverIfAccountDisabled - Indicates whether to generate and deliver a token if the target user's account has been disabled by an administrator.

deliverIfAccountExpired - Indicates whether to generate and deliver a token if the target user's account has expired.

controls - An optional set of controls to include in the request. It may be null or empty if no controls are required.

DeliverSingleUseTokenExtendedRequest

public DeliverSingleUseTokenExtendedRequest(@NotNull
                                            ExtendedRequest request)
                                     throws LDAPException

Decodes the provided extended request as a deliver single-use token extended request.

Parameters:

request - The extended request to decode as a deliver single-use token extended request.

Throws:

LDAPException - If the provided extended request cannot be decoded as a deliver single-use token request.

Method Detail

getUserDN

@NotNull
public java.lang.String getUserDN()

Retrieves the DN of the user for whom the token should be generated and delivered.

Returns:

The DN of the user for whom the token should be generated and delivered.

getTokenID

@NotNull
public java.lang.String getTokenID()

Retrieves an identifier for the token, which can differentiate between separate uses of this extended operation for different purposes, and should be provided when consuming the token via the ConsumeSingleUseTokenExtendedRequest.

Returns:

An identifier for the token.

getValidityDurationMillis

@Nullable
public java.lang.Long getValidityDurationMillis()

Retrieves the maximum length of time in milliseconds that the generated token should be considered valid, if defined. An attempt to consume the token after this length of time has elapsed will fail.

Returns:

The maximum length of time in milliseconds that the generated token should be considered valid, or null if the client did not specify a value and the token validity duration will be determined by the server.

getMessageSubject

@Nullable
public java.lang.String getMessageSubject()

Retrieves the text (if any) that should be used as the message subject for delivery mechanisms that can make use of a subject.

Returns:

The text that should be used as the message subject for delivery mechanisms that can make use of a subject, or null if no subject should be used, or if the delivery mechanism should attempt to automatically determine a subject.

getFullTextBeforeToken

@Nullable
public java.lang.String getFullTextBeforeToken()

Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.

Returns:

The text that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size, or null if there should not be any text before the token.

getFullTextAfterToken

@Nullable
public java.lang.String getFullTextAfterToken()

Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.

Returns:

The text that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size, or null if there should not be any text after the token.

getCompactTextBeforeToken

@Nullable
public java.lang.String getCompactTextBeforeToken()

Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.

Returns:

The text that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size, or null if there should not be any text before the token.

getCompactTextAfterToken

@Nullable
public java.lang.String getCompactTextAfterToken()

Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.

Returns:

The text that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size, or null if there should not be any text after the token.

getPreferredDeliveryMechanisms

@NotNull
public java.util.List<ObjectPair<java.lang.String,java.lang.String>> getPreferredDeliveryMechanisms()

Retrieves a list of the preferred delivery mechanisms that should be used to provide the generated token to the target user. If the returned list is empty, then the server will attempt to determine which mechanism(s) to use and in which order to try them. If this list is not empty, then the server will only attempt the specified mechanisms and in the order in which they are listed.

Returns:

A list of the preferred delivery mechanisms that should be used to provide the generated token to the target user, or an empty list if the server should determine the delivery mechanisms to attempt.

deliverIfPasswordExpired

public boolean deliverIfPasswordExpired()

Indicates whether to attempt to generate and deliver a token if the target user's password is expired.

Returns:

true if the server should attempt to deliver a token to a user with an expired password, or false if not.

deliverIfAccountLocked

public boolean deliverIfAccountLocked()

Indicates whether to attempt to generate and deliver a token if the target user's account is locked for some reason (e.g., because there have been too many failed authentication attempts, because the account has been idle for too long, or because the password was not changed soon enough after an administrative reset).

Returns:

true if the server should attempt to deliver a token to a user with a locked account, or false if not.

deliverIfAccountDisabled

public boolean deliverIfAccountDisabled()

Indicates whether to attempt to generate and deliver a token if the target user's account has been disabled by an administrator.

Returns:

true if the server should attempt to deliver a token to a user with a disabled account, or false if not.

deliverIfAccountExpired

public boolean deliverIfAccountExpired()

Indicates whether to attempt to generate and deliver a token if the target user's account has expired.

Returns:

true if the server should attempt to deliver a token to a user with an expired account, or false if not.

process

@NotNull
public DeliverSingleUseTokenExtendedResult process(@NotNull
                                                            LDAPConnection connection,
                                                            int depth)
                                                     throws LDAPException

Sends this extended request to the directory server over the provided connection and returns the associated response.

Overrides:

process in class ExtendedRequest

Parameters:

connection - The connection to use to communicate with the directory server.

depth - The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.

Returns:

An LDAP result object that provides information about the result of the extended operation processing.

Throws:

LDAPException - If a problem occurs while sending the request or reading the response.

duplicate

@NotNull
public DeliverSingleUseTokenExtendedRequest duplicate()

Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type..

Specified by:

duplicate in interface ReadOnlyLDAPRequest

Overrides:

duplicate in class ExtendedRequest

Returns:

A new instance of this LDAP request that may be modified without impacting this request.

duplicate

@NotNull
public DeliverSingleUseTokenExtendedRequest duplicate(@Nullable
                                                               Control[] controls)

Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type..

Specified by:

duplicate in interface ReadOnlyLDAPRequest

Overrides:

duplicate in class ExtendedRequest

Parameters:

controls - The set of controls to include in the duplicate request.

Returns:

A new instance of this LDAP request that may be modified without impacting this request.

getExtendedRequestName

@NotNull
public java.lang.String getExtendedRequestName()

Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.

Overrides:

getExtendedRequestName in class ExtendedRequest

Returns:

The user-friendly name for this extended request, or the OID if no user-friendly name is available.

toString

public void toString(@NotNull
                     java.lang.StringBuilder buffer)

Appends a string representation of this request to the provided buffer.

Specified by:

toString in interface ProtocolOp

Specified by:

toString in interface ReadOnlyLDAPRequest

Overrides:

toString in class ExtendedRequest

Parameters:

buffer - The buffer to which to append a string representation of this request.