|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.unboundid.ldap.sdk.LDAPRequest
com.unboundid.ldap.sdk.BindRequest
com.unboundid.ldap.sdk.SASLBindRequest
com.unboundid.ldap.sdk.unboundidds.UnboundIDTOTPBindRequest
@NotExtensible @ThreadSafety(level=NOT_THREADSAFE) public abstract class UnboundIDTOTPBindRequest
NOTE: This class is part of the Commercial Edition of the UnboundID LDAP SDK for Java. It is not available for use in applications that include only the Standard Edition of the LDAP SDK, and is not supported for use in conjunction with non-UnboundID products.This class provides support for an UnboundID-proprietary SASL mechanism that uses the time-based one-time password mechanism (TOTP) as described in RFC 6238, optionally (based on the server configuration) in conjunction with a static password for a form of multifactor authentication.
UnboundIDTOTPCredentials ::= SEQUENCE { authenticationID [0] OCTET STRING, authorizationID [1] OCTET STRING OPTIONAL, totpPassword [2] OCTET STRING, staticPassword [3] OCTET STRING OPTIONAL }
SingleUseTOTPBindRequest
class may be used for
cases in which the one-time password will be obtained from an external source
(e.g., provided by the user, perhaps using the Google Authenticator
application), and the ReusableTOTPBindRequest
class may be used for
cases in which the one-time password should be generated by the LDAP SDK
itself. Because the SingleUseTOTPBindRequest
class contains a
point-in-time password, it cannot be used for re-authentication (e.g., for
use with a connection pool, following referrals, or with the auto-reconnect
feature). If TOTP authentication should be used in contexts where one or
more of these may be needed, then the dynamic variant should be used.
Field Summary | |
---|---|
static java.lang.String |
UNBOUNDID_TOTP_MECHANISM_NAME
The name for the UnboundID TOTP SASL mechanism. |
Fields inherited from class com.unboundid.ldap.sdk.SASLBindRequest |
---|
CRED_TYPE_SASL |
Fields inherited from class com.unboundid.ldap.sdk.BindRequest |
---|
VERSION_ELEMENT |
Constructor Summary | |
---|---|
protected |
UnboundIDTOTPBindRequest(java.lang.String authenticationID,
java.lang.String authorizationID,
ASN1OctetString staticPassword,
Control... controls)
Creates a new TOTP bind request with the provided information. |
protected |
UnboundIDTOTPBindRequest(java.lang.String authenticationID,
java.lang.String authorizationID,
byte[] staticPassword,
Control... controls)
Creates a new TOTP bind request with the provided information. |
protected |
UnboundIDTOTPBindRequest(java.lang.String authenticationID,
java.lang.String authorizationID,
java.lang.String staticPassword,
Control... controls)
Creates a new TOTP bind request with the provided information. |
Method Summary | |
---|---|
static ASN1OctetString |
encodeCredentials(java.lang.String authenticationID,
java.lang.String authorizationID,
java.lang.String totpPassword,
ASN1OctetString staticPassword)
Encodes the provided information in a form suitable for inclusion in an UNBOUNDID-TOTP SASL bind request. |
java.lang.String |
getAuthenticationID()
Retrieves the authentication ID for the bind request. |
java.lang.String |
getAuthorizationID()
Retrieves the authorization ID for the bind request, if one was provided. |
int |
getLastMessageID()
Retrieves the message ID for the last LDAP message sent using this request. |
protected abstract ASN1OctetString |
getSASLCredentials()
Retrieves the encoded SASL credentials that may be included in an UNBOUNDID-TOTP SASL bind request. |
java.lang.String |
getSASLMechanismName()
Retrieves the name of the SASL mechanism used in this SASL bind request. |
ASN1OctetString |
getStaticPassword()
Retrieves the static password for the bind request, if one was provided. |
protected BindResult |
process(LDAPConnection connection,
int depth)
Sends this bind request to the target server over the provided connection and returns the corresponding response. |
void |
toString(java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer. |
Methods inherited from class com.unboundid.ldap.sdk.SASLBindRequest |
---|
getBindType, responseReceived, sendBindRequest, sendMessage |
Methods inherited from class com.unboundid.ldap.sdk.BindRequest |
---|
duplicate, duplicate, getOperationType, getRebindRequest |
Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest |
---|
followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setResponseTimeoutMillis, toString |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String UNBOUNDID_TOTP_MECHANISM_NAME
Constructor Detail |
---|
protected UnboundIDTOTPBindRequest(java.lang.String authenticationID, java.lang.String authorizationID, java.lang.String staticPassword, Control... controls)
authenticationID
- The authentication identity for the bind request.
It must not be null
, and must be in the
form "u:" followed by a username, or "dn:"
followed by a DN.authorizationID
- The authorization identity for the bind request.
It may be null
if the authorization
identity should be the same as the authentication
identity. If an authorization identity is
specified, it must be in the form "u:" followed
by a username, or "dn:" followed by a DN. The
value "dn:" may indicate an authorization
identity of the anonymous user.staticPassword
- The static password for the target user. It may
be null
if only the one-time password is
to be used for authentication (which may or may
not be allowed by the server).controls
- The set of controls to include in the bind
request.protected UnboundIDTOTPBindRequest(java.lang.String authenticationID, java.lang.String authorizationID, byte[] staticPassword, Control... controls)
authenticationID
- The authentication identity for the bind request.
It must not be null
, and must be in the
form "u:" followed by a username, or "dn:"
followed by a DN.authorizationID
- The authorization identity for the bind request.
It may be null
if the authorization
identity should be the same as the authentication
identity. If an authorization identity is
specified, it must be in the form "u:" followed
by a username, or "dn:" followed by a DN. The
value "dn:" may indicate an authorization
identity of the anonymous user.staticPassword
- The static password for the target user. It may
be null
if only the one-time password is
to be used for authentication (which may or may
not be allowed by the server).controls
- The set of controls to include in the bind
request.protected UnboundIDTOTPBindRequest(java.lang.String authenticationID, java.lang.String authorizationID, ASN1OctetString staticPassword, Control... controls)
authenticationID
- The authentication identity for the bind request.
It must not be null
, and must be in the
form "u:" followed by a username, or "dn:"
followed by a DN.authorizationID
- The authorization identity for the bind request.
It may be null
if the authorization
identity should be the same as the authentication
identity. If an authorization identity is
specified, it must be in the form "u:" followed
by a username, or "dn:" followed by a DN. The
value "dn:" may indicate an authorization
identity of the anonymous user.staticPassword
- The static password for the target user. It may
be null
if only the one-time password is
to be used for authentication (which may or may
not be allowed by the server). If it is
non-null
, then it must have the
appropriate BER type.controls
- The set of controls to include in the bind
request.Method Detail |
---|
public final java.lang.String getAuthenticationID()
public final java.lang.String getAuthorizationID()
null
if the
authorization ID should be the same as the authentication ID.public final ASN1OctetString getStaticPassword()
null
if no
static password was provided and only the one-time password should
be used for authentication.public final java.lang.String getSASLMechanismName()
getSASLMechanismName
in class SASLBindRequest
protected final BindResult process(LDAPConnection connection, int depth) throws LDAPException
process
in class BindRequest
connection
- The connection to use to send this bind request to the
server and read the associated response.depth
- The current referral depth for this request. It should
always be one for the initial request, and should only
be incremented when following referrals.
LDAPException
- If a problem occurs while sending the request or
reading the response.protected abstract ASN1OctetString getSASLCredentials() throws LDAPException
LDAPException
- If a problem is encountered while attempting to
obtain the encoded credentials.public static ASN1OctetString encodeCredentials(java.lang.String authenticationID, java.lang.String authorizationID, java.lang.String totpPassword, ASN1OctetString staticPassword)
authenticationID
- The authentication identity for the bind request.
It must not be null
, and must be in the
form "u:" followed by a username, or "dn:"
followed by a DN.authorizationID
- The authorization identity for the bind request.
It may be null
if the authorization
identity should be the same as the authentication
identity. If an authorization identity is
specified, it must be in the form "u:" followed
by a username, or "dn:" followed by a DN. The
value "dn:" may indicate an authorization
identity of the anonymous user.totpPassword
- The TOTP password to include in the bind request.
It must not be null
.staticPassword
- The static password for the target user. It may
be null
if only the one-time password is
to be used for authentication (which may or may
not be allowed by the server).
public final int getLastMessageID()
getLastMessageID
in class SASLBindRequest
public final void toString(java.lang.StringBuilder buffer)
toString
in interface ReadOnlyLDAPRequest
toString
in class LDAPRequest
buffer
- The buffer to which to append a string representation of
this request.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |