com.unboundid.util
Class SASLUtils

java.lang.Object
  extended by com.unboundid.util.SASLUtils

@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class SASLUtils
extends java.lang.Object

This class provides a utility that may be used to help process SASL bind operations using the LDAP SDK.


Field Summary
static java.lang.String SASL_OPTION_AUTH_ID
          The name of the SASL option that specifies the authentication ID.
static java.lang.String SASL_OPTION_AUTHZ_ID
          The name of the SASL option that specifies the authorization ID.
static java.lang.String SASL_OPTION_CONFIG_FILE
          The name of the SASL option that specifies the path to the JAAS config file.
static java.lang.String SASL_OPTION_DEBUG
          The name of the SASL option that indicates whether debugging should be enabled.
static java.lang.String SASL_OPTION_KDC_ADDRESS
          The name of the SASL option that specifies the KDC address.
static java.lang.String SASL_OPTION_MECHANISM
          The name of the SASL option that specifies the desired SASL mechanism to use to authenticate to the server.
static java.lang.String SASL_OPTION_PROTOCOL
          The name of the SASL option that specifies the GSSAPI service principal protocol.
static java.lang.String SASL_OPTION_QOP
          The name of the SASL option that specifies the quality of protection that should be used for communication that occurs after the authentication has completed.
static java.lang.String SASL_OPTION_REALM
          The name of the SASL option that specifies the realm name.
static java.lang.String SASL_OPTION_RENEW_TGT
          The name of the SASL option that indicates whether to attempt to renew the Kerberos TGT for an existing session.
static java.lang.String SASL_OPTION_REQUIRE_CACHE
          The name of the SASL option that indicates whether to require an existing Kerberos session from the ticket cache.
static java.lang.String SASL_OPTION_TICKET_CACHE_PATH
          The name of the SASL option that specifies the path to the Kerberos ticket cache to use.
static java.lang.String SASL_OPTION_TRACE
          The name of the SASL option that specifies the trace string.
static java.lang.String SASL_OPTION_USE_TICKET_CACHE
          The name of the SASL option that specifies whether to use a Kerberos ticket cache.
 
Method Summary
static SASLBindRequest createBindRequest(java.lang.String bindDN, byte[] password, java.lang.String mechanism, java.util.List<java.lang.String> options, Control... controls)
          Creates a new SASL bind request using the provided information.
static SASLBindRequest createBindRequest(java.lang.String bindDN, byte[] password, java.lang.String mechanism, java.lang.String... options)
          Creates a new SASL bind request using the provided information.
static SASLBindRequest createBindRequest(java.lang.String bindDN, java.lang.String password, java.lang.String mechanism, java.util.List<java.lang.String> options, Control... controls)
          Creates a new SASL bind request using the provided information.
static SASLBindRequest createBindRequest(java.lang.String bindDN, java.lang.String password, java.lang.String mechanism, java.lang.String... options)
          Creates a new SASL bind request using the provided information.
static void ensureNoUnsupportedOptions(java.util.Map<java.lang.String,java.lang.String> options, java.lang.String mechanism)
          Ensures that the provided map is empty, and will throw an exception if it isn't.
static SASLMechanismInfo getSASLMechanismInfo(java.lang.String mechanism)
          Retrieves information about the specified SASL mechanism.
static java.util.List<SASLMechanismInfo> getSupportedSASLMechanisms()
          Retrieves information about the SASL mechanisms supported for use by this class.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SASL_OPTION_AUTH_ID

public static final java.lang.String SASL_OPTION_AUTH_ID
The name of the SASL option that specifies the authentication ID. It may be used in conjunction with the CRAM-MD5, DIGEST-MD5, GSSAPI, and PLAIN mechanisms.

See Also:
Constant Field Values

SASL_OPTION_AUTHZ_ID

public static final java.lang.String SASL_OPTION_AUTHZ_ID
The name of the SASL option that specifies the authorization ID. It may be used in conjunction with the DIGEST-MD5, GSSAPI, and PLAIN mechanisms.

See Also:
Constant Field Values

SASL_OPTION_CONFIG_FILE

public static final java.lang.String SASL_OPTION_CONFIG_FILE
The name of the SASL option that specifies the path to the JAAS config file. It may be used in conjunction with the GSSAPI mechanism.

See Also:
Constant Field Values

SASL_OPTION_DEBUG

public static final java.lang.String SASL_OPTION_DEBUG
The name of the SASL option that indicates whether debugging should be enabled. It may be used in conjunction with the GSSAPI mechanism.

See Also:
Constant Field Values

SASL_OPTION_KDC_ADDRESS

public static final java.lang.String SASL_OPTION_KDC_ADDRESS
The name of the SASL option that specifies the KDC address. It may be used in conjunction with the GSSAPI mechanism.

See Also:
Constant Field Values

SASL_OPTION_MECHANISM

public static final java.lang.String SASL_OPTION_MECHANISM
The name of the SASL option that specifies the desired SASL mechanism to use to authenticate to the server.

See Also:
Constant Field Values

SASL_OPTION_PROTOCOL

public static final java.lang.String SASL_OPTION_PROTOCOL
The name of the SASL option that specifies the GSSAPI service principal protocol. It may be used in conjunction with the GSSAPI mechanism.

See Also:
Constant Field Values

SASL_OPTION_QOP

public static final java.lang.String SASL_OPTION_QOP
The name of the SASL option that specifies the quality of protection that should be used for communication that occurs after the authentication has completed.

See Also:
Constant Field Values

SASL_OPTION_REALM

public static final java.lang.String SASL_OPTION_REALM
The name of the SASL option that specifies the realm name. It may be used in conjunction with the DIGEST-MD5 and GSSAPI mechanisms.

See Also:
Constant Field Values

SASL_OPTION_REQUIRE_CACHE

public static final java.lang.String SASL_OPTION_REQUIRE_CACHE
The name of the SASL option that indicates whether to require an existing Kerberos session from the ticket cache. It may be used in conjunction with the GSSAPI mechanism.

See Also:
Constant Field Values

SASL_OPTION_RENEW_TGT

public static final java.lang.String SASL_OPTION_RENEW_TGT
The name of the SASL option that indicates whether to attempt to renew the Kerberos TGT for an existing session. It may be used in conjunction with the GSSAPI mechanism.

See Also:
Constant Field Values

SASL_OPTION_TICKET_CACHE_PATH

public static final java.lang.String SASL_OPTION_TICKET_CACHE_PATH
The name of the SASL option that specifies the path to the Kerberos ticket cache to use. It may be used in conjunction with the GSSAPI mechanism.

See Also:
Constant Field Values

SASL_OPTION_TRACE

public static final java.lang.String SASL_OPTION_TRACE
The name of the SASL option that specifies the trace string. It may be used in conjunction with the ANONYMOUS mechanism.

See Also:
Constant Field Values

SASL_OPTION_USE_TICKET_CACHE

public static final java.lang.String SASL_OPTION_USE_TICKET_CACHE
The name of the SASL option that specifies whether to use a Kerberos ticket cache. It may be used in conjunction with the GSSAPI mechanism.

See Also:
Constant Field Values
Method Detail

getSupportedSASLMechanisms

public static java.util.List<SASLMechanismInfo> getSupportedSASLMechanisms()
Retrieves information about the SASL mechanisms supported for use by this class.

Returns:
Information about the SASL mechanisms supported for use by this class.

getSASLMechanismInfo

public static SASLMechanismInfo getSASLMechanismInfo(java.lang.String mechanism)
Retrieves information about the specified SASL mechanism.

Parameters:
mechanism - The name of the SASL mechanism for which to retrieve information. It will not be treated in a case-sensitive manner.
Returns:
Information about the requested SASL mechanism, or null if no information about the specified mechanism is available.

createBindRequest

public static SASLBindRequest createBindRequest(java.lang.String bindDN,
                                                java.lang.String password,
                                                java.lang.String mechanism,
                                                java.lang.String... options)
                                         throws LDAPException
Creates a new SASL bind request using the provided information.

Parameters:
bindDN - The bind DN to use for the SASL bind request. For most SASL mechanisms, this should be null, since the identity of the target user should be specified in some other way (e.g., via an "authID" SASL option).
password - The password to use for the SASL bind request. It may be null if no password is required for the desired SASL mechanism.
mechanism - The name of the SASL mechanism to use. It may be null if the provided set of options contains a "mech" option to specify the desired SASL option.
options - The set of SASL options to use when creating the bind request, in the form "name=value". It may be null or empty if no SASL options are needed and a value was provided for the mechanism argument. If the set of SASL options includes a "mech" option, then the mechanism argument must be null or have a value that matches the value of the "mech" SASL option.
Returns:
The SASL bind request created using the provided information.
Throws:
LDAPException - If a problem is encountered while trying to create the SASL bind request.

createBindRequest

public static SASLBindRequest createBindRequest(java.lang.String bindDN,
                                                java.lang.String password,
                                                java.lang.String mechanism,
                                                java.util.List<java.lang.String> options,
                                                Control... controls)
                                         throws LDAPException
Creates a new SASL bind request using the provided information.

Parameters:
bindDN - The bind DN to use for the SASL bind request. For most SASL mechanisms, this should be null, since the identity of the target user should be specified in some other way (e.g., via an "authID" SASL option).
password - The password to use for the SASL bind request. It may be null if no password is required for the desired SASL mechanism.
mechanism - The name of the SASL mechanism to use. It may be null if the provided set of options contains a "mech" option to specify the desired SASL option.
options - The set of SASL options to use when creating the bind request, in the form "name=value". It may be null or empty if no SASL options are needed and a value was provided for the mechanism argument. If the set of SASL options includes a "mech" option, then the mechanism argument must be null or have a value that matches the value of the "mech" SASL option.
controls - The set of controls to include in the request.
Returns:
The SASL bind request created using the provided information.
Throws:
LDAPException - If a problem is encountered while trying to create the SASL bind request.

createBindRequest

public static SASLBindRequest createBindRequest(java.lang.String bindDN,
                                                byte[] password,
                                                java.lang.String mechanism,
                                                java.lang.String... options)
                                         throws LDAPException
Creates a new SASL bind request using the provided information.

Parameters:
bindDN - The bind DN to use for the SASL bind request. For most SASL mechanisms, this should be null, since the identity of the target user should be specified in some other way (e.g., via an "authID" SASL option).
password - The password to use for the SASL bind request. It may be null if no password is required for the desired SASL mechanism.
mechanism - The name of the SASL mechanism to use. It may be null if the provided set of options contains a "mech" option to specify the desired SASL option.
options - The set of SASL options to use when creating the bind request, in the form "name=value". It may be null or empty if no SASL options are needed and a value was provided for the mechanism argument. If the set of SASL options includes a "mech" option, then the mechanism argument must be null or have a value that matches the value of the "mech" SASL option.
Returns:
The SASL bind request created using the provided information.
Throws:
LDAPException - If a problem is encountered while trying to create the SASL bind request.

createBindRequest

public static SASLBindRequest createBindRequest(java.lang.String bindDN,
                                                byte[] password,
                                                java.lang.String mechanism,
                                                java.util.List<java.lang.String> options,
                                                Control... controls)
                                         throws LDAPException
Creates a new SASL bind request using the provided information.

Parameters:
bindDN - The bind DN to use for the SASL bind request. For most SASL mechanisms, this should be null, since the identity of the target user should be specified in some other way (e.g., via an "authID" SASL option).
password - The password to use for the SASL bind request. It may be null if no password is required for the desired SASL mechanism.
mechanism - The name of the SASL mechanism to use. It may be null if the provided set of options contains a "mech" option to specify the desired SASL option.
options - The set of SASL options to use when creating the bind request, in the form "name=value". It may be null or empty if no SASL options are needed and a value was provided for the mechanism argument. If the set of SASL options includes a "mech" option, then the mechanism argument must be null or have a value that matches the value of the "mech" SASL option.
controls - The set of controls to include in the request.
Returns:
The SASL bind request created using the provided information.
Throws:
LDAPException - If a problem is encountered while trying to create the SASL bind request.

ensureNoUnsupportedOptions

@InternalUseOnly
public static void ensureNoUnsupportedOptions(java.util.Map<java.lang.String,java.lang.String> options,
                                                              java.lang.String mechanism)
                                       throws LDAPException
Ensures that the provided map is empty, and will throw an exception if it isn't. This method is intended for internal use only.

Parameters:
options - The map of options to ensure is empty.
mechanism - The associated SASL mechanism.
Throws:
LDAPException - If the map of SASL options is not empty.