/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
* add the following below this CDDL HEADER, with the fields enclosed
|
* by brackets "[]" replaced with your own identifying information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2010 Sun Microsystems, Inc.
|
*/
|
package org.opends.sdk.controls;
|
|
|
|
import static com.sun.opends.sdk.messages.Messages.ERR_AUTHZIDRESP_CONTROL_BAD_OID;
|
import static com.sun.opends.sdk.messages.Messages.ERR_AUTHZIDRESP_NO_CONTROL_VALUE;
|
|
import org.opends.sdk.ByteString;
|
import org.opends.sdk.DecodeException;
|
import org.opends.sdk.DecodeOptions;
|
import org.opends.sdk.LocalizableMessage;
|
|
import com.sun.opends.sdk.util.Validator;
|
|
|
|
/**
|
* The authorization response control as defined in RFC 3829. The authorization
|
* identity control extends the Lightweight Directory Access Protocol (LDAP)
|
* bind operation with a mechanism for requesting and returning the
|
* authorization identity it establishes.
|
* <p>
|
* The authorization identity is specified using an authorization ID, or {@code
|
* authzId}, as defined in RFC 4513 section 5.2.1.8.
|
*
|
* @see AuthorizationIdentityRequestControl
|
* @see org.opends.sdk.requests.WhoAmIExtendedRequest
|
* @see <a href="http://tools.ietf.org/html/rfc3829">RFC 3829 - Lightweight
|
* Directory Access Protocol (LDAP) Authorization Identity Request and
|
* Response Controls </a>
|
* @see <a href="http://tools.ietf.org/html/rfc4532">RFC 4532 - Lightweight
|
* Directory Access Protocol (LDAP) "Who am I?" Operation </a>
|
* @see <a href="http://tools.ietf.org/html/rfc4513#section-5.2.1.8">RFC 4513 -
|
* SASL Authorization Identities (authzId) </a>
|
*/
|
public final class AuthorizationIdentityResponseControl implements Control
|
{
|
|
/**
|
* The OID for the authorization identity response control.
|
*/
|
public static final String OID = "2.16.840.1.113730.3.4.15";
|
|
|
|
/**
|
* Creates a new authorization identity response control using the provided
|
* authorization ID.
|
*
|
* @param authorizationID
|
* The authorization ID for this control.
|
* @return The new control.
|
* @throws NullPointerException
|
* If {@code authorizationID} was {@code null}.
|
*/
|
public static AuthorizationIdentityResponseControl newControl(
|
final String authorizationID) throws NullPointerException
|
{
|
return new AuthorizationIdentityResponseControl(false, authorizationID);
|
}
|
|
|
|
// The authorization ID for this control.
|
private final String authorizationID;
|
|
private final boolean isCritical;
|
|
/**
|
* A decoder which can be used for decoding the authorization identity
|
* response control.
|
*/
|
public static final ControlDecoder<AuthorizationIdentityResponseControl>
|
DECODER = new ControlDecoder<AuthorizationIdentityResponseControl>()
|
{
|
|
public AuthorizationIdentityResponseControl decodeControl(
|
final Control control, final DecodeOptions options)
|
throws DecodeException
|
{
|
Validator.ensureNotNull(control);
|
|
if (control instanceof AuthorizationIdentityResponseControl)
|
{
|
return (AuthorizationIdentityResponseControl) control;
|
}
|
|
if (!control.getOID().equals(OID))
|
{
|
final LocalizableMessage message = ERR_AUTHZIDRESP_CONTROL_BAD_OID.get(
|
control.getOID(), OID);
|
throw DecodeException.error(message);
|
}
|
|
if (!control.hasValue())
|
{
|
// The response control must always have a value.
|
final LocalizableMessage message = ERR_AUTHZIDRESP_NO_CONTROL_VALUE
|
.get();
|
throw DecodeException.error(message);
|
}
|
|
final String authID = control.getValue().toString();
|
return new AuthorizationIdentityResponseControl(control.isCritical(),
|
authID);
|
}
|
|
|
|
public String getOID()
|
{
|
return OID;
|
}
|
};
|
|
|
|
// Prevent direct instantiation.
|
private AuthorizationIdentityResponseControl(final boolean isCritical,
|
final String authorizationID)
|
{
|
Validator.ensureNotNull(authorizationID);
|
this.isCritical = isCritical;
|
this.authorizationID = authorizationID;
|
}
|
|
|
|
/**
|
* Returns the authorization ID of the user. The authorization ID usually has
|
* the form "dn:" immediately followed by the distinguished name of the user,
|
* or "u:" followed by a user ID string, but other forms are permitted.
|
*
|
* @return The authorization ID of the user.
|
*/
|
public String getAuthorizationID()
|
{
|
return authorizationID;
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public String getOID()
|
{
|
return OID;
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public ByteString getValue()
|
{
|
return ByteString.valueOf(authorizationID);
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public boolean hasValue()
|
{
|
return true;
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public boolean isCritical()
|
{
|
return isCritical;
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
@Override
|
public String toString()
|
{
|
final StringBuilder builder = new StringBuilder();
|
builder.append("AuthorizationIdentityResponseControl(oid=");
|
builder.append(getOID());
|
builder.append(", criticality=");
|
builder.append(isCritical());
|
builder.append(", authzID=\"");
|
builder.append(authorizationID);
|
builder.append("\")");
|
return builder.toString();
|
}
|
|
}
|
