Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.server.core.authn;
021
022
023import java.net.SocketAddress;
024
025import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
026import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
027import org.apache.directory.api.ldap.model.name.Dn;
028import org.apache.directory.server.core.api.LdapPrincipal;
029import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
030import org.apache.mina.core.session.IoSession;
031
032
033/**
034 * An {@link Authenticator} that handles SASL connections (X.501 authentication
035 * level <tt>'strong'</tt>).  The principal has been authenticated during SASL
036 * negotiation; therefore, no additional authentication is necessary in this
037 * {@link Authenticator}.
038 * 
039 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
040 */
041public class StrongAuthenticator extends AbstractAuthenticator
042{
043    /**
044     * Creates a new instance.
045     */
046    public StrongAuthenticator()
047    {
048        super( AuthenticationLevel.STRONG );
049    }
050
051
052    /**
053     * Creates a new instance of SaslAuthenticator.
054     * 
055     * @param baseDn The base Dn
056     */
057    public StrongAuthenticator( Dn baseDn )
058    {
059        super( AuthenticationLevel.STRONG, baseDn );
060    }
061
062
063    /**
064     * User has already been authenticated during SASL negotiation. Set the authentication level
065     * to strong and return an {@link LdapPrincipal}.
066     */
067    @Override
068    public LdapPrincipal authenticate( BindOperationContext bindContext ) throws LdapAuthenticationException
069    {
070        // Possibly check if user account is disabled, other account checks.
071        LdapPrincipal principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindContext.getDn(),
072            AuthenticationLevel.STRONG );
073
074        IoSession session = bindContext.getIoSession();
075
076        if ( session != null )
077        {
078            SocketAddress clientAddress = session.getRemoteAddress();
079            principal.setClientAddress( clientAddress );
080            SocketAddress serverAddress = session.getServiceAddress();
081            principal.setServerAddress( serverAddress );
082        }
083
084        return principal;
085    }
086}