001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.core.authn; 021 022 023import java.net.SocketAddress; 024 025import org.apache.directory.api.ldap.model.constants.AuthenticationLevel; 026import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException; 027import org.apache.directory.api.ldap.model.name.Dn; 028import org.apache.directory.server.core.api.LdapPrincipal; 029import org.apache.directory.server.core.api.interceptor.context.BindOperationContext; 030import org.apache.mina.core.session.IoSession; 031 032 033/** 034 * An {@link Authenticator} that handles SASL connections (X.501 authentication 035 * level <tt>'strong'</tt>). The principal has been authenticated during SASL 036 * negotiation; therefore, no additional authentication is necessary in this 037 * {@link Authenticator}. 038 * 039 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 040 */ 041public class StrongAuthenticator extends AbstractAuthenticator 042{ 043 /** 044 * Creates a new instance. 045 */ 046 public StrongAuthenticator() 047 { 048 super( AuthenticationLevel.STRONG ); 049 } 050 051 052 /** 053 * Creates a new instance of SaslAuthenticator. 054 * 055 * @param baseDn The base Dn 056 */ 057 public StrongAuthenticator( Dn baseDn ) 058 { 059 super( AuthenticationLevel.STRONG, baseDn ); 060 } 061 062 063 /** 064 * User has already been authenticated during SASL negotiation. Set the authentication level 065 * to strong and return an {@link LdapPrincipal}. 066 */ 067 @Override 068 public LdapPrincipal authenticate( BindOperationContext bindContext ) throws LdapAuthenticationException 069 { 070 // Possibly check if user account is disabled, other account checks. 071 LdapPrincipal principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindContext.getDn(), 072 AuthenticationLevel.STRONG ); 073 074 IoSession session = bindContext.getIoSession(); 075 076 if ( session != null ) 077 { 078 SocketAddress clientAddress = session.getRemoteAddress(); 079 principal.setClientAddress( clientAddress ); 080 SocketAddress serverAddress = session.getServiceAddress(); 081 principal.setServerAddress( serverAddress ); 082 } 083 084 return principal; 085 } 086}