001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2006-2008 Sun Microsystems, Inc. 025 * Portions Copyright 2011-2015 ForgeRock AS 026 */ 027package org.opends.server.extensions; 028 029import org.forgerock.i18n.slf4j.LocalizedLogger; 030import org.forgerock.opendj.config.server.ConfigException; 031import org.forgerock.opendj.ldap.ByteString; 032import org.forgerock.opendj.ldap.ResultCode; 033import org.opends.server.admin.std.server.AnonymousSASLMechanismHandlerCfg; 034import org.opends.server.api.SASLMechanismHandler; 035import org.opends.server.core.BindOperation; 036import org.opends.server.core.DirectoryServer; 037import org.opends.server.types.AdditionalLogItem; 038import org.opends.server.types.AuthenticationInfo; 039import org.opends.server.types.InitializationException; 040 041import static org.opends.server.util.ServerConstants.*; 042 043/** 044 * This class provides an implementation of a SASL mechanism, as defined in RFC 045 * 4505, that does not perform any authentication. That is, anyone attempting 046 * to bind with this SASL mechanism will be successful and will be given the 047 * rights of an unauthenticated user. The request may or may not include a set 048 * of SASL credentials which will serve as trace information. If provided, 049 * then that trace information will be written to the server error log. 050 */ 051public class AnonymousSASLMechanismHandler 052 extends SASLMechanismHandler<AnonymousSASLMechanismHandlerCfg> 053{ 054 private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass(); 055 056 /** 057 * Creates a new instance of this SASL mechanism handler. No initialization 058 * should be done in this method, as it should all be performed in the 059 * <CODE>initializeSASLMechanismHandler</CODE> method. 060 */ 061 public AnonymousSASLMechanismHandler() 062 { 063 super(); 064 } 065 066 @Override 067 public void initializeSASLMechanismHandler(AnonymousSASLMechanismHandlerCfg configuration) 068 throws ConfigException, InitializationException 069 { 070 // No real implementation is required. Simply register with the Directory 071 // Server for the ANONYMOUS mechanism. 072 DirectoryServer.registerSASLMechanismHandler(SASL_MECHANISM_ANONYMOUS, this); 073 } 074 075 @Override 076 public void finalizeSASLMechanismHandler() 077 { 078 DirectoryServer.deregisterSASLMechanismHandler(SASL_MECHANISM_ANONYMOUS); 079 } 080 081 @Override 082 public void processSASLBind(BindOperation bindOperation) 083 { 084 // See if the client provided SASL credentials including trace information. 085 // If so, then write it to the access log as additional log information, and 086 // as an informational message to the error log. 087 ByteString saslCredentials = bindOperation.getSASLCredentials(); 088 if (saslCredentials != null) 089 { 090 String credString = saslCredentials.toString(); 091 if (credString.length() > 0) 092 { 093 bindOperation.addAdditionalLogItem(AdditionalLogItem.quotedKeyValue( 094 getClass(), "trace", credString)); 095 } 096 } 097 098 // Authenticate the client anonymously and indicate that the bind was successful. 099 AuthenticationInfo authInfo = new AuthenticationInfo(); 100 bindOperation.setAuthenticationInfo(authInfo); 101 bindOperation.setResultCode(ResultCode.SUCCESS); 102 } 103 104 @Override 105 public boolean isPasswordBased(String mechanism) 106 { 107 // This is not a password-based mechanism. 108 return false; 109 } 110 111 @Override 112 public boolean isSecure(String mechanism) 113 { 114 // This is not a secure mechanism. 115 return false; 116 } 117}