Class AuthenticationStrategies

java.lang.Object
org.forgerock.opendj.rest2ldap.authz.AuthenticationStrategies

public final class AuthenticationStrategies extends Object
Factory methods of AuthenticationStrategy allowing to perform authentication against LDAP server through different method.
  • Method Details

    • newSimpleBindStrategy

      public static AuthenticationStrategy newSimpleBindStrategy(LdapClient ldapClient, String bindDNTemplate, Schema schema)
      Creates an AuthenticationStrategy performing simple BIND authentication against an LDAP server.
      Parameters:
      ldapClient - LdapClient to the LDAP server used to perform the bind operation.
      bindDNTemplate - Template of the DN to use for the bind operation. The first %s will be replaced by the provided authentication-id (i.e: uid=%s,dc=example,dc=com)
      schema - Schema used to validate the DN format.*
      Returns:
      a new simple bind AuthenticationStrategy
      Throws:
      NullPointerException - If a parameter is null
    • newSimpleBindStrategy

      public static AuthenticationStrategy newSimpleBindStrategy(LdapClient ldapClient, Function<String,Dn> dnMapper)
      Creates an AuthenticationStrategy performing simple BIND authentication against an LDAP server.
      Parameters:
      ldapClient - An LdapClient to the LDAP server used to perform the bind operation.
      dnMapper - A mapper that converts a String into a DN.
      Returns:
      a new simple bind AuthenticationStrategy
      Throws:
      NullPointerException - If a parameter is null
    • newSearchThenBindStrategy

      public static AuthenticationStrategy newSearchThenBindStrategy(LdapClient searchLdapClient, LdapClient bindLdapClient, Dn baseDN, SearchScope searchScope, String filterTemplate)
      Creates an AuthenticationStrategy performing authentication against an LDAP server by first performing a lookup of the entry to bind with. This is to find the user DN to bind with from its metadata (i.e: email address).
      Parameters:
      searchLdapClient - LdapClient to the LDAP server used to perform the lookup of the entry.
      bindLdapClient - LdapClient to the LDAP server used to perform the bind one the user's DN has been found. Can be the same than the searchConnectionFactory.
      baseDN - Base DN of the search request performed to find the user's DN.
      searchScope - SearchScope of the search request performed to find the user's DN.
      filterTemplate - Filter of the search request (i.e: (&(email=%s)(objectClass=inetOrgPerson)) where the first %s will be replaced by the user's provided authentication-id.
      Returns:
      a new search then bind AuthenticationStrategy
      Throws:
      NullPointerException - If a parameter is null
    • newSaslPlainStrategy

      public static AuthenticationStrategy newSaslPlainStrategy(LdapClient ldapClient, Schema schema, String authcIdTemplate)
      Creates an AuthenticationStrategy performing authentication against an LDAP server using a plain SASL bind request.
      Parameters:
      ldapClient - LdapClient to the LDAP server to authenticate with.
      authcIdTemplate - Authentication identity template containing a single %s which will be replaced by the authenticating user's name. (i.e: (u:%s)
      schema - Schema used to perform DN validation.
      Returns:
      a new SASL plain bind AuthenticationStrategy
      Throws:
      NullPointerException - If a parameter is null
    • newSaslScramStrategy

      public static AuthenticationStrategy newSaslScramStrategy(LdapClient ldapClient, ScramMechanism scramMechanism, Schema schema, String authcIdTemplate)
      Creates an AuthenticationStrategy performing authentication against an LDAP server using a SCRAM SASL bind request.
      Parameters:
      ldapClient - LdapClient to the LDAP server to authenticate with.
      scramMechanism - The SCRAM mechanism which should be used.
      schema - Schema used to perform DN validation.
      authcIdTemplate - Authentication identity template containing a single %s which will be replaced by the authenticating user's name. (i.e: (u:%s)
      Returns:
      a new SASL SCRAM bind AuthenticationStrategy
      Throws:
      NullPointerException - If a parameter is null