001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2006-2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.extensions; 028 029 030 031 import org.opends.messages.MessageBuilder; 032 import org.opends.server.admin.std.server.AnonymousSASLMechanismHandlerCfg; 033 import org.opends.server.api.SASLMechanismHandler; 034 import org.opends.server.config.ConfigException; 035 import org.opends.server.core.BindOperation; 036 import org.opends.server.core.DirectoryServer; 037 import org.opends.server.types.AuthenticationInfo; 038 import org.opends.server.types.ByteString; 039 import org.opends.server.types.InitializationException; 040 import org.opends.server.types.ResultCode; 041 042 import static org.opends.messages.ExtensionMessages.*; 043 import static org.opends.server.loggers.ErrorLogger.*; 044 import static org.opends.server.util.ServerConstants.*; 045 046 047 048 /** 049 * This class provides an implementation of a SASL mechanism, as defined in RFC 050 * 4505, that does not perform any authentication. That is, anyone attempting 051 * to bind with this SASL mechanism will be successful and will be given the 052 * rights of an unauthenticated user. The request may or may not include a set 053 * of SASL credentials which will serve as trace information. If provided, 054 * then that trace information will be written to the server error log. 055 */ 056 public class AnonymousSASLMechanismHandler 057 extends SASLMechanismHandler<AnonymousSASLMechanismHandlerCfg> 058 { 059 /** 060 * Creates a new instance of this SASL mechanism handler. No initialization 061 * should be done in this method, as it should all be performed in the 062 * <CODE>initializeSASLMechanismHandler</CODE> method. 063 */ 064 public AnonymousSASLMechanismHandler() 065 { 066 super(); 067 } 068 069 070 071 /** 072 * {@inheritDoc} 073 */ 074 @Override() 075 public void initializeSASLMechanismHandler(AnonymousSASLMechanismHandlerCfg 076 configuration) 077 throws ConfigException, InitializationException 078 { 079 // No real implementation is required. Simply register with the Directory 080 // Server for the ANONYMOUS mechanism. 081 DirectoryServer.registerSASLMechanismHandler(SASL_MECHANISM_ANONYMOUS, 082 this); 083 } 084 085 086 087 /** 088 * {@inheritDoc} 089 */ 090 @Override() 091 public void finalizeSASLMechanismHandler() 092 { 093 DirectoryServer.deregisterSASLMechanismHandler(SASL_MECHANISM_ANONYMOUS); 094 } 095 096 097 098 099 /** 100 * {@inheritDoc} 101 */ 102 @Override() 103 public void processSASLBind(BindOperation bindOperation) 104 { 105 // See if the client provided SASL credentials including trace information. 106 // If so, then write it to the access log as additional log information, and 107 // as an informational message to the error log. 108 ByteString saslCredentials = bindOperation.getSASLCredentials(); 109 if (saslCredentials != null) 110 { 111 String credString = saslCredentials.stringValue(); 112 if (credString.length() > 0) 113 { 114 MessageBuilder mb = new MessageBuilder(); 115 mb.append("trace='"); 116 mb.append(credString); 117 mb.append("'"); 118 bindOperation.appendAdditionalLogMessage(mb.toMessage()); 119 120 logError(INFO_SASLANONYMOUS_TRACE. 121 get(bindOperation.getConnectionID(), bindOperation.getOperationID(), 122 credString)); 123 124 } 125 } 126 127 128 // Authenticate the client anonymously and indicate that the bind was 129 // successful. 130 AuthenticationInfo authInfo = new AuthenticationInfo(); 131 bindOperation.setAuthenticationInfo(authInfo); 132 bindOperation.setResultCode(ResultCode.SUCCESS); 133 } 134 135 136 137 /** 138 * {@inheritDoc} 139 */ 140 @Override() 141 public boolean isPasswordBased(String mechanism) 142 { 143 // This is not a password-based mechanism. 144 return false; 145 } 146 147 148 149 /** 150 * {@inheritDoc} 151 */ 152 @Override() 153 public boolean isSecure(String mechanism) 154 { 155 // This is not a secure mechanism. 156 return false; 157 } 158 } 159