001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.core.authn; 021 022 023 import javax.naming.NamingException; 024 025 import org.apache.directory.server.core.LdapPrincipal; 026 import org.apache.directory.server.core.interceptor.context.BindOperationContext; 027 import org.apache.directory.shared.ldap.constants.AuthenticationLevel; 028 029 030 /** 031 * An {@link Authenticator} that handles SASL connections (X.501 authentication 032 * level <tt>'strong'</tt>). The principal has been authenticated during SASL 033 * negotiation; therefore, no additional authentication is necessary in this 034 * {@link Authenticator}. 035 * 036 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 037 * @version $Rev$, $Date$ 038 */ 039 public class StrongAuthenticator extends AbstractAuthenticator 040 { 041 /** 042 * Creates a new instance of SaslAuthenticator. 043 */ 044 public StrongAuthenticator() 045 { 046 super( AuthenticationLevel.STRONG.toString() ); 047 } 048 049 050 /** 051 * User has already been authenticated during SASL negotiation. Set the authentication level 052 * to strong and return an {@link LdapPrincipal}. 053 */ 054 public LdapPrincipal authenticate( BindOperationContext opContext ) throws NamingException 055 { 056 // Possibly check if user account is disabled, other account checks. 057 return new LdapPrincipal( opContext.getDn(), AuthenticationLevel.STRONG ); 058 } 059 }