001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.core.authn; 021 022 023 import javax.naming.Context; 024 025 import org.apache.directory.server.core.DirectoryService; 026 import org.apache.directory.server.core.LdapPrincipal; 027 import org.apache.directory.server.core.interceptor.context.BindOperationContext; 028 import org.apache.directory.server.core.partition.DefaultPartitionNexus; 029 import org.apache.directory.shared.ldap.name.DN; 030 031 032 /** 033 * Authenticates users who access {@link DefaultPartitionNexus}. 034 * <p> 035 * {@link Authenticator}s are registered to and configured by 036 * {@link AuthenticationInterceptor} interceptor. 037 * <p> 038 * {@link AuthenticationInterceptor} authenticates users by calling 039 * {@link #authenticate(DN,ServerContext)}, and then {@link Authenticator} 040 * checks JNDI {@link Context} environment properties 041 * ({@link Context#SECURITY_PRINCIPAL} and {@link Context#SECURITY_CREDENTIALS}) 042 * of current {@link Context}. 043 * 044 * @see AbstractAuthenticator 045 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 046 * @version $Rev: 918766 $ 047 */ 048 public interface Authenticator 049 { 050 /** 051 * Returns the type of this authenticator (e.g. <tt>'simple'</tt>, 052 * <tt>'none'</tt>,...). 053 */ 054 String getAuthenticatorType(); 055 056 057 /** 058 * Called by {@link AuthenticationInterceptor} to indicate that this 059 * authenticator is being placed into service. 060 */ 061 public void init( DirectoryService directoryService ) throws Exception; 062 063 064 /** 065 * Called by {@link AuthenticationInterceptor} to indicate that this 066 * authenticator is being removed from service. 067 */ 068 void destroy(); 069 070 071 /** 072 * Callback used to respond to password changes by invalidating a password 073 * cache if implemented. This is an additional feature of an authenticator 074 * which need not be implemented: empty implementation is sufficient. This 075 * is called on every del, modify, and modifyRdn operation. 076 * 077 * @param bindDn the already normalized distinguished name of the bind principal 078 */ 079 void invalidateCache( DN bindDn ); 080 081 082 /** 083 * Performs authentication and returns the principal if succeeded. 084 */ 085 public LdapPrincipal authenticate( BindOperationContext opContext ) throws Exception; 086 }