com.sun.jndi.ldap.ctl
Class ProxiedAuthorizationControl
java.lang.Object
com.sun.jndi.ldap.BasicControl
com.sun.jndi.ldap.ctl.ProxiedAuthorizationControl
- All Implemented Interfaces:
- java.io.Serializable, javax.naming.ldap.Control
public class ProxiedAuthorizationControl
- extends com.sun.jndi.ldap.BasicControl
This class implements the LDAP request control for proxied authorization.
This control is used to request that the accompanying operation be
performed using the supplied authorization identity, overriding any
existing authorization identity.
The control may be included in any LDAP operation except in those that
cause change in authentication, authorization or data confidentiality, such
as bind and startTLS.
The Proxied Authorization control is defined in draft-weltman-ldapv3-proxy-12.
The object identifier for the Proxied Authorization control is 2.16.840.1.113730.3.4.18
and the control value is the authorization identity to be used. The control
value is empty if anonymous identity is to be used. The control's value has
the following ASN.1 definition:
ProxiedAuth ::= LDAPString ; containing an authzId as defined in RFC 2829
; or an empty value
authzId = dnAuthzId / uAuthzId
; distinguished-name-based authz id.
dnAuthzId = "dn:" dn
dn = utf8string ; with syntax defined in RFC 2253
; unspecified userid, UTF-8 encoded.
uAuthzId = "u:" userid
userid = utf8string ; syntax unspecified
The following code sample shows how the control may be used:
// create an initial context using the supplied environment properties
LdapContext ctx = new InitialLdapContext(env, null);
// examine the authorization identity and set the appropriate prefix
String authzId = isDN(authzId) ? "dn:" + authzId : "u:" + authzId;
// activate the control
ctx.setRequestControls(new Control[] {
new ProxiedAuthorizationControl(authzId)
};
// perform an operation using the authorization identity
ctx.getAttributes("");
- Author:
- Vincent Ryan
- See Also:
AuthorizationIDControl
,
WhoAmIRequest
,
Serialized Form
Field Summary |
static java.lang.String |
OID
The proxied authorization control's assigned object identifier is
2.16.840.1.113730.3.4.18. |
private static long |
serialVersionUID
|
Fields inherited from class com.sun.jndi.ldap.BasicControl |
criticality, id, value |
Fields inherited from interface javax.naming.ldap.Control |
CRITICAL, NONCRITICAL |
Constructor Summary |
ProxiedAuthorizationControl(java.lang.String authzId)
Constructs a control to perform an operation using the supplied
authorization identity. |
Method Summary |
private static byte[] |
setEncodedValue(java.lang.String authzId)
|
Methods inherited from class com.sun.jndi.ldap.BasicControl |
getEncodedValue, getID, isCritical |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
OID
public static final java.lang.String OID
- The proxied authorization control's assigned object identifier is
2.16.840.1.113730.3.4.18.
- See Also:
- Constant Field Values
ProxiedAuthorizationControl
public ProxiedAuthorizationControl(java.lang.String authzId)
throws java.io.IOException
- Constructs a control to perform an operation using the supplied
authorization identity. The control is always marked critical.
- Parameters:
authzId
- A non null authorization identity to use. authzId
must be set to an empty string if anonymous identity
is to be used.
- Throws:
java.io.IOException
- If a BER encoding error occurs.
setEncodedValue
private static byte[] setEncodedValue(java.lang.String authzId)
throws java.io.IOException
- Throws:
java.io.IOException