001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.realm.ldap;
020
021import javax.naming.NamingException;
022import javax.naming.ldap.LdapContext;
023
024/**
025 * Interface that encapsulates the creation of {@code LdapContext} objects that are used by {@link JndiLdapRealm}s to
026 * perform authentication attempts and query for authorization data.
027 *
028 * @since 0.2
029 */
030public interface LdapContextFactory {
031
032    /**
033     * Creates (or retrieves from a pool) a {@code LdapContext} connection bound using the system account, or
034     * anonymously if no system account is configured.
035     *
036     * @return a {@code LdapContext} bound by the system account, or bound anonymously if no system account
037     *         is configured.
038     * @throws javax.naming.NamingException if there is an error creating the context.
039     */
040    LdapContext getSystemLdapContext() throws NamingException;
041
042    /**
043     * Creates (or retrieves from a pool) a {@code LdapContext} connection bound using the username and password
044     * specified.
045     *
046     * @param username the username to use when creating the connection.
047     * @param password the password to use when creating the connection.
048     * @return a {@code LdapContext} bound using the given username and password.
049     * @throws javax.naming.NamingException if there is an error creating the context.
050     * @deprecated the {@link #getLdapContext(Object, Object)} method should be used in all cases to ensure more than
051     * String principals and credentials can be used.
052     */
053    @Deprecated
054    LdapContext getLdapContext(String username, String password) throws NamingException;
055
056    /**
057     * Creates (or retrieves from a pool) an {@code LdapContext} connection bound using the specified principal and
058     * credentials.  The format of the principal and credentials are whatever is supported by the underlying
059     * LDAP {@link javax.naming.spi.InitialContextFactory InitialContextFactory} implementation.  The default Sun
060     * (now Oracle) implementation supports
061     * <a href="http://download-llnw.oracle.com/javase/tutorial/jndi/ldap/auth_mechs.html">anonymous, simple, and
062     * SASL-based mechanisms</a>.
063     * <p/>
064     * This method was added in Shiro 1.1 to address the fact that principals and credentials can be more than just
065     * {@code String} user DNs and passwords for connecting to LDAP.  For example, the credentials can be an
066     * {@code X.509} certificate.
067     *
068     * @param principal   the principal to use when acquiring a connection to the LDAP directory
069     * @param credentials the credentials (password, X.509 certificate, etc) to use when acquiring a connection to the
070     *                    LDAP directory
071     * @return the acquired {@code LdapContext} connection bound using the specified principal and credentials.
072     * @throws NamingException if unable to acquire a connection.
073     * @since 1.1
074     */
075    LdapContext getLdapContext(Object principal, Object credentials) throws NamingException;
076    
077}