001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.core.authn; 021 022 023import java.net.SocketAddress; 024 025import org.apache.directory.api.ldap.model.constants.AuthenticationLevel; 026import org.apache.directory.api.ldap.model.exception.LdapNoPermissionException; 027import org.apache.directory.api.ldap.model.name.Dn; 028import org.apache.directory.server.core.api.LdapPrincipal; 029import org.apache.directory.server.core.api.interceptor.context.BindOperationContext; 030import org.apache.directory.server.i18n.I18n; 031import org.apache.mina.core.session.IoSession; 032 033 034/** 035 * An {@link Authenticator} that handles anonymous connections 036 * (type <tt>'none'</tt>). 037 * 038 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 039 */ 040public class AnonymousAuthenticator extends AbstractAuthenticator 041{ 042 /** 043 * Creates a new instance. 044 */ 045 public AnonymousAuthenticator() 046 { 047 super( AuthenticationLevel.NONE ); 048 } 049 050 051 /** 052 * Creates a new instance. 053 * 054 * @param baseDn The base Dn 055 */ 056 public AnonymousAuthenticator( Dn baseDn ) 057 { 058 super( AuthenticationLevel.NONE, baseDn ); 059 } 060 061 062 /** 063 * If the context is not configured to allow anonymous connections, 064 * this method throws a {@link javax.naming.NoPermissionException}. 065 */ 066 @Override 067 public LdapPrincipal authenticate( BindOperationContext bindContext ) throws LdapNoPermissionException 068 { 069 // We only allow Anonymous binds if the service allows them 070 if ( getDirectoryService().isAllowAnonymousAccess() ) 071 { 072 LOG.info( "Authentication as anonymous" ); 073 LdapPrincipal principal = getDirectoryService().getAdminSession().getAnonymousPrincipal(); 074 075 IoSession session = bindContext.getIoSession(); 076 077 if ( session != null ) 078 { 079 SocketAddress clientAddress = session.getRemoteAddress(); 080 principal.setClientAddress( clientAddress ); 081 SocketAddress serverAddress = session.getServiceAddress(); 082 principal.setServerAddress( serverAddress ); 083 } 084 085 return principal; 086 } 087 else 088 { 089 LOG.info( "Cannot authenticate as anonymous, the server does not allow it" ); 090 throw new LdapNoPermissionException( I18n.err( I18n.ERR_228 ) ); 091 } 092 } 093}