001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.server.core.authn;
021
022
023import java.net.SocketAddress;
024
025import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
026import org.apache.directory.api.ldap.model.exception.LdapNoPermissionException;
027import org.apache.directory.api.ldap.model.name.Dn;
028import org.apache.directory.server.core.api.LdapPrincipal;
029import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
030import org.apache.directory.server.i18n.I18n;
031import org.apache.mina.core.session.IoSession;
032
033
034/**
035 * An {@link Authenticator} that handles anonymous connections
036 * (type <tt>'none'</tt>).
037 *
038 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
039 */
040public class AnonymousAuthenticator extends AbstractAuthenticator
041{
042    /**
043     * Creates a new instance.
044     */
045    public AnonymousAuthenticator()
046    {
047        super( AuthenticationLevel.NONE );
048    }
049
050
051    /**
052     * Creates a new instance.
053     * 
054     * @param baseDn The base Dn
055     */
056    public AnonymousAuthenticator( Dn baseDn )
057    {
058        super( AuthenticationLevel.NONE, baseDn );
059    }
060
061
062    /**
063     * If the context is not configured to allow anonymous connections,
064     * this method throws a {@link javax.naming.NoPermissionException}.
065     */
066    @Override
067    public LdapPrincipal authenticate( BindOperationContext bindContext ) throws LdapNoPermissionException
068    {
069        // We only allow Anonymous binds if the service allows them
070        if ( getDirectoryService().isAllowAnonymousAccess() )
071        {
072            LOG.info( "Authentication as anonymous" );
073            LdapPrincipal principal = getDirectoryService().getAdminSession().getAnonymousPrincipal();
074
075            IoSession session = bindContext.getIoSession();
076
077            if ( session != null )
078            {
079                SocketAddress clientAddress = session.getRemoteAddress();
080                principal.setClientAddress( clientAddress );
081                SocketAddress serverAddress = session.getServiceAddress();
082                principal.setServerAddress( serverAddress );
083            }
084
085            return principal;
086        }
087        else
088        {
089            LOG.info( "Cannot authenticate as anonymous, the server does not allow it" );
090            throw new LdapNoPermissionException( I18n.err( I18n.ERR_228 ) );
091        }
092    }
093}