Class DeliverSingleUseTokenExtendedRequest
- java.lang.Object
-
- com.unboundid.ldap.sdk.LDAPRequest
-
- com.unboundid.ldap.sdk.ExtendedRequest
-
- com.unboundid.ldap.sdk.unboundidds.extensions.DeliverSingleUseTokenExtendedRequest
-
- All Implemented Interfaces:
ProtocolOp
,ReadOnlyLDAPRequest
,java.io.Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class DeliverSingleUseTokenExtendedRequest extends ExtendedRequest
This class provides an implementation of an extended request that can be used to trigger the delivery of a temporary single-use token to a specified user via some out-of-band mechanism. It can be used for security purposes (e.g., as part of step-up authentication), for data validation purposes (e.g., to verify that a user can receive e-mail messages at a given address or SMS messages at a given phone number), or for other purposes in which it could be useful to deliver and consume a token through some out-of-band mechanism.
NOTE: This class, and other classes within the
com.unboundid.ldap.sdk.unboundidds
package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
This extended request has an OID of "1.3.6.1.4.1.30221.2.6.49" and it must have a value with the following encoding:DeliverSingleUseTokenRequestValue ::= SEQUENCE { userDN LDAPDN, tokenID OCTET STRING, validityDurationMillis [0] INTEGER OPTIONAL, messageSubject [1] OCTET STRING OPTIONAL, fullTextBeforeToken [2] OCTET STRING OPTIONAL, fullTextAfterToken [3] OCTET STRING OPTIONAL, compactTextBeforeToken [4] OCTET STRING OPTIONAL, compactTextAfterToken [5] OCTET STRING OPTIONAL, preferredDeliveryMechanism [6] SEQUENCE OF SEQUENCE { mechanismName OCTET STRING, recipientID OCTET STRING OPTIONAL }, deliverIfPasswordExpired [7] BOOLEAN DEFAULT FALSE, deliverIfAccountLocked [8] BOOLEAN DEFAULT FALSE, deliverIfAccountDisabled [9] BOOLEAN DEFAULT FALSE, deliverIfAccountExpired [10] BOOLEAN DEFAULT FALSE, ... }
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DELIVER_SINGLE_USE_TOKEN_REQUEST_OID
The OID (1.3.6.1.4.1.30221.2.6.49) for the deliver single-use token extended request.-
Fields inherited from class com.unboundid.ldap.sdk.ExtendedRequest
TYPE_EXTENDED_REQUEST_OID, TYPE_EXTENDED_REQUEST_VALUE
-
-
Constructor Summary
Constructors Constructor Description DeliverSingleUseTokenExtendedRequest(ExtendedRequest request)
Decodes the provided extended request as a deliver single-use token extended request.DeliverSingleUseTokenExtendedRequest(java.lang.String userDN, java.lang.String tokenID, java.lang.Long validityDurationMillis, java.lang.String messageSubject, java.lang.String fullTextBeforeToken, java.lang.String fullTextAfterToken, java.lang.String compactTextBeforeToken, java.lang.String compactTextAfterToken, java.util.List<ObjectPair<java.lang.String,java.lang.String>> preferredDeliveryMechanisms, boolean deliverIfPasswordExpired, boolean deliverIfAccountLocked, boolean deliverIfAccountDisabled, boolean deliverIfAccountExpired, Control... controls)
Creates a new deliver single-use token extended request with the provided information.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
deliverIfAccountDisabled()
Indicates whether to attempt to generate and deliver a token if the target user's account has been disabled by an administrator.boolean
deliverIfAccountExpired()
Indicates whether to attempt to generate and deliver a token if the target user's account has expired.boolean
deliverIfAccountLocked()
Indicates whether to attempt to generate and deliver a token if the target user's account is locked for some reason (e.g., because there have been too many failed authentication attempts, because the account has been idle for too long, or because the password was not changed soon enough after an administrative reset).boolean
deliverIfPasswordExpired()
Indicates whether to attempt to generate and deliver a token if the target user's password is expired.DeliverSingleUseTokenExtendedRequest
duplicate()
Creates a new instance of this LDAP request that may be modified without impacting this request.DeliverSingleUseTokenExtendedRequest
duplicate(Control[] controls)
Creates a new instance of this LDAP request that may be modified without impacting this request.java.lang.String
getCompactTextAfterToken()
Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.java.lang.String
getCompactTextBeforeToken()
Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.java.lang.String
getExtendedRequestName()
Retrieves the user-friendly name for the extended request, if available.java.lang.String
getFullTextAfterToken()
Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.java.lang.String
getFullTextBeforeToken()
Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.java.lang.String
getMessageSubject()
Retrieves the text (if any) that should be used as the message subject for delivery mechanisms that can make use of a subject.java.util.List<ObjectPair<java.lang.String,java.lang.String>>
getPreferredDeliveryMechanisms()
Retrieves a list of the preferred delivery mechanisms that should be used to provide the generated token to the target user.java.lang.String
getTokenID()
Retrieves an identifier for the token, which can differentiate between separate uses of this extended operation for different purposes, and should be provided when consuming the token via theConsumeSingleUseTokenExtendedRequest
.java.lang.String
getUserDN()
Retrieves the DN of the user for whom the token should be generated and delivered.java.lang.Long
getValidityDurationMillis()
Retrieves the maximum length of time in milliseconds that the generated token should be considered valid, if defined.DeliverSingleUseTokenExtendedResult
process(LDAPConnection connection, int depth)
Sends this extended request to the directory server over the provided connection and returns the associated response.void
toString(java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer.-
Methods inherited from class com.unboundid.ldap.sdk.ExtendedRequest
encodeProtocolOp, getLastMessageID, getOID, getOperationType, getProtocolOpType, getValue, hasValue, responseReceived, toCode, writeTo
-
Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest
followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setResponseTimeoutMillis, toString
-
-
-
-
Field Detail
-
DELIVER_SINGLE_USE_TOKEN_REQUEST_OID
public static final java.lang.String DELIVER_SINGLE_USE_TOKEN_REQUEST_OID
The OID (1.3.6.1.4.1.30221.2.6.49) for the deliver single-use token extended request.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
DeliverSingleUseTokenExtendedRequest
public DeliverSingleUseTokenExtendedRequest(java.lang.String userDN, java.lang.String tokenID, java.lang.Long validityDurationMillis, java.lang.String messageSubject, java.lang.String fullTextBeforeToken, java.lang.String fullTextAfterToken, java.lang.String compactTextBeforeToken, java.lang.String compactTextAfterToken, java.util.List<ObjectPair<java.lang.String,java.lang.String>> preferredDeliveryMechanisms, boolean deliverIfPasswordExpired, boolean deliverIfAccountLocked, boolean deliverIfAccountDisabled, boolean deliverIfAccountExpired, Control... controls)
Creates a new deliver single-use token extended request with the provided information.- Parameters:
userDN
- The DN of the user for whom the token should be generated and delivered. It must not benull
.tokenID
- An identifier for the token, which can differentiate between separate uses of this extended operation for different purposes. This token ID should be provided in the request to consume the token that has been delivered. It must not benull
.validityDurationMillis
- The maximum length of time in milliseconds that the generated token should be considered valid. It may benull
if the server should determine the token validity duration. If it is non-null
, then the value must be greater than zero.messageSubject
- The text (if any) that should be used as the message subject if the delivery mechanism accepts a subject. This may benull
if no subject is required or a subject should be automatically generated.fullTextBeforeToken
- The text (if any) that should appear before the generated single-use token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may benull
if no text is required before the token.fullTextAfterToken
- The text (if any) that should appear after the generated single-use token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may benull
if no text is required after the token.compactTextBeforeToken
- The text (if any) that should appear before the generated single-use token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may benull
if no text is required before the token.compactTextAfterToken
- The text (if any) that should appear after the generated single-use token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may benull
if no text is required after the token.preferredDeliveryMechanisms
- An optional list of the preferred delivery mechanisms that should be used to convey the token to the target user. It may benull
or empty if the server should determine the delivery mechanisms to attempt. If a list of preferred delivery mechanisms is provided, the server will only attempt to deliver the token through these mechanisms, with attempts made in the order specified in this list.deliverIfPasswordExpired
- Indicates whether to generate and deliver a token if the target user's password is expired.deliverIfAccountLocked
- Indicates whether to generate and deliver a token if the target user's account is locked for some reason (e.g., too many failed authentication attempts, the account has been idle for too long, the user failed to change his/her password in a timely manner after an administrative reset, etc.).deliverIfAccountDisabled
- Indicates whether to generate and deliver a token if the target user's account has been disabled by an administrator.deliverIfAccountExpired
- Indicates whether to generate and deliver a token if the target user's account has expired.controls
- An optional set of controls to include in the request. It may benull
or empty if no controls are required.
-
DeliverSingleUseTokenExtendedRequest
public DeliverSingleUseTokenExtendedRequest(ExtendedRequest request) throws LDAPException
Decodes the provided extended request as a deliver single-use token extended request.- Parameters:
request
- The extended request to decode as a deliver single-use token extended request.- Throws:
LDAPException
- If the provided extended request cannot be decoded as a deliver single-use token request.
-
-
Method Detail
-
getUserDN
public java.lang.String getUserDN()
Retrieves the DN of the user for whom the token should be generated and delivered.- Returns:
- The DN of the user for whom the token should be generated and delivered.
-
getTokenID
public java.lang.String getTokenID()
Retrieves an identifier for the token, which can differentiate between separate uses of this extended operation for different purposes, and should be provided when consuming the token via theConsumeSingleUseTokenExtendedRequest
.- Returns:
- An identifier for the token.
-
getValidityDurationMillis
public java.lang.Long getValidityDurationMillis()
Retrieves the maximum length of time in milliseconds that the generated token should be considered valid, if defined. An attempt to consume the token after this length of time has elapsed will fail.- Returns:
- The maximum length of time in milliseconds that the generated
token should be considered valid, or
null
if the client did not specify a value and the token validity duration will be determined by the server.
-
getMessageSubject
public java.lang.String getMessageSubject()
Retrieves the text (if any) that should be used as the message subject for delivery mechanisms that can make use of a subject.- Returns:
- The text that should be used as the message subject for delivery
mechanisms that can make use of a subject, or
null
if no subject should be used, or if the delivery mechanism should attempt to automatically determine a subject.
-
getFullTextBeforeToken
public java.lang.String getFullTextBeforeToken()
Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.- Returns:
- The text that should appear before the single-use token in the
message delivered to the user via a mechanism that does not impose
significant constraints on message size, or
null
if there should not be any text before the token.
-
getFullTextAfterToken
public java.lang.String getFullTextAfterToken()
Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.- Returns:
- The text that should appear after the single-use token in the
message delivered to the user via a mechanism that does not impose
significant constraints on message size, or
null
if there should not be any text after the token.
-
getCompactTextBeforeToken
public java.lang.String getCompactTextBeforeToken()
Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.- Returns:
- The text that should appear before the single-use token in the
message delivered to the user via a mechanism that imposes
significant constraints on message size, or
null
if there should not be any text before the token.
-
getCompactTextAfterToken
public java.lang.String getCompactTextAfterToken()
Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.- Returns:
- The text that should appear after the single-use token in the
message delivered to the user via a mechanism that imposes
significant constraints on message size, or
null
if there should not be any text after the token.
-
getPreferredDeliveryMechanisms
public java.util.List<ObjectPair<java.lang.String,java.lang.String>> getPreferredDeliveryMechanisms()
Retrieves a list of the preferred delivery mechanisms that should be used to provide the generated token to the target user. If the returned list is empty, then the server will attempt to determine which mechanism(s) to use and in which order to try them. If this list is not empty, then the server will only attempt the specified mechanisms and in the order in which they are listed.- Returns:
- A list of the preferred delivery mechanisms that should be used to provide the generated token to the target user, or an empty list if the server should determine the delivery mechanisms to attempt.
-
deliverIfPasswordExpired
public boolean deliverIfPasswordExpired()
Indicates whether to attempt to generate and deliver a token if the target user's password is expired.- Returns:
true
if the server should attempt to deliver a token to a user with an expired password, orfalse
if not.
-
deliverIfAccountLocked
public boolean deliverIfAccountLocked()
Indicates whether to attempt to generate and deliver a token if the target user's account is locked for some reason (e.g., because there have been too many failed authentication attempts, because the account has been idle for too long, or because the password was not changed soon enough after an administrative reset).- Returns:
true
if the server should attempt to deliver a token to a user with a locked account, orfalse
if not.
-
deliverIfAccountDisabled
public boolean deliverIfAccountDisabled()
Indicates whether to attempt to generate and deliver a token if the target user's account has been disabled by an administrator.- Returns:
true
if the server should attempt to deliver a token to a user with a disabled account, orfalse
if not.
-
deliverIfAccountExpired
public boolean deliverIfAccountExpired()
Indicates whether to attempt to generate and deliver a token if the target user's account has expired.- Returns:
true
if the server should attempt to deliver a token to a user with an expired account, orfalse
if not.
-
process
public DeliverSingleUseTokenExtendedResult process(LDAPConnection connection, int depth) throws LDAPException
Sends this extended request to the directory server over the provided connection and returns the associated response.- Overrides:
process
in classExtendedRequest
- Parameters:
connection
- The connection to use to communicate with the directory server.depth
- The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.- Returns:
- An LDAP result object that provides information about the result of the extended operation processing.
- Throws:
LDAPException
- If a problem occurs while sending the request or reading the response.
-
duplicate
public DeliverSingleUseTokenExtendedRequest duplicate()
Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type..- Specified by:
duplicate
in interfaceReadOnlyLDAPRequest
- Overrides:
duplicate
in classExtendedRequest
- Returns:
- A new instance of this LDAP request that may be modified without impacting this request.
-
duplicate
public DeliverSingleUseTokenExtendedRequest duplicate(Control[] controls)
Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type..- Specified by:
duplicate
in interfaceReadOnlyLDAPRequest
- Overrides:
duplicate
in classExtendedRequest
- Parameters:
controls
- The set of controls to include in the duplicate request.- Returns:
- A new instance of this LDAP request that may be modified without impacting this request.
-
getExtendedRequestName
public java.lang.String getExtendedRequestName()
Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.- Overrides:
getExtendedRequestName
in classExtendedRequest
- Returns:
- The user-friendly name for this extended request, or the OID if no user-friendly name is available.
-
toString
public void toString(java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer.- Specified by:
toString
in interfaceProtocolOp
- Specified by:
toString
in interfaceReadOnlyLDAPRequest
- Overrides:
toString
in classExtendedRequest
- Parameters:
buffer
- The buffer to which to append a string representation of this request.
-
-