Class AuthRate

  • All Implemented Interfaces:
    java.io.Serializable

    @ThreadSafety(level=NOT_THREADSAFE)
    public final class AuthRate
    extends LDAPCommandLineTool
    implements java.io.Serializable
    This class provides a tool that can be used to test authentication processing in an LDAP directory server using multiple threads. Each authentication will consist of two operations: a search to find the target entry followed by a bind to verify the credentials for that user. The search will use the given base DN and filter, either or both of which may be a value pattern as described in the ValuePattern class. This makes it possible to search over a range of entries rather than repeatedly performing searches with the same base DN and filter.

    Some of the APIs demonstrated by this example include:
    • Argument Parsing (from the com.unboundid.util.args package)
    • LDAP Command-Line Tool (from the com.unboundid.util package)
    • LDAP Communication (from the com.unboundid.ldap.sdk package)
    • Value Patterns (from the com.unboundid.util package)
    Each search must match exactly one entry, and this tool will then attempt to authenticate as the user associated with that entry. It supports simple authentication, as well as the CRAM-MD5, DIGEST-MD5, and PLAIN SASL mechanisms.

    All of the necessary information is provided using command line arguments. Supported arguments include those allowed by the LDAPCommandLineTool class, as well as the following additional arguments:
    • "-b {baseDN}" or "--baseDN {baseDN}" -- specifies the base DN to use for the searches. This must be provided. It may be a simple DN, or it may be a value pattern to express a range of base DNs.
    • "-s {scope}" or "--scope {scope}" -- specifies the scope to use for the search. The scope value should be one of "base", "one", "sub", or "subord". If this isn't specified, then a scope of "sub" will be used.
    • "-f {filter}" or "--filter {filter}" -- specifies the filter to use for the searches. This must be provided. It may be a simple filter, or it may be a value pattern to express a range of filters.
    • "-A {name}" or "--attribute {name}" -- specifies the name of an attribute that should be included in entries returned from the server. If this is not provided, then all user attributes will be requested. This may include special tokens that the server may interpret, like "1.1" to indicate that no attributes should be returned, "*", for all user attributes, or "+" for all operational attributes. Multiple attributes may be requested with multiple instances of this argument.
    • "-C {password}" or "--credentials {password}" -- specifies the password to use when authenticating users identified by the searches.
    • "-a {authType}" or "--authType {authType}" -- specifies the type of authentication to attempt. Supported values include "SIMPLE", "CRAM-MD5", "DIGEST-MD5", and "PLAIN".
    • "-t {num}" or "--numThreads {num}" -- specifies the number of concurrent threads to use when performing the authentication processing. If this is not provided, then a default of one thread will be used.
    • "-i {sec}" or "--intervalDuration {sec}" -- specifies the length of time in seconds between lines out output. If this is not provided, then a default interval duration of five seconds will be used.
    • "-I {num}" or "--numIntervals {num}" -- specifies the maximum number of intervals for which to run. If this is not provided, then it will run forever.
    • "-r {auths-per-second}" or "--ratePerSecond {auths-per-second}" -- specifies the target number of authorizations to perform per second. It is still necessary to specify a sufficient number of threads for achieving this rate. If this option is not provided, then the tool will run at the maximum rate for the specified number of threads.
    • "--variableRateData {path}" -- specifies the path to a file containing information needed to allow the tool to vary the target rate over time. If this option is not provided, then the tool will either use a fixed target rate as specified by the "--ratePerSecond" argument, or it will run at the maximum rate.
    • "--generateSampleRateFile {path}" -- specifies the path to a file to which sample data will be written illustrating and describing the format of the file expected to be used in conjunction with the "--variableRateData" argument.
    • "--warmUpIntervals {num}" -- specifies the number of intervals to complete before beginning overall statistics collection.
    • "--timestampFormat {format}" -- specifies the format to use for timestamps included before each output line. The format may be one of "none" (for no timestamps), "with-date" (to include both the date and the time), or "without-date" (to include only time time).
    • "--suppressErrorResultCodes" -- Indicates that information about the result codes for failed operations should not be displayed.
    • "-c" or "--csv" -- Generate output in CSV format rather than a display-friendly format.
    See Also:
    Serialized Form
    • Constructor Detail

      • AuthRate

        public AuthRate​(@Nullable
                        java.io.OutputStream outStream,
                        @Nullable
                        java.io.OutputStream errStream)
        Creates a new instance of this tool.
        Parameters:
        outStream - The output stream to which standard out should be written. It may be null if output should be suppressed.
        errStream - The output stream to which standard error should be written. It may be null if error messages should be suppressed.
    • Method Detail

      • main

        public static void main​(@NotNull
                                java.lang.String[] args)
        Parse the provided command line arguments and make the appropriate set of changes.
        Parameters:
        args - The command line arguments provided to this program.
      • main

        @NotNull
        public static ResultCode main​(@NotNull
                                      java.lang.String[] args,
                                      @Nullable
                                      java.io.OutputStream outStream,
                                      @Nullable
                                      java.io.OutputStream errStream)
        Parse the provided command line arguments and make the appropriate set of changes.
        Parameters:
        args - The command line arguments provided to this program.
        outStream - The output stream to which standard out should be written. It may be null if output should be suppressed.
        errStream - The output stream to which standard error should be written. It may be null if error messages should be suppressed.
        Returns:
        A result code indicating whether the processing was successful.
      • supportsInteractiveMode

        public boolean supportsInteractiveMode()
        Indicates whether this tool should provide support for an interactive mode, in which the tool offers a mode in which the arguments can be provided in a text-driven menu rather than requiring them to be given on the command line. If interactive mode is supported, it may be invoked using the "--interactive" argument. Alternately, if interactive mode is supported and defaultsToInteractiveMode() returns true, then interactive mode may be invoked by simply launching the tool without any arguments.
        Overrides:
        supportsInteractiveMode in class CommandLineTool
        Returns:
        true if this tool supports interactive mode, or false if not.
      • defaultsToInteractiveMode

        public boolean defaultsToInteractiveMode()
        Indicates whether this tool defaults to launching in interactive mode if the tool is invoked without any command-line arguments. This will only be used if supportsInteractiveMode() returns true.
        Overrides:
        defaultsToInteractiveMode in class CommandLineTool
        Returns:
        true if this tool defaults to using interactive mode if launched without any command-line arguments, or false if not.
      • supportsOutputFile

        protected boolean supportsOutputFile()
        Indicates whether this tool should provide arguments for redirecting output to a file. If this method returns true, then the tool will offer an "--outputFile" argument that will specify the path to a file to which all standard output and standard error content will be written, and it will also offer a "--teeToStandardOut" argument that can only be used if the "--outputFile" argument is present and will cause all output to be written to both the specified output file and to standard output.
        Overrides:
        supportsOutputFile in class CommandLineTool
        Returns:
        true if this tool should provide arguments for redirecting output to a file, or false if not.
      • defaultToPromptForBindPassword

        protected boolean defaultToPromptForBindPassword()
        Indicates whether this tool should default to interactively prompting for the bind password if a password is required but no argument was provided to indicate how to get the password.
        Overrides:
        defaultToPromptForBindPassword in class LDAPCommandLineTool
        Returns:
        true if this tool should default to interactively prompting for the bind password, or false if not.
      • supportsPropertiesFile

        public boolean supportsPropertiesFile()
        Indicates whether this tool supports the use of a properties file for specifying default values for arguments that aren't specified on the command line.
        Overrides:
        supportsPropertiesFile in class CommandLineTool
        Returns:
        true if this tool supports the use of a properties file for specifying default values for arguments that aren't specified on the command line, or false if not.
      • includeAlternateLongIdentifiers

        protected boolean includeAlternateLongIdentifiers()
        Indicates whether the LDAP-specific arguments should include alternate versions of all long identifiers that consist of multiple words so that they are available in both camelCase and dash-separated versions.
        Overrides:
        includeAlternateLongIdentifiers in class LDAPCommandLineTool
        Returns:
        true if this tool should provide multiple versions of long identifiers for LDAP-specific arguments, or false if not.
      • supportsMultipleServers

        protected boolean supportsMultipleServers()
        Indicates whether this tool supports creating connections to multiple servers. If it is to support multiple servers, then the "--hostname" and "--port" arguments will be allowed to be provided multiple times, and will be required to be provided the same number of times. The same type of communication security and bind credentials will be used for all servers.
        Overrides:
        supportsMultipleServers in class LDAPCommandLineTool
        Returns:
        true if this tool supports creating connections to multiple servers, or false if not.
      • doToolProcessing

        @NotNull
        public ResultCode doToolProcessing()
        Performs the actual processing for this tool. In this case, it gets a connection to the directory server and uses it to perform the requested searches.
        Specified by:
        doToolProcessing in class CommandLineTool
        Returns:
        The result code for the processing that was performed.
      • stopRunning

        public void stopRunning()
        Requests that this tool stop running. This method will attempt to wait for all threads to complete before returning control to the caller.
      • getExampleUsages

        @NotNull
        public java.util.LinkedHashMap<java.lang.String[],​java.lang.String> getExampleUsages()
        Retrieves a set of information that may be used to generate example usage information. Each element in the returned map should consist of a map between an example set of arguments and a string that describes the behavior of the tool when invoked with that set of arguments.
        Overrides:
        getExampleUsages in class CommandLineTool
        Returns:
        A set of information that may be used to generate example usage information. It may be null or empty if no example usage information is available.