javax.naming.ldap

Home
Java Source Code / Java Documentation
1.6.0 JDK Core
2.6.0 JDK Modules
3.6.0 JDK Modules com.sun
4.6.0 JDK Modules com.sun.java
5.6.0 JDK Modules sun
6.6.0 JDK Platform
7.Ajax
8.Apache Harmony Java SE
9.Aspect oriented
10.Authentication Authorization
11.Blogger System
12.Build
13.Byte Code
14.Cache
15.Chart
16.Chat
17.Code Analyzer
18.Collaboration
19.Content Management System
20.Database Client
21.Database DBMS
22.Database JDBC Connection Pool
23.Database ORM
24.Development
25.EJB Server
26.ERP CRM Financial
27.ESB
28.Forum
29.Game
30.GIS
31.Graphic 3D
32.Graphic Library
33.Groupware
34.HTML Parser
35.IDE
36.IDE Eclipse
37.IDE Netbeans
38.Installer
39.Internationalization Localization
40.Inversion of Control
41.Issue Tracking
42.J2EE
43.J2ME
44.JBoss
45.JMS
46.JMX
47.Library
48.Mail Clients
49.Music
50.Net
51.Parser
52.PDF
53.Portal
54.Profiler
55.Project Management
56.Report
57.RSS RDF
58.Rule Engine
59.Science
60.Scripting
61.Search Engine
62.Security
63.Sevlet Container
64.Source Control
65.Swing Library
66.Template Engine
67.Test Coverage
68.Testing
69.UML
70.Web Crawler
71.Web Framework
72.Web Mail
73.Web Server
74.Web Services
75.Web Services apache cxf 2.2.6
76.Web Services AXIS2
77.Wiki Engine
78.Workflow Engines
79.XML
80.XML UI
Java Source Code / Java Documentation » 6.0 JDK Core » naming » javax.naming.ldap 
javax.naming.ldap
Provides support for LDAPv3 extended operations and controls.

This package extends the directory operations of the Java Naming and Directory InterfaceTM (JNDI).   JNDI provides naming and directory functionality to applications written in the Java programming language. It is designed to be independent of any specific naming or directory service implementation. Thus a variety of services--new, emerging, and already deployed ones--can be accessed in a common way.

This package is for applications and service providers that deal with LDAPv3 extended operations and controls, as defined by RFC 2251. The core interface in this package is LdapContext, which defines methods on a context for performing extended operations and handling controls.

Extended Operations

This package defines the interface ExtendedRequest to represent the argument to an extended operation, and the interface ExtendedResponse to represent the result of the extended operation. An extended response is always paired with an extended request but not necessarily vice versa. That is, you can have an extended request that has no corresponding extended response.

An application typically does not deal directly with these interfaces. Instead, it deals with classes that implement these interfaces. The application gets these classes either as part of a repertoire of extended operations standardized through the IETF, or from directory vendors for vendor-specific extended operations. The request classes should have constructors that accept arguments in a type-safe and user-friendly manner, while the response classes should have access methods for getting the data of the response in a type-safe and user-friendly manner. Internally, the request/response classes deal with encoding and decoding BER values.

For example, suppose an LDAP server supports a "get time" extended operation. It would supply classes such as GetTimeRequest and GetTimeResponse, so that applications can use this feature. An application would use these classes as follows: 

GetTimeResponse resp =
    (GetTimeResponse) ectx.extendedOperation(new GetTimeRequest());
long time = resp.getTime();

The GetTimeRequest and GetTimeResponse classes might be defined as follows: 

public class GetTimeRequest implements ExtendedRequest {
    // User-friendly constructor 
    public GetTimeRequest() {
    };

    // Methods used by service providers
    public String getID() {
        return GETTIME_REQ_OID;
    }
    public byte[] getEncodedValue() {
        return null;  // no value needed for get time request
    }
    public ExtendedResponse createExtendedResponse(
        String id, byte[] berValue, int offset, int length) throws NamingException {
        return new GetTimeResponse(id, berValue, offset, length);
    }
}
public class GetTimeResponse() implements ExtendedResponse {
    long time;
    // called by GetTimeRequest.createExtendedResponse()
    public GetTimeResponse(String id, byte[] berValue, int offset, int length) 
        throws NamingException {
        // check validity of id
        long time =  ... // decode berValue to get time
    }

    // Type-safe and User-friendly methods
    public java.util.Date getDate() { return new java.util.Date(time); }
    public long getTime() { return time; }

    // Low level methods
    public byte[] getEncodedValue() {
        return // berValue saved;
    }
    public String getID() {
        return GETTIME_RESP_OID;
    }
}

Controls

This package defines the interface Control to represent an LDAPv3 control. It can be a control that is sent to an LDAP server (request control) or a control returned by an LDAP server (response control). Unlike extended requests and responses, there is not necessarily any pairing between request controls and response controls. You can send request controls and expect no response controls back, or receive response controls without sending any request controls.

An application typically does not deal directly with this interface. Instead, it deals with classes that implement this interface. The application gets control classes either as part of a repertoire of controls standardized through the IETF, or from directory vendors for vendor-specific controls. The request control classes should have constructors that accept arguments in a type-safe and user-friendly manner, while the response control classes should have access methods for getting the data of the response in a type-safe and user-friendly manner. Internally, the request/response control classes deal with encoding and decoding BER values.

For example, suppose an LDAP server supports a "signed results" request control, which when sent with a request, asks the server to digitally sign the results of an operation. It would supply a class SignedResultsControl so that applications can use this feature. An application would use this class as follows: 

Control[] reqCtls = new Control[] {new SignedResultsControl(Control.CRITICAL)};
ectx.setRequestControls(reqCtls);
NamingEnumeration enum = ectx.search(...);
The SignedResultsControl class might be defined as follows: 
public class SignedResultsControl implements Control {
    // User-friendly constructor 
    public SignedResultsControl(boolean criticality) {
	// assemble the components of the request control
    };

    // Methods used by service providers
    public String getID() {
        return // control's object identifier
    }
    public byte[] getEncodedValue() {
        return // ASN.1 BER encoded control value
    }
    ...
}

When a service provider receives response controls, it uses the ControlFactory class to produce specific classes that implement the Control interface.

An LDAP server can send back response controls with an LDAP operation and also with enumeration results, such as those returned by a list or search operation. The LdapContext provides a method (getResponseControls()) for getting the response controls sent with an LDAP operation, while the HasControls interface is used to retrieve response controls associated with enumeration results.

For example, suppose an LDAP server sends back a "change ID" control in response to a successful modification. It would supply a class ChangeIDControl so that the application can use this feature. An application would perform an update, and then try to get the change ID. 

// Perform update
Context ctx = ectx.createSubsubcontext("cn=newobj");

// Get response controls
Control[] respCtls = ectx.getResponseControls();
if (respCtls != null) {
    // Find the one we want
    for (int i = 0; i < respCtls; i++) {
        if(respCtls[i] instanceof ChangeIDControl) {
	    ChangeIDControl cctl = (ChangeIDControl)respCtls[i];
	    System.out.println(cctl.getChangeID());
        }
    }
}
The vendor might supply the following ChangeIDControl and VendorXControlFactory classes. The VendorXControlFactory will be used by the service provider when the provider receives response controls from the LDAP server. 
public class ChangeIDControl implements Control {
    long id;

    // Constructor used by ControlFactory
    public ChangeIDControl(String OID, byte[] berVal) throws NamingException {
        // check validity of OID
        id = // extract change ID from berVal
    };

    // Type-safe and User-friendly method
    public long getChangeID() {
        return id;
    }

    // Low-level methods
    public String getID() {
        return CHANGEID_OID;
    }
    public byte[] getEncodedValue() {
        return // original berVal
    }
    ...
}
public class VendorXControlFactory extends ControlFactory {
    public VendorXControlFactory () {
    }

    public Control getControlInstance(Control orig) throws NamingException {
        if (isOneOfMyControls(orig.getID())) {
	    ... 

	    // determine which of ours it is and call its constructor
	    return (new ChangeIDControl(orig.getID(), orig.getEncodedValue()));
	}
        return null;  // not one of ours
    }
}

Package Specification

The JNDI API Specification and related documents can be found in the JNDI documentation. @since 1.3
Java Source File NameTypeComment
BasicControl.javaClass This class provides a basic implementation of the Control interface.
Control.javaInterface This interface represents an LDAPv3 control as defined in RFC 2251.

The LDAPv3 protocol uses controls to send and receive additional data to affect the behavior of predefined operations.

ControlFactory.javaClass This abstract class represents a factory for creating LDAPv3 controls.
ExtendedRequest.javaInterface This interface represents an LDAPv3 extended operation request as defined in RFC 2251. 
 ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
 requestName      [0] LDAPOID,
 requestValue     [1] OCTET STRING OPTIONAL }
It comprises an object identifier string and an optional ASN.1 BER encoded value.

The methods in this class are used by the service provider to construct the bits to send to the LDAP server.

ExtendedResponse.javaInterface This interface represents an LDAP extended operation response as defined in RFC 2251. 
 ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
 COMPONENTS OF LDAPResult,
 responseName     [10] LDAPOID OPTIONAL,
 response         [11] OCTET STRING OPTIONAL }
It comprises an optional object identifier and an optional ASN.1 BER encoded value.

The methods in this class can be used by the application to get low level information about the extended operation response.

HasControls.javaInterface This interface is for returning controls with objects returned in NamingEnumerations.
InitialLdapContext.javaClass This class is the starting context for performing LDAPv3-style extended operations and controls.

See javax.naming.InitialContext and javax.naming.InitialDirContext for details on synchronization, and the policy for how an initial context is created.

Request Controls

When you create an initial context (InitialLdapContext), you can specify a list of request controls.
LdapContext.javaInterface This interface represents a context in which you can perform operations with LDAPv3-style controls and perform LDAPv3-style extended operations. For applications that do not require such controls or extended operations, the more generic javax.naming.directory.DirContext should be used instead.

Usage Details About Controls

This interface provides support for LDAP v3 controls.
LdapName.javaClass This class represents a distinguished name as specified by RFC 2253. A distinguished name, or DN, is composed of an ordered list of components called relative distinguished names, or RDNs. Details of a DN's syntax are described in RFC 2253.

This class resolves a few ambiguities found in RFC 2253 as follows:

  • RFC 2253 leaves the term "whitespace" undefined.
LdapReferralException.javaClass This abstract class is used to represent an LDAP referral exception. It extends the base ReferralException by providing a getReferralContext() method that accepts request controls. LdapReferralException is an abstract class.
ManageReferralControl.javaClass Requests that referral and other special LDAP objects be manipulated as normal LDAP objects.
PagedResultsControl.javaClass Requests that the results of a search operation be returned by the LDAP server in batches of a specified size.
PagedResultsResponseControl.javaClass Indicates the end of a batch of search results.
Rdn.javaClass This class represents a relative distinguished name, or RDN, which is a component of a distinguished name as specified by RFC 2253. An example of an RDN is "OU=Sales+CN=J.Smith".
Rfc2253Parser.javaClass
SortControl.javaClass Requests that the results of a search operation be sorted by the LDAP server before being returned.
SortKey.javaClass A sort key and its associated sort parameters.
SortResponseControl.javaClass Indicates whether the requested sort of search results was successful or not. When the result code indicates success then the results have been sorted as requested.
StartTlsRequest.javaClass This class implements the LDAPv3 Extended Request for StartTLS as defined in Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037 and no extended request value is defined.

StartTlsRequest/StartTlsResponse are used to establish a TLS connection over the existing LDAP connection associated with the JNDI context on which extendedOperation() is invoked. Typically, a JNDI program uses these classes as follows. 

 import javax.naming.ldap.*;
 // Open an LDAP association
 LdapContext ctx = new InitialLdapContext();
 // Perform a StartTLS extended operation
 StartTlsResponse tls =
 (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
 // Open a TLS connection (over the existing LDAP association) and get details
 // of the negotiated TLS session: cipher suite, peer certificate, etc.
 SSLSession session = tls.negotiate();
 // ...
StartTlsResponse.javaClass This class implements the LDAPv3 Extended Response for StartTLS as defined in Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037 and no extended response value is defined.

The Start TLS extended request and response are used to establish a TLS connection over the existing LDAP connection associated with the JNDI context on which extendedOperation() is invoked. Typically, a JNDI program uses the StartTLS extended request and response classes as follows. 

 import javax.naming.ldap.*;
 // Open an LDAP association
 LdapContext ctx = new InitialLdapContext();
 // Perform a StartTLS extended operation
 StartTlsResponse tls =
 (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
 // Open a TLS connection (over the existing LDAP association) and get details
 // of the negotiated TLS session: cipher suite, peer certificate, ...
 SSLSession session = tls.negotiate();
 // ...
UnsolicitedNotification.javaInterface This interface represents an unsolicited notification as defined in RFC 2251.
UnsolicitedNotificationEvent.javaClass This class represents an event fired in response to an unsolicited notification sent by the LDAP server.
UnsolicitedNotificationListener.javaInterface This interface is for handling UnsolicitedNotificationEvent.
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.