Package com.unboundid.ldap.sdk.unboundidds.extensions

Class DeliverSingleUseTokenExtendedRequest

java.lang.Object
com.unboundid.ldap.sdk.LDAPRequest
com.unboundid.ldap.sdk.ExtendedRequest
com.unboundid.ldap.sdk.unboundidds.extensions.DeliverSingleUseTokenExtendedRequest
All Implemented Interfaces:
ProtocolOp, ReadOnlyLDAPRequest, Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class DeliverSingleUseTokenExtendedRequest extends ExtendedRequest
This class provides an implementation of an extended request that can be used to trigger the delivery of a temporary single-use token to a specified user via some out-of-band mechanism. It can be used for security purposes (e.g., as part of step-up authentication), for data validation purposes (e.g., to verify that a user can receive e-mail messages at a given address or SMS messages at a given phone number), or for other purposes in which it could be useful to deliver and consume a token through some out-of-band mechanism.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

This extended request has an OID of "1.3.6.1.4.1.30221.2.6.49" and it must have a value with the following encoding: 
   DeliverSingleUseTokenRequestValue ::= SEQUENCE {
        userDN                         LDAPDN,
        tokenID                        OCTET STRING,
        validityDurationMillis         [0] INTEGER OPTIONAL,
        messageSubject                 [1] OCTET STRING OPTIONAL,
        fullTextBeforeToken            [2] OCTET STRING OPTIONAL,
        fullTextAfterToken             [3] OCTET STRING OPTIONAL,
        compactTextBeforeToken         [4] OCTET STRING OPTIONAL,
        compactTextAfterToken          [5] OCTET STRING OPTIONAL,
        preferredDeliveryMechanism     [6] SEQUENCE OF SEQUENCE {
             mechanismName     OCTET STRING,
             recipientID       OCTET STRING OPTIONAL },
        deliverIfPasswordExpired       [7] BOOLEAN DEFAULT FALSE,
        deliverIfAccountLocked         [8] BOOLEAN DEFAULT FALSE,
        deliverIfAccountDisabled       [9] BOOLEAN DEFAULT FALSE,
        deliverIfAccountExpired        [10] BOOLEAN DEFAULT FALSE,
        ... }
See Also:

  • Field Details

  • Constructor Details

    • DeliverSingleUseTokenExtendedRequest

      public DeliverSingleUseTokenExtendedRequest(@NotNull String userDN, @NotNull String tokenID, @Nullable Long validityDurationMillis, @Nullable String messageSubject, @Nullable String fullTextBeforeToken, @Nullable String fullTextAfterToken, @Nullable String compactTextBeforeToken, @Nullable String compactTextAfterToken, @Nullable List<ObjectPair<String,String>> preferredDeliveryMechanisms, boolean deliverIfPasswordExpired, boolean deliverIfAccountLocked, boolean deliverIfAccountDisabled, boolean deliverIfAccountExpired, @Nullable Control... controls)
      Creates a new deliver single-use token extended request with the provided information.
      Parameters:
      userDN - The DN of the user for whom the token should be generated and delivered. It must not be null.
      tokenID - An identifier for the token, which can differentiate between separate uses of this extended operation for different purposes. This token ID should be provided in the request to consume the token that has been delivered. It must not be null.
      validityDurationMillis - The maximum length of time in milliseconds that the generated token should be considered valid. It may be null if the server should determine the token validity duration. If it is non-null, then the value must be greater than zero.
      messageSubject - The text (if any) that should be used as the message subject if the delivery mechanism accepts a subject. This may be null if no subject is required or a subject should be automatically generated.
      fullTextBeforeToken - The text (if any) that should appear before the generated single-use token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may be null if no text is required before the token.
      fullTextAfterToken - The text (if any) that should appear after the generated single-use token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may be null if no text is required after the token.
      compactTextBeforeToken - The text (if any) that should appear before the generated single-use token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may be null if no text is required before the token.
      compactTextAfterToken - The text (if any) that should appear after the generated single-use token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may be null if no text is required after the token.
      preferredDeliveryMechanisms - An optional list of the preferred delivery mechanisms that should be used to convey the token to the target user. It may be null or empty if the server should determine the delivery mechanisms to attempt. If a list of preferred delivery mechanisms is provided, the server will only attempt to deliver the token through these mechanisms, with attempts made in the order specified in this list.
      deliverIfPasswordExpired - Indicates whether to generate and deliver a token if the target user's password is expired.
      deliverIfAccountLocked - Indicates whether to generate and deliver a token if the target user's account is locked for some reason (e.g., too many failed authentication attempts, the account has been idle for too long, the user failed to change his/her password in a timely manner after an administrative reset, etc.).
      deliverIfAccountDisabled - Indicates whether to generate and deliver a token if the target user's account has been disabled by an administrator.
      deliverIfAccountExpired - Indicates whether to generate and deliver a token if the target user's account has expired.
      controls - An optional set of controls to include in the request. It may be null or empty if no controls are required.

    • DeliverSingleUseTokenExtendedRequest

      public DeliverSingleUseTokenExtendedRequest(@NotNull ExtendedRequest request) throws LDAPException
      Decodes the provided extended request as a deliver single-use token extended request.
      Parameters:
      request - The extended request to decode as a deliver single-use token extended request.
      Throws:
      LDAPException - If the provided extended request cannot be decoded as a deliver single-use token request.

  • Method Details

    • getUserDN

      @NotNull public String getUserDN()
      Retrieves the DN of the user for whom the token should be generated and delivered.
      Returns:
      The DN of the user for whom the token should be generated and delivered.

    • getTokenID

      @NotNull public String getTokenID()
      Retrieves an identifier for the token, which can differentiate between separate uses of this extended operation for different purposes, and should be provided when consuming the token via the ConsumeSingleUseTokenExtendedRequest.
      Returns:
      An identifier for the token.

    • getValidityDurationMillis

      @Nullable public Long getValidityDurationMillis()
      Retrieves the maximum length of time in milliseconds that the generated token should be considered valid, if defined. An attempt to consume the token after this length of time has elapsed will fail.
      Returns:
      The maximum length of time in milliseconds that the generated token should be considered valid, or null if the client did not specify a value and the token validity duration will be determined by the server.

    • getMessageSubject

      @Nullable public String getMessageSubject()
      Retrieves the text (if any) that should be used as the message subject for delivery mechanisms that can make use of a subject.
      Returns:
      The text that should be used as the message subject for delivery mechanisms that can make use of a subject, or null if no subject should be used, or if the delivery mechanism should attempt to automatically determine a subject.

    • getFullTextBeforeToken

      @Nullable public String getFullTextBeforeToken()
      Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.
      Returns:
      The text that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size, or null if there should not be any text before the token.

    • getFullTextAfterToken

      @Nullable public String getFullTextAfterToken()
      Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.
      Returns:
      The text that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size, or null if there should not be any text after the token.

    • getCompactTextBeforeToken

      @Nullable public String getCompactTextBeforeToken()
      Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.
      Returns:
      The text that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size, or null if there should not be any text before the token.

    • getCompactTextAfterToken

      @Nullable public String getCompactTextAfterToken()
      Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.
      Returns:
      The text that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size, or null if there should not be any text after the token.

    • getPreferredDeliveryMechanisms

      @NotNull public List<ObjectPair<String,String>> getPreferredDeliveryMechanisms()
      Retrieves a list of the preferred delivery mechanisms that should be used to provide the generated token to the target user. If the returned list is empty, then the server will attempt to determine which mechanism(s) to use and in which order to try them. If this list is not empty, then the server will only attempt the specified mechanisms and in the order in which they are listed.
      Returns:
      A list of the preferred delivery mechanisms that should be used to provide the generated token to the target user, or an empty list if the server should determine the delivery mechanisms to attempt.

    • deliverIfPasswordExpired

      public boolean deliverIfPasswordExpired()
      Indicates whether to attempt to generate and deliver a token if the target user's password is expired.
      Returns:
      true if the server should attempt to deliver a token to a user with an expired password, or false if not.

    • deliverIfAccountLocked

      public boolean deliverIfAccountLocked()
      Indicates whether to attempt to generate and deliver a token if the target user's account is locked for some reason (e.g., because there have been too many failed authentication attempts, because the account has been idle for too long, or because the password was not changed soon enough after an administrative reset).
      Returns:
      true if the server should attempt to deliver a token to a user with a locked account, or false if not.

    • deliverIfAccountDisabled

      public boolean deliverIfAccountDisabled()
      Indicates whether to attempt to generate and deliver a token if the target user's account has been disabled by an administrator.
      Returns:
      true if the server should attempt to deliver a token to a user with a disabled account, or false if not.

    • deliverIfAccountExpired

      public boolean deliverIfAccountExpired()
      Indicates whether to attempt to generate and deliver a token if the target user's account has expired.
      Returns:
      true if the server should attempt to deliver a token to a user with an expired account, or false if not.

    • process

      @NotNull public DeliverSingleUseTokenExtendedResult process(@NotNull LDAPConnection connection, int depth) throws LDAPException
      Sends this extended request to the directory server over the provided connection and returns the associated response.
      Overrides:
      process in class ExtendedRequest
      Parameters:
      connection - The connection to use to communicate with the directory server.
      depth - The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.
      Returns:
      An LDAP result object that provides information about the result of the extended operation processing.
      Throws:
      LDAPException - If a problem occurs while sending the request or reading the response.

    • duplicate

      @NotNull public DeliverSingleUseTokenExtendedRequest duplicate()
      Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type..
      Specified by:
      duplicate in interface ReadOnlyLDAPRequest
      Overrides:
      duplicate in class ExtendedRequest
      Returns:
      A new instance of this LDAP request that may be modified without impacting this request.

    • duplicate

      @NotNull public DeliverSingleUseTokenExtendedRequest duplicate(@Nullable Control[] controls)
      Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type..
      Specified by:
      duplicate in interface ReadOnlyLDAPRequest
      Overrides:
      duplicate in class ExtendedRequest
      Parameters:
      controls - The set of controls to include in the duplicate request.
      Returns:
      A new instance of this LDAP request that may be modified without impacting this request.

    • getExtendedRequestName

      @NotNull public String getExtendedRequestName()
      Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.
      Overrides:
      getExtendedRequestName in class ExtendedRequest
      Returns:
      The user-friendly name for this extended request, or the OID if no user-friendly name is available.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of this request to the provided buffer.
      Specified by:
      toString in interface ProtocolOp
      Specified by:
      toString in interface ReadOnlyLDAPRequest
      Overrides:
      toString in class ExtendedRequest
      Parameters:
      buffer - The buffer to which to append a string representation of this request.