This class provides an implementation of the LDAP "Who Am I?" extended
request as defined in
RFC 4532. It may be used
to request the current authorization identity associated with the client
connection.
The "Who Am I?" extended operation is similar to the
com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControlin that it can be used to request the authorization identity for the
connection. The primary difference between them is that the authorization
identity request control can only be included in a bind request (and the
corresponding response control will be included in the bind result), while
the "Who Am I?" extended operation can be used at any time through a separate
operation.
Example
The following example demonstrates the use of the "Who Am I?" extended
operation.
// Use the "Who Am I?" extended request to determine the identity of the
// currently-authenticated user.
WhoAmIExtendedResult whoAmIResult;
try
{
whoAmIResult = (WhoAmIExtendedResult)
connection.processExtendedOperation(new WhoAmIExtendedRequest());
// This doesn't necessarily mean that the operation was successful, since
// some kinds of extended operations return non-success results under
// normal conditions.
}
catch (LDAPException le)
{
// For an extended operation, this generally means that a problem was
// encountered while trying to send the request or read the result.
whoAmIResult = new WhoAmIExtendedResult(new ExtendedResult(le));
}
LDAPTestUtils.assertResultCodeEquals(whoAmIResult, ResultCode.SUCCESS);
String authzID = whoAmIResult.getAuthorizationID();
if (authzID.equals("") || authzID.equals("dn:"))
{
// The user is authenticated anonymously.
}
else if (authzID.startsWith("dn:"))
{
// The DN of the authenticated user should be authzID.substring(3)
}
else if (authzID.startsWith("u:"))
{
// The username of the authenticated user should be authzID.substring(2)
}
else
{
// The authorization ID isn't in any recognizable format. Perhaps it's
// a raw DN or a username?
}