*/
// False positive, we want to keep the comment
@SuppressWarnings("PMD.CollapsibleIfStatements")
public final void handleMessage( IoSession session, T message ) throws Exception
{
LdapSession ldapSession = ldapServer.getLdapSessionManager().getLdapSession( session );
if ( ldapSession == null )
{
// in some cases the session is becoming null though the client is sending the UnbindRequest
// before closing
LOG.info( "ignoring the message {} received from null session", message );
return;
}
// First check that the client hasn't issued a previous BindRequest, unless it
// was a SASL BindRequest
if ( ldapSession.isAuthPending() )
{
// Only SASL BinRequest are allowed if we already are handling a
// SASL BindRequest
if ( !( message instanceof BindRequest ) || ( ( BindRequest ) message ).isSimple()
|| ldapSession.isSimpleAuthPending() )
{
LOG.error( I18n.err( I18n.ERR_732 ) );
BindResponse bindResponse = new BindResponseImpl( message.getMessageId() );
LdapResult bindResult = bindResponse.getLdapResult();
bindResult.setResultCode( ResultCodeEnum.UNWILLING_TO_PERFORM );
bindResult.setDiagnosticMessage( I18n.err( I18n.ERR_732 ) );
ldapSession.getIoSession().write( bindResponse );
return;
}
}
// TODO - session you get from LdapServer should have the ldapServer
// member already set no? Should remove these lines where ever they
// may be if that's the case.
ldapSession.setLdapServer( ldapServer );
// protect against insecure conns when confidentiality is required
if ( !isConfidentialityRequirementSatisfied( session ) )
{
if ( message instanceof ExtendedRequest )
{
// Reject all extended operations except StartTls
ExtendedRequest<?> req = ( ExtendedRequest<?> ) message;
if ( !req.getRequestName().equals( StartTlsHandler.EXTENSION_OID ) )
{
rejectWithoutConfidentiality( session, req.getResultResponse() );
return;
}
// Allow StartTls extended operations to go through
}
else if ( message instanceof ResultResponseRequest )
{
// Reject all other operations that have a result response
rejectWithoutConfidentiality( session, ( ( ResultResponseRequest<?> ) message )
.getResultResponse() );
return;
}
else
// Just return from unbind, and abandon immediately
{
return;
}
}
// We should check that the server allows anonymous requests
// only if it's not a BindRequest
if ( message instanceof BindRequest )
{
handle( ldapSession, message );
}
else
{
CoreSession coreSession = null;
/*
* All requests except bind automatically presume the authentication
* is anonymous if the session has not been authenticated. Hence a
* default bind is presumed as the anonymous identity.
*/
if ( ldapSession.isAuthenticated() )
{
coreSession = ldapSession.getCoreSession();
handle( ldapSession, message );
return;
}
coreSession = getLdapServer().getDirectoryService().getSession();
ldapSession.setCoreSession( coreSession );
if ( message instanceof AbandonRequest )
{
return;
}