changeset 47216 71c04702a3d5
parent 45136 bd5c526bc443
child 55131 9889f5e3ba00
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.naming/share/classes/javax/naming/ldap/package.html	Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,266 @@
+Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+This code is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License version 2 only, as
+published by the Free Software Foundation.  Oracle designates this
+particular file as subject to the "Classpath" exception as provided
+by Oracle in the LICENSE file that accompanied this code.
+This code is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+version 2 for more details (a copy is included in the LICENSE file that
+accompanied this code).
+You should have received a copy of the GNU General Public License version
+2 along with this work; if not, write to the Free Software Foundation,
+Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+or visit if you need additional information or have any
+<body bgcolor="white">
+Provides support for LDAPv3 extended operations and controls.
+This package extends the directory operations of the Java Naming and
+Directory Interface&trade; (JNDI). &nbsp;
+JNDI provides naming and directory functionality to applications
+written in the Java programming language.  It is designed to be
+independent of any specific naming or directory service
+implementation.  Thus a variety of services--new, emerging, and
+already deployed ones--can be accessed in a common way.
+This package is for applications and service providers that deal with
+LDAPv3 extended operations and controls, as defined by
+<a href=>RFC 2251</a>.
+The core interface in this package is <code>LdapContext</code>, which defines
+methods on a context for performing extended operations and handling
+<h3>Extended Operations</h3>
+This package defines the interface <code>ExtendedRequest</code>
+to represent the argument to an extended operation,
+and the interface <code>ExtendedResponse</code> to represent the result
+of the extended operation.
+An extended response is always paired with an extended request
+but not necessarily vice versa. That is, you can have an extended request
+that has no corresponding extended response.
+An application typically does not deal directly with these interfaces.
+Instead, it deals with classes that <em>implement</em> these
+The application gets these classes either as part of a
+repertoire of extended operations standardized through the IETF, or
+from directory vendors for vendor-specific extended operations.
+The request classes should have constructors that accept
+arguments in a type-safe and user-friendly manner, while the
+response classes should have access methods for getting the data
+of the response in a type-safe and user-friendly manner.
+Internally, the request/response classes deal with encoding and decoding
+BER values.
+For example, suppose an LDAP server supports a "get time" extended operation.
+It would supply classes such as
+<code>GetTimeRequest</code> and <code>GetTimeResponse</code>,
+so that applications can use this feature.
+An application would use these classes as follows:
+GetTimeResponse resp =
+    (GetTimeResponse) ectx.extendedOperation(new GetTimeRequest());
+long time = resp.getTime();
+The <code>GetTimeRequest</code> and <code>GetTimeResponse</code> classes might
+be defined as follows:
+public class GetTimeRequest implements ExtendedRequest {
+    // User-friendly constructor 
+    public GetTimeRequest() {
+    };
+    // Methods used by service providers
+    public String getID() {
+        return GETTIME_REQ_OID;
+    }
+    public byte[] getEncodedValue() {
+        return null;  // no value needed for get time request
+    }
+    public ExtendedResponse createExtendedResponse(
+        String id, byte[] berValue, int offset, int length) throws NamingException {
+        return new GetTimeResponse(id, berValue, offset, length);
+    }
+public class GetTimeResponse() implements ExtendedResponse {
+    long time;
+    // called by GetTimeRequest.createExtendedResponse()
+    public GetTimeResponse(String id, byte[] berValue, int offset, int length)
+        throws NamingException {
+        // check validity of id
+        long time =  ... // decode berValue to get time
+    }
+    // Type-safe and User-friendly methods
+    public java.util.Date getDate() { return new java.util.Date(time); }
+    public long getTime() { return time; }
+    // Low level methods
+    public byte[] getEncodedValue() {
+        return // berValue saved;
+    }
+    public String getID() {
+        return GETTIME_RESP_OID;
+    }
+This package defines the interface <code>Control</code> to represent an LDAPv3
+control. It can be a control that is sent to an LDAP server
+(<em>request control</em>) or a control returned by an LDAP server
+(<em>response control</em>).  Unlike extended requests and responses,
+there is not necessarily any pairing between request controls and
+response controls.  You can send request controls and expect no
+response controls back, or receive response controls without sending
+any request controls.
+An application typically does not deal directly with this interface.
+Instead, it deals with classes that <em>implement</em> this interface.
+The application gets control classes either as part of a repertoire of
+controls standardized through the IETF, or from directory vendors for
+vendor-specific controls.  The request control classes should have
+constructors that accept arguments in a type-safe and user-friendly
+manner, while the response control classes should have access methods
+for getting the data of the response in a type-safe and user-friendly
+manner.  Internally, the request/response control classes deal with
+encoding and decoding BER values.
+For example, suppose an LDAP server supports a "signed results"
+request control, which when sent with a request, asks the
+server to digitally sign the results of an operation.
+It would supply a class <code>SignedResultsControl</code>  so that applications
+can use this feature.
+An application  would use this class as follows:
+Control[] reqCtls = new Control[] {new SignedResultsControl(Control.CRITICAL)};
+NamingEnumeration enum =;
+The <code>SignedResultsControl</code> class might be defined as follows:
+public class SignedResultsControl implements Control {
+    // User-friendly constructor 
+    public SignedResultsControl(boolean criticality) {
+	// assemble the components of the request control
+    };
+    // Methods used by service providers
+    public String getID() {
+        return // control's object identifier
+    }
+    public byte[] getEncodedValue() {
+        return // ASN.1 BER encoded control value
+    }
+    ...
+When a service provider receives response controls, it uses
+the <code>ControlFactory</code> class to produce specific classes
+that implement the <code>Control</code> interface.
+An LDAP server can send back response controls with an LDAP operation
+and also with enumeration results, such as those returned
+by a list or search operation.
+The <code>LdapContext</code> provides a method (<code>getResponseControls()</code>)
+for getting the response controls sent with an LDAP operation,
+while the <code>HasControls</code> interface is used to retrieve
+response controls associated with enumeration results.
+For example, suppose an LDAP server sends back a "change ID" control in response
+to a successful modification. It would supply a class <code>ChangeIDControl</code>
+so that the application can use this feature.
+An application would perform an update, and then try to get the change ID.
+// Perform update
+Context ctx = ectx.createSubsubcontext("cn=newobj");
+// Get response controls
+Control[] respCtls = ectx.getResponseControls();
+if (respCtls != null) {
+    // Find the one we want
+    for (int i = 0; i &lt; respCtls; i++) {
+        if(respCtls[i] instanceof ChangeIDControl) {
+	    ChangeIDControl cctl = (ChangeIDControl)respCtls[i];
+	    System.out.println(cctl.getChangeID());
+        }
+    }
+The vendor might supply the following <code>ChangeIDControl</code> and
+<code>VendorXControlFactory</code> classes. The <code>VendorXControlFactory</code>
+will be used by the service provider when the provider receives response
+controls from the LDAP server.
+public class ChangeIDControl implements Control {
+    long id;
+    // Constructor used by ControlFactory
+    public ChangeIDControl(String OID, byte[] berVal) throws NamingException {
+        // check validity of OID
+        id = // extract change ID from berVal
+    };
+    // Type-safe and User-friendly method
+    public long getChangeID() {
+        return id;
+    }
+    // Low-level methods
+    public String getID() {
+        return CHANGEID_OID;
+    }
+    public byte[] getEncodedValue() {
+        return // original berVal
+    }
+    ...
+public class VendorXControlFactory extends ControlFactory {
+    public VendorXControlFactory () {
+    }
+    public Control getControlInstance(Control orig) throws NamingException {
+        if (isOneOfMyControls(orig.getID())) {
+	    ...
+	    // determine which of ours it is and call its constructor
+	    return (new ChangeIDControl(orig.getID(), orig.getEncodedValue()));
+	}
+        return null;  // not one of ours
+    }
+<h2>Package Specification</h2>
+The JNDI API Specification and related documents can be found in the
+{@extLink jndi_overview JNDI documentation}.
+@since 1.3