public interface SaslServer
A server such an LDAP server gets an instance of this class in order to perform authentication defined by a specific SASL mechanism. Invoking methods on the SaslServer instance generates challenges according to the SASL mechanism implemented by the SaslServer. As the authentication proceeds, the instance encapsulates the state of a SASL server's authentication exchange.
Here's an example of how an LDAP server might use a SaslServer. It first gets an instance of a SaslServer for the SASL mechanism requested by the client:
It can then proceed to use the server for authentication. For example, suppose the LDAP server received an LDAP BIND request containing the name of the SASL mechanism and an (optional) initial response. It then might use the server as follows:SaslServer ss = Sasl.createSaslServer(mechanism, "ldap", myFQDN, props, callbackHandler);
while (!ss.isComplete()) { try { byte[] challenge = ss.evaluateResponse(response); if (ss.isComplete()) { status = ldap.sendBindResponse(mechanism, challenge, SUCCESS); } else { status = ldap.sendBindResponse(mechanism, challenge, SASL_BIND_IN_PROGRESS); response = ldap.readBindRequest(); } } catch (SaslException e) { status = ldap.sendErrorResponse(e); break; } } if (ss.isComplete() && status == SUCCESS) { String qop = (String) sc.getNegotiatedProperty(Sasl.QOP); if (qop != null && (qop.equalsIgnoreCase("auth-int") || qop.equalsIgnoreCase("auth-conf"))) { // Use SaslServer.wrap() and SaslServer.unwrap() for future // communication with client ldap.in = new SecureInputStream(ss, ldap.in); ldap.out = new SecureOutputStream(ss, ldap.out); } }
Sasl
,
SaslServerFactory
Modifier and Type | Method and Description |
---|---|
void |
dispose()
Disposes of any system resources or security-sensitive information
the SaslServer might be using.
|
byte[] |
evaluateResponse(byte[] response)
Evaluates the response data and generates a challenge.
|
String |
getAuthorizationID()
Reports the authorization ID in effect for the client of this
session.
|
String |
getMechanismName()
Returns the IANA-registered mechanism name of this SASL server.
|
Object |
getNegotiatedProperty(String propName)
Retrieves the negotiated property.
|
boolean |
isComplete()
Determines whether the authentication exchange has completed.
|
byte[] |
unwrap(byte[] incoming,
int offset,
int len)
Unwraps a byte array received from the client.
|
byte[] |
wrap(byte[] outgoing,
int offset,
int len)
Wraps a byte array to be sent to the client.
|
String getMechanismName()
byte[] evaluateResponse(byte[] response) throws SaslException
response
- The non-null (but possibly empty) response sent
by the client.SaslException
- If an error occurred while processing
the response or generating a challenge.boolean isComplete()
String getAuthorizationID()
IllegalStateException
- if this authentication session has not completedbyte[] unwrap(byte[] incoming, int offset, int len) throws SaslException
incoming is the contents of the SASL buffer as defined in RFC 2222 without the leading four octet field that represents the length. offset and len specify the portion of incoming to use.
incoming
- A non-null byte array containing the encoded bytes
from the client.offset
- The starting position at incoming of the bytes to use.len
- The number of bytes from incoming to use.SaslException
- if incoming cannot be successfully
unwrapped.IllegalStateException
- if the authentication exchange has
not completed, or if the negotiated quality of protection
has neither integrity nor privacybyte[] wrap(byte[] outgoing, int offset, int len) throws SaslException
The result of this method will make up the contents of the SASL buffer as defined in RFC 2222 without the leading four octet field that represents the length. offset and len specify the portion of outgoing to use.
outgoing
- A non-null byte array containing the bytes to encode.offset
- The starting position at outgoing of the bytes to use.len
- The number of bytes from outgoing to use.SaslException
- if outgoing cannot be successfully
wrapped.IllegalStateException
- if the authentication exchange has
not completed, or if the negotiated quality of protection has
neither integrity nor privacy.Object getNegotiatedProperty(String propName)
propName
- the propertyIllegalStateException
- if this authentication exchange has not completedvoid dispose() throws SaslException
SaslException
- If a problem was encountered while disposing
the resources. Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2011, Oracle and/or its affiliates. All rights reserved.
DRAFT ea-b138