|
Java™ Platform Standard Ed. 6 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface SaslServer
Performs SASL authentication as a server.
A server such an LDAP server gets an instance of this class in order to perform authentication defined by a specific SASL mechanism. Invoking methods on the SaslServer instance generates challenges according to the SASL mechanism implemented by the SaslServer. As the authentication proceeds, the instance encapsulates the state of a SASL server's authentication exchange.
Here's an example of how an LDAP server might use a SaslServer. It first gets an instance of a SaslServer for the SASL mechanism requested by the client:
It can then proceed to use the server for authentication. For example, suppose the LDAP server received an LDAP BIND request containing the name of the SASL mechanism and an (optional) initial response. It then might use the server as follows:SaslServer ss = Sasl.createSaslServer(mechanism, "ldap", myFQDN, props, callbackHandler);
while (!ss.isComplete()) { try { byte[] challenge = ss.evaluateResponse(response); if (ss.isComplete()) { status = ldap.sendBindResponse(mechanism, challenge, SUCCESS); } else { status = ldap.sendBindResponse(mechanism, challenge, SASL_BIND_IN_PROGRESS); response = ldap.readBindRequest(); } } catch (SaslException e) { status = ldap.sendErrorResponse(e); break; } } if (ss.isComplete() && status == SUCCESS) { String qop = (String) sc.getNegotiatedProperty(Sasl.QOP); if (qop != null && (qop.equalsIgnoreCase("auth-int") || qop.equalsIgnoreCase("auth-conf"))) { // Use SaslServer.wrap() and SaslServer.unwrap() for future // communication with client ldap.in = new SecureInputStream(ss, ldap.in); ldap.out = new SecureOutputStream(ss, ldap.out); } }
Sasl
,
SaslServerFactory
Method Summary | |
---|---|
void |
dispose()
Disposes of any system resources or security-sensitive information the SaslServer might be using. |
byte[] |
evaluateResponse(byte[] response)
Evaluates the response data and generates a challenge. |
String |
getAuthorizationID()
Reports the authorization ID in effect for the client of this session. |
String |
getMechanismName()
Returns the IANA-registered mechanism name of this SASL server. |
Object |
getNegotiatedProperty(String propName)
Retrieves the negotiated property. |
boolean |
isComplete()
Determines whether the authentication exchange has completed. |
byte[] |
unwrap(byte[] incoming,
int offset,
int len)
Unwraps a byte array received from the client. |
byte[] |
wrap(byte[] outgoing,
int offset,
int len)
Wraps a byte array to be sent to the client. |
Method Detail |
---|
String getMechanismName()
byte[] evaluateResponse(byte[] response) throws SaslException
response
- The non-null (but possibly empty) response sent
by the client.
SaslException
- If an error occurred while processing
the response or generating a challenge.boolean isComplete()
String getAuthorizationID()
IllegalStateException
- if this authentication session has not completedbyte[] unwrap(byte[] incoming, int offset, int len) throws SaslException
incoming is the contents of the SASL buffer as defined in RFC 2222 without the leading four octet field that represents the length. offset and len specify the portion of incoming to use.
incoming
- A non-null byte array containing the encoded bytes
from the client.offset
- The starting position at incoming of the bytes to use.len
- The number of bytes from incoming to use.
SaslException
- if incoming cannot be successfully
unwrapped.
IllegalStateException
- if the authentication exchange has
not completed, or if the negotiated quality of protection
has neither integrity nor privacybyte[] wrap(byte[] outgoing, int offset, int len) throws SaslException
The result of this method will make up the contents of the SASL buffer as defined in RFC 2222 without the leading four octet field that represents the length. offset and len specify the portion of outgoing to use.
outgoing
- A non-null byte array containing the bytes to encode.offset
- The starting position at outgoing of the bytes to use.len
- The number of bytes from outgoing to use.
SaslException
- if outgoing cannot be successfully
wrapped.
IllegalStateException
- if the authentication exchange has
not completed, or if the negotiated quality of protection has
neither integrity nor privacy.Object getNegotiatedProperty(String propName)
propName
- the property
IllegalStateException
- if this authentication exchange has not completedvoid dispose() throws SaslException
SaslException
- If a problem was encountered while disposing
the resources.
|
Java™ Platform Standard Ed. 6 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright 2009 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.