Class Sasl

java.lang.Object
com.netscape.sasl.Sasl

public class Sasl extends Object
A static class for creating SASL clients and servers.

This class defines the policy of how to locate, load, and instantiate SASL clients and servers. Currently, only the client methods are available.

For example, an application or library gets a SASL client by doing something like:

 SaslClient sc = Sasl.createSaslClient(mechanisms,
     authorizationId, protocol, serverName, props, callbackHandler);
It can then proceed to use the client create an authentication connection. For example, an LDAP library might use the client as follows:

 InputStream is = ldap.getInputStream();
 OutputStream os = ldap.getOutputStream();
 byte[] toServer = sc.createInitialResponse();
 LdapResult res = ldap.sendBindRequest(dn, sc.getName(), toServer);
 while (!sc.isComplete() && res.status == SASL_BIND_IN_PROGRESS) {
     toServer = sc.evaluateChallenge(res.getBytesFromServer());
     if (toServer != null) {
        res = ldap.sendBindRequest(dn, sc.getName(), toServer);
     }
 }
 if (sc.isComplete() && res.status == SUCCESS) {
     // Get the input and output streams; may be unchanged
     is = sc.getInputStream( is );
     os = sc.getOutputStream( os );
     // Use these streams from now on
     ldap.setInputStream( is );
     ldap.setOutputStream( os );
 }
 
IMPLEMENTATION NOTE: To use this class on JDK1.2, the caller needs:
  • java.lang.RuntimePermission("getSecurityManager")
  • java.lang.RuntimePermission("getClassLoader")
  • java.util.PropertyPermission("javax.security.sasl.client.pkgs", "read");
  • Field Details

    • CLIENTPKGS

      public static final String CLIENTPKGS
      The property name containing a list of package names, separated by '|'. Each package contains a class named ClientFactory that implements the SaslClientFactory interface. Its value is "javax.security.sasl.client.pkgs".
      See Also:
  • Method Details

    • createSaslClient

      public static SaslClient createSaslClient(String[] mechanisms, String authorizationId, String protocol, String serverName, Hashtable<Object,Object> props, CallbackHandler cbh) throws SaslException
      Creates a SaslClient using the parameters supplied. The algorithm for selection is as follows:
      1. If a factory has been installed via setSaslClientFactory(), try it first. If non-null answer produced, return it.
      2. The javax.security.sasl.client.pkgs property contains a '|'-separated list of package names. Each package contains a class named ClientFactory. Load each factory and try to create a SaslClient. Repeat this for each package on the list until a non-null answer is produced. If non-null answer produced, return it.
      3. Repeat previous step using the javax.security.sasl.client.pkgs System property.
      4. If no non-null answer produced, return null.
      Parameters:
      mechanisms - The non-null list of mechanism names to try. Each is the IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
      authorizationId - The possibly null authorization ID to use. When the SASL authentication completes successfully, the entity named by authorizationId is granted access.
      protocol - The non-null string name of the protocol for which the authentication is being performed (e.g., "ldap").
      serverName - The non-null string name of the server to which we are creating an authenticated connection.
      props - The possibly null properties to be used by the SASL mechanisms to configure the authentication exchange. For example, "javax.security.sasl.encryption.maximum" might be used to specify the maximum key length to use for encryption.
      cbh - The possibly null callback handler to used by the SASL mechanisms to get further information from the application/library to complete the authentication. For example, a SASL mechanism might require the authentication ID and password from the caller.
      Returns:
      A possibly null SaslClient created using the parameters supplied. If null, cannot find a SaslClientFactory that will produce one.
      Throws:
      SaslException - If cannot create a SaslClient because of an error.
    • setSaslClientFactory

      public static void setSaslClientFactory(SaslClientFactory fac)
      Sets the default SaslClientFactory to use. This method sets fac to be the default factory. It can only be called with a non-null value once per VM. If a factory has been set already, this method throws IllegalStateException.
      Parameters:
      fac - The possibly null factory to set. If null, doesn't do anything.
      Throws:
      IllegalStateException - If factory already set.