Package com.netscape.sasl
Class Sasl
java.lang.Object
com.netscape.sasl.Sasl
A static class for creating SASL clients and servers.
This class defines the policy of how to locate, load, and instantiate SASL clients and servers. Currently, only the client methods are available.
For example, an application or library gets a SASL client by doing something like:
It can then proceed to use the client create an authentication connection. For example, an LDAP library might use the client as follows:SaslClient sc = Sasl.createSaslClient(mechanisms, authorizationId, protocol, serverName, props, callbackHandler);
InputStream is = ldap.getInputStream();
OutputStream os = ldap.getOutputStream();
byte[] toServer = sc.createInitialResponse();
LdapResult res = ldap.sendBindRequest(dn, sc.getName(), toServer);
while (!sc.isComplete() && res.status == SASL_BIND_IN_PROGRESS) {
toServer = sc.evaluateChallenge(res.getBytesFromServer());
if (toServer != null) {
res = ldap.sendBindRequest(dn, sc.getName(), toServer);
}
}
if (sc.isComplete() && res.status == SUCCESS) {
// Get the input and output streams; may be unchanged
is = sc.getInputStream( is );
os = sc.getOutputStream( os );
// Use these streams from now on
ldap.setInputStream( is );
ldap.setOutputStream( os );
}
IMPLEMENTATION NOTE: To use this class on JDK1.2, the caller needs:
- java.lang.RuntimePermission("getSecurityManager")
- java.lang.RuntimePermission("getClassLoader")
- java.util.PropertyPermission("javax.security.sasl.client.pkgs", "read");
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
The property name containing a list of package names, separated by '|'. -
Method Summary
Modifier and TypeMethodDescriptionstatic SaslClient
createSaslClient
(String[] mechanisms, String authorizationId, String protocol, String serverName, Hashtable<Object, Object> props, CallbackHandler cbh) Creates a SaslClient using the parameters supplied.static void
Sets the default SaslClientFactory to use.
-
Field Details
-
CLIENTPKGS
The property name containing a list of package names, separated by '|'. Each package contains a class named ClientFactory that implements the SaslClientFactory interface. Its value is "javax.security.sasl.client.pkgs".- See Also:
-
-
Method Details
-
createSaslClient
public static SaslClient createSaslClient(String[] mechanisms, String authorizationId, String protocol, String serverName, Hashtable<Object, Object> props, CallbackHandler cbh) throws SaslExceptionCreates a SaslClient using the parameters supplied. The algorithm for selection is as follows:- If a factory has been installed via setSaslClientFactory(), try it first. If non-null answer produced, return it.
- The javax.security.sasl.client.pkgs property contains a '|'-separated list of package names. Each package contains a class named ClientFactory. Load each factory and try to create a SaslClient. Repeat this for each package on the list until a non-null answer is produced. If non-null answer produced, return it.
- Repeat previous step using the javax.security.sasl.client.pkgs System property.
- If no non-null answer produced, return null.
- Parameters:
mechanisms
- The non-null list of mechanism names to try. Each is the IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").authorizationId
- The possibly null authorization ID to use. When the SASL authentication completes successfully, the entity named by authorizationId is granted access.protocol
- The non-null string name of the protocol for which the authentication is being performed (e.g., "ldap").serverName
- The non-null string name of the server to which we are creating an authenticated connection.props
- The possibly null properties to be used by the SASL mechanisms to configure the authentication exchange. For example, "javax.security.sasl.encryption.maximum" might be used to specify the maximum key length to use for encryption.cbh
- The possibly null callback handler to used by the SASL mechanisms to get further information from the application/library to complete the authentication. For example, a SASL mechanism might require the authentication ID and password from the caller.- Returns:
- A possibly null SaslClient created using the parameters supplied. If null, cannot find a SaslClientFactory that will produce one.
- Throws:
SaslException
- If cannot create a SaslClient because of an error.
-
setSaslClientFactory
Sets the default SaslClientFactory to use. This method sets fac to be the default factory. It can only be called with a non-null value once per VM. If a factory has been set already, this method throws IllegalStateException.- Parameters:
fac
- The possibly null factory to set. If null, doesn't do anything.- Throws:
IllegalStateException
- If factory already set.
-