When Java DMK 5.1 needs to translate an SnmpMsg object into an SnmpPdu object, it delegates this task to an object which implements SnmpPduFactory, as shown in Example 19–14.
interface SnmpPduFactory { // Makes an SnmpPdu from an SnmpMsg public SnmpPdu decodeSnmpPdu(SnmpMsg msg) throws SnmpStatusException ; // Makes an SnmpMsg from an SnmpPdu public SnmpMsg encodeSnmpPdu(SnmpPdu pdu, int maxPktSize) throws SnmpStatusException, SnmpTooBigException ; } |
SnmpPduFactory has two additional methods inherited from Java DMK 4.2, decodePdu and encodePdu, that are now deprecated but are kept for backwards compatibility.
Java DMK 5.1 provides a default implementation of theSnmpPduFactory, called SnmpPduFactoryBER. SnmpPduFactoryBER is used automatically unless stated otherwise. The SnmpPduFactoryBER methods control every incoming or outgoing SNMP PDU.
If decodeSnmpPdu() returns null, Java DMK will assume that the SnmpMsg is unsafe and will refuse it
If encodeSnmpPdu() returns null, Java DMK will assume that it cannot send the SnmpPdu safely and will abort the current request
Therefore, it is possible to implement a security policy using an SnmpPduFactory class. However, it is recommended to rely rather on the standard SNMPv3 policy. Using the SnmpPduFactory to implement additional levels of security only makes sense on an SNMPv1 or SNMPv2 framework, when SNMPv3 is not an option.