Directory SDK 4.1 for Java API Specification: Class Sasl

Overview

Package

Class

Tree

Deprecated

Index

Help

LDAPJDK 4.1

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.netscape.sasl
Class Sasl

java.lang.Object
  |
  +--com.netscape.sasl.Sasl

public class Sasl
extends java.lang.Object

A static class for creating SASL clients and servers.

This class defines the policy of how to locate, load, and instantiate SASL clients and servers. Currently, only the client methods are available.

For example, an application or library gets a SASL client by doing something like:

 SaslClient sc = Sasl.createSaslClient(mechanisms,
     authorizationId, protocol, serverName, props, callbackHandler);

It can then proceed to use the client create an authentication connection. For example, an LDAP library might use the client as follows:

 InputStream is = ldap.getInputStream();
 OutputStream os = ldap.getOutputStream();
 byte[] toServer = sc.createInitialResponse();
 LdapResult res = ldap.sendBindRequest(dn, sc.getName(), toServer);
 while (!sc.isComplete() && res.status == SASL_BIND_IN_PROGRESS) {
     toServer = sc.evaluateChallenge(res.getBytesFromServer());
     if (toServer != null) {
        res = ldap.sendBindRequest(dn, sc.getName(), toServer);
     }
 }
 if (sc.isComplete() && res.status == SUCCESS) {
     // Get the input and output streams; may be unchanged
     is = sc.getInputStream( is );
     os = sc.getOutputStream( os );
     // Use these streams from now on
     ldap.setInputStream( is );
     ldap.setOutputStream( os );
 }

IMPLEMENTATION NOTE: To use this class on JDK1.2, the caller needs:

java.lang.RuntimePermission("getSecurityManager") java.lang.RuntimePermission("getClassLoader")

java.util.PropertyPermission("javax.security.sasl.client.pkgs", "read");

Field Summary

static java.lang.String CLIENTPKGS
          The property name containing a list of package names, separated by '|'.

Method Summary

static SaslClient createSaslClient(java.lang.String[] mechanisms, java.lang.String authorizationId, java.lang.String protocol, java.lang.String serverName, java.util.Hashtable props, javax.security.auth.callback.CallbackHandler cbh)
          Creates a SaslClient using the parameters supplied.

static void setSaslClientFactory(SaslClientFactory fac)
          Sets the default SaslClientFactory to use.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLIENTPKGS

public static final java.lang.String CLIENTPKGS

The property name containing a list of package names, separated by '|'. Each package contains a class named ClientFactory that implements the SaslClientFactory interface. Its value is "javax.security.sasl.client.pkgs".

Method Detail

createSaslClient

public static SaslClient createSaslClient(java.lang.String[] mechanisms,
                                          java.lang.String authorizationId,
                                          java.lang.String protocol,
                                          java.lang.String serverName,
                                          java.util.Hashtable props,
                                          javax.security.auth.callback.CallbackHandler cbh)
                                   throws SaslException

Creates a SaslClient using the parameters supplied. The algorithm for selection is as follows:

If a factory has been installed via setSaslClientFactory(), try it first. If non-null answer produced, return it.
The javax.security.sasl.client.pkgs property contains a '|'-separated list of package names. Each package contains a class named ClientFactory. Load each factory and try to create a SaslClient. Repeat this for each package on the list until a non-null answer is produced. If non-null answer produced, return it.
Repeat previous step using the javax.security.sasl.client.pkgs System property.
If no non-null answer produced, return null.

Parameters:: mechanisms - The non-null list of mechanism names to try. Each is the IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").; authorizationId - The possibly null authorization ID to use. When the SASL authentication completes successfully, the entity named by authorizationId is granted access.; protocol - The non-null string name of the protocol for which the authentication is being performed (e.g., "ldap").; serverName - The non-null string name of the server to which we are creating an authenticated connection.; props - The possibly null properties to be used by the SASL mechanisms to configure the authentication exchange. For example, "javax.security.sasl.encryption.maximum" might be used to specify the maximum key length to use for encryption.; cbh - The possibly null callback handler to used by the SASL mechanisms to get further information from the application/library to complete the authentication. For example, a SASL mechanism might require the authentication ID and password from the caller.
Returns:: A possibly null SaslClient created using the parameters supplied. If null, cannot find a SaslClientFactory that will produce one.
Throws:: SaslException - If cannot create a SaslClient because of an error.

setSaslClientFactory

public static void setSaslClientFactory(SaslClientFactory fac)

Sets the default SaslClientFactory to use. This method sets fac to be the default factory. It can only be called with a non-null value once per VM. If a factory has been set already, this method throws IllegalStateException.

Parameters:: fac - The possibly null factory to set. If null, doesn't do anything.
Throws:: java.lang.IllegalStateException - If factory already set.