com.netscape.sasl
Class Sasl
java.lang.Object
|
+--com.netscape.sasl.Sasl
- public class Sasl
- extends java.lang.Object
A static class for creating SASL clients and servers.
This class defines the policy of how to locate, load, and instantiate
SASL clients and servers.
Currently, only the client methods are available.
For example, an application or library gets a SASL client by doing
something like:
SaslClient sc = Sasl.createSaslClient(mechanisms,
authorizationId, protocol, serverName, props, callbackHandler);
It can then proceed to use the client create an authentication connection.
For example, an LDAP library might use the client as follows:
InputStream is = ldap.getInputStream();
OutputStream os = ldap.getOutputStream();
byte[] toServer = sc.createInitialResponse();
LdapResult res = ldap.sendBindRequest(dn, sc.getName(), toServer);
while (!sc.isComplete() && res.status == SASL_BIND_IN_PROGRESS) {
toServer = sc.evaluateChallenge(res.getBytesFromServer());
if (toServer != null) {
res = ldap.sendBindRequest(dn, sc.getName(), toServer);
}
}
if (sc.isComplete() && res.status == SUCCESS) {
// Get the input and output streams; may be unchanged
is = sc.getInputStream( is );
os = sc.getOutputStream( os );
// Use these streams from now on
ldap.setInputStream( is );
ldap.setOutputStream( os );
}
IMPLEMENTATION NOTE: To use this class on JDK1.2, the caller needs:
- java.lang.RuntimePermission("getSecurityManager")
- java.lang.RuntimePermission("getClassLoader")
- java.util.PropertyPermission("javax.security.sasl.client.pkgs", "read");
Field Summary |
static java.lang.String |
CLIENTPKGS
The property name containing a list of package names, separated by
'|'. |
Method Summary |
static SaslClient |
createSaslClient(java.lang.String[] mechanisms,
java.lang.String authorizationId,
java.lang.String protocol,
java.lang.String serverName,
java.util.Hashtable props,
javax.security.auth.callback.CallbackHandler cbh)
Creates a SaslClient using the parameters supplied. |
static void |
setSaslClientFactory(SaslClientFactory fac)
Sets the default SaslClientFactory to use. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
CLIENTPKGS
public static final java.lang.String CLIENTPKGS
- The property name containing a list of package names, separated by
'|'. Each package contains a class named ClientFactory that
implements the SaslClientFactory interface.
Its value is "javax.security.sasl.client.pkgs".
createSaslClient
public static SaslClient createSaslClient(java.lang.String[] mechanisms,
java.lang.String authorizationId,
java.lang.String protocol,
java.lang.String serverName,
java.util.Hashtable props,
javax.security.auth.callback.CallbackHandler cbh)
throws SaslException
- Creates a SaslClient using the parameters supplied.
The algorithm for selection is as follows:
- If a factory has been installed via setSaslClientFactory(),
try it first. If non-null answer produced, return it.
- The javax.security.sasl.client.pkgs property contains
a '|'-separated list of package names. Each package contains a
class named ClientFactory. Load each factory
and try to create a SaslClient.
Repeat this for
each package on the list until a non-null answer is produced.
If non-null answer produced, return it.
- Repeat previous step using the javax.security.sasl.client.pkgs
System property.
- If no non-null answer produced, return null.
- Parameters:
mechanisms
- The non-null list of mechanism names to try. Each is the
IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").authorizationId
- The possibly null authorization ID to use. When
the SASL authentication completes successfully, the entity named
by authorizationId is granted access.protocol
- The non-null string name of the protocol for which
the authentication is being performed (e.g., "ldap").serverName
- The non-null string name of the server to which
we are creating an authenticated connection.props
- The possibly null properties to be used by the SASL
mechanisms to configure the authentication exchange. For example,
"javax.security.sasl.encryption.maximum" might be used to specify
the maximum key length to use for encryption.cbh
- The possibly null callback handler to used by the SASL
mechanisms to get further information from the application/library
to complete the authentication. For example, a SASL mechanism might
require the authentication ID and password from the caller.- Returns:
- A possibly null SaslClient created using the parameters
supplied. If null, cannot find a SaslClientFactory
that will produce one.
- Throws:
- SaslException - If cannot create a SaslClient because
of an error.
setSaslClientFactory
public static void setSaslClientFactory(SaslClientFactory fac)
- Sets the default SaslClientFactory to use.
This method sets fac to be the default factory.
It can only be called with a non-null value once per VM.
If a factory has been set already, this method throws
IllegalStateException.
- Parameters:
fac
- The possibly null factory to set. If null, doesn't
do anything.- Throws:
- java.lang.IllegalStateException - If factory already set.