Sasl JDK 1.6)

Methods

publicstatic SaslClient createSaslClient (String mechanisms, String authorizationId, String protocol, String serverName, Map<String, Object> props, CallbackHandler cbh) throws SaslException

Creates a SaslClient using the parameters supplied.

Creates a SaslClient using the parameters supplied. This method uses the JCA Security Provider Framework, described in the "Java Cryptography Architecture API Specification & Reference", for locating and selecting a SaslClient implementation. First, it obtains an ordered list of SaslClientFactory instances from the registered security providers for the "SaslClientFactory" service and the specified SASL mechanism(s). It then invokes createSaslClient() on each factory instance on the list until one produces a non-null SaslClient instance. It returns the non-null SaslClient instance, or null if the search fails to produce a non-null SaslClient instance.

A security provider for SaslClientFactory registers with the JCA Security Provider Framework keys of the form
SaslClientFactory.mechanism_name
and values that are class names of implementations of javax.security.sasl.SaslClientFactory. For example, a provider that contains a factory class, com.wiz.sasl.digest.ClientFactory, that supports the "DIGEST-MD5" mechanism would register the following entry with the JCA: SaslClientFactory.DIGEST-MD5 com.wiz.sasl.digest.ClientFactory

See the "Java Cryptography Architecture API Specification & Reference" for information about how to install and configure security service providers.
Returns: A possibly null SaslClient created using the parameters supplied. If null, cannot find a SaslClientFactory that will produce one.
Parameters:
- mechanisms - The non-null list of mechanism names to try. Each is the IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
- authorizationId - The possibly null protocol-dependent identification to be used for authorization. If null or empty, the server derives an authorization ID from the client's authentication credentials. When the SASL authentication completes successfully, the specified entity is granted access.
- protocol - The non-null string name of the protocol for which the authentication is being performed (e.g., "ldap").
- serverName - The non-null fully-qualified host name of the server to authenticate to.
- props - The possibly null set of properties used to select the SASL mechanism and to configure the authentication exchange of the selected mechanism. For example, if props contains the Sasl.POLICY_NOPLAINTEXT property with the value "true", then the selected SASL mechanism must not be susceptible to simple plain passive attacks. In addition to the standard properties declared in this class, other, possibly mechanism-specific, properties can be included. Properties not relevant to the selected mechanism are ignored, including any map entries with non-String keys.
- cbh - The possibly null callback handler to used by the SASL mechanisms to get further information from the application/library to complete the authentication. For example, a SASL mechanism might require the authentication ID, password and realm from the caller. The authentication ID is requested by using a NameCallback. The password is requested by using a PasswordCallback. The realm is requested by using a RealmChoiceCallback if there is a list of realms to choose from, and by using a RealmCallback if the realm must be entered.
Throws:
- SaslException - If cannot create a SaslClient because of an error.

publicstatic SaslServer createSaslServer (String mechanism, String protocol, String serverName, Map<String, Object> props, CallbackHandler cbh) throws SaslException

Creates a SaslServer for the specified mechanism.

Creates a SaslServer for the specified mechanism. This method uses the JCA Security Provider Framework, described in the "Java Cryptography Architecture API Specification & Reference", for locating and selecting a SaslServer implementation. First, it obtains an ordered list of SaslServerFactory instances from the registered security providers for the "SaslServerFactory" service and the specified mechanism. It then invokes createSaslServer() on each factory instance on the list until one produces a non-null SaslServer instance. It returns the non-null SaslServer instance, or null if the search fails to produce a non-null SaslServer instance.

A security provider for SaslServerFactory registers with the JCA Security Provider Framework keys of the form
SaslServerFactory.mechanism_name
and values that are class names of implementations of javax.security.sasl.SaslServerFactory. For example, a provider that contains a factory class, com.wiz.sasl.digest.ServerFactory, that supports the "DIGEST-MD5" mechanism would register the following entry with the JCA: SaslServerFactory.DIGEST-MD5 com.wiz.sasl.digest.ServerFactory

See the "Java Cryptography Architecture API Specification & Reference" for information about how to install and configure security service providers.
Returns: A possibly null SaslServer created using the parameters supplied. If null, cannot find a SaslServerFactory that will produce one.
Parameters:
- mechanism - The non-null mechanism name. It must be an IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
- protocol - The non-null string name of the protocol for which the authentication is being performed (e.g., "ldap").
- serverName - The non-null fully qualified host name of the server.
- props - The possibly null set of properties used to select the SASL mechanism and to configure the authentication exchange of the selected mechanism. For example, if props contains the Sasl.POLICY_NOPLAINTEXT property with the value "true", then the selected SASL mechanism must not be susceptible to simple plain passive attacks. In addition to the standard properties declared in this class, other, possibly mechanism-specific, properties can be included. Properties not relevant to the selected mechanism are ignored, including any map entries with non-String keys.
- cbh - The possibly null callback handler to used by the SASL mechanisms to get further information from the application/library to complete the authentication. For example, a SASL mechanism might require the authentication ID, password and realm from the caller. The authentication ID is requested by using a NameCallback. The password is requested by using a PasswordCallback. The realm is requested by using a RealmChoiceCallback if there is a list of realms to choose from, and by using a RealmCallback if the realm must be entered.
Throws:
- SaslException - If cannot create a SaslServer because of an error.

publicstatic Enumeration<SaslClientFactory> getSaslClientFactories ()

Gets an enumeration of known factories for producing SaslClient.

publicstatic Enumeration<SaslServerFactory> getSaslServerFactories ()

Gets an enumeration of known factories for producing SaslServer.

Fields

Hide/Show inherited fields

publicfinalstatic String CREDENTIALS = "javax.security.sasl.credentials"

The name of a property that specifies the credentials to use.

publicfinalstatic String MAX_BUFFER = "javax.security.sasl.maxbuffer"

The name of a property that specifies the maximum size of the receive buffer in bytes of SaslClient/SaslServer.

publicfinalstatic String POLICY_FORWARD_SECRECY = "javax.security.sasl.policy.forward"

The name of a property that specifies whether mechanisms that implement forward secrecy between sessions are required.

publicfinalstatic String POLICY_NOACTIVE = "javax.security.sasl.policy.noactive"

The name of a property that specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted.

publicfinalstatic String POLICY_NOANONYMOUS = "javax.security.sasl.policy.noanonymous"

The name of a property that specifies whether mechanisms that accept anonymous login are not permitted.

publicfinalstatic String POLICY_NODICTIONARY = "javax.security.sasl.policy.nodictionary"

The name of a property that specifies whether mechanisms susceptible to passive dictionary attacks are not permitted.

publicfinalstatic String POLICY_NOPLAINTEXT = "javax.security.sasl.policy.noplaintext"

The name of a property that specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted.

publicfinalstatic String POLICY_PASS_CREDENTIALS = "javax.security.sasl.policy.credentials"

The name of a property that specifies whether mechanisms that pass client credentials are required.

publicfinalstatic String QOP = "javax.security.sasl.qop"

The name of a property that specifies the quality-of-protection to use.

publicfinalstatic String RAW_SEND_SIZE = "javax.security.sasl.rawsendsize"

The name of a property that specifies the maximum size of the raw send buffer in bytes of SaslClient/SaslServer.

publicfinalstatic String REUSE = "javax.security.sasl.reuse"

The name of a property that specifies whether to reuse previously authenticated session information.

publicfinalstatic String SERVER_AUTH = "javax.security.sasl.server.authentication"

The name of a property that specifies whether the server must authenticate to the client.

publicfinalstatic String STRENGTH = "javax.security.sasl.strength"

The name of a property that specifies the cipher strength to use.