|
All LDAP Classes Internal LDAP Classes |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.novell.sasl.client.ClientFactory
Implements a ClientFactory class for all the saslClients in this package
Constructor Summary | |
ClientFactory()
|
Method Summary | |
SaslClient |
createSaslClient(java.lang.String[] mechanisms,
java.lang.String authorizationId,
java.lang.String protocol,
java.lang.String serverName,
java.util.Map props,
javax.security.auth.callback.CallbackHandler cbh)
Creates a SaslClient using the parameters supplied |
java.lang.String[] |
getMechanismNames(java.util.Map props)
Returns an array of names of mechanisms that match the specified mechanism selection policies |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public ClientFactory()
Method Detail |
public SaslClient createSaslClient(java.lang.String[] mechanisms, java.lang.String authorizationId, java.lang.String protocol, java.lang.String serverName, java.util.Map props, javax.security.auth.callback.CallbackHandler cbh) throws SaslException
createSaslClient
in interface SaslClientFactory
mechanisms
- The non-null list of mechanism names to try. Each is
the IANA-registered name of a SASL mechanism (e.g. "GSSAPI", "CRAM-MD5")authorizationId
- The possibly null protocol-dependent
identification to be used for authorization. If
null or empty, the server derives an authorization
ID from the client's authentication credentials.
When the SASL authentication completes
successfully, the specified entity is granted
access.protocol
- The non-null string name of the protocol for which
the authentication is being performed (e.g. "ldap")serverName
- The non-null fully qualified host name of the server
to authenticate toprops
- The possibly null set of properties used to select
the SASL mechanism and to configure the
authentication exchange of the selected mechanism.
See the Sasl class for a list of standard properties.
Other, possibly mechanism-specific, properties can
be included. Properties not relevant to the selected
mechanism are ignored.cbh
- The possibly null callback handler to used by the
SASL mechanisms to get further information from the
application/library to complete the authentication.
For example, a SASL mechanism might require the
authentication ID, password and realm from the
caller. The authentication ID is requested by using
a NameCallback. The password is requested by using
a PasswordCallback. The realm is requested by using
a RealmChoiceCallback if there is a list of realms
to choose from, and by using a RealmCallback if the
realm must be entered.
SaslException
- If a SaslClient instance cannot be created
because of an errorpublic java.lang.String[] getMechanismNames(java.util.Map props)
getMechanismNames
in interface SaslClientFactory
props
- The possibly null set of properties used to specify the
security policy of the SASL mechanisms. For example, if
props contains the Sasl.POLICY_NOPLAINTEXT property with
the value "true", then the factory must not return any
SASL mechanisms that are susceptible to simple plain
passive attacks. Non-policy related properties, if
present in props, are ignored.
QOP ("javax.security.sasl.qop")
A comma-separated, ordered list of quality-of-protection
values that the client or server is willing to support. A
qop value is one of
"auth" authentication only
"auth-int" authentication plus integrity protection
"auth-conf" authentication plus integrity and
confidentiality protection
The order of the list specifies the preference order of
the client or server. If this property is absent, the
default qop is "auth".
STRENGTH ("javax.security.sasl.strength")
A comma-separated, ordered list of cipher strength values
that the client or server is willing to support. A
strength value is one of
"low"
"medium"
"high"
The order of the list specifies the preference order of
the client or server. An implementation SHOULD allow
configuration of the meaning of these values.
An application MAY use the Java Cryptography Extension
(JCE) with JCE-aware mechanisms to control the selection
of cipher suites that match the strength values.
If this property is absent, the default strength is
"high,medium,low".
SERVER_AUTH ("javax.security.sasl.server.authentication")
"true" if server must authenticate to client; default
"false"
MAX_BUFFER ("javax.security.sasl.maxbuffer")
Maximum size of receive buffer in bytes of
SaslClient/SaslServer; the default is defined by the
mechanism. The property value is the string
representation of an integer.
CLIENT_PKGS ("javax.security.sasl.client.pkgs")
A |-separated list of package names to use when locating
a SaslClientFactory. Each package MUST contain a class
named ClientFactory that implements the SaslClientFactory
interface.
SERVER_PKGS ("javax.security.sasl.server.pkgs")
A |-separated list of package names to use when locating
a SaslServerFactory. Each package MUST contain a class
named ServerFactory that implements the SaslServerFactory
interface.
RAW_SEND_SIZE ("javax.security.sasl.rawsendsize")
Maximum size of the raw send buffer in bytes of
SaslClient/SaslServer. The property value is the string
representation of an integer and is negotiated between
the client and server during the authentication exchange.
The following properties are for defining a security policy for a
server or client. Absence of the property is interpreted as "false".
POLICY_NOPLAINTEXT ("javax.security.sasl.policy.noplaintext")
"true" if mechanisms susceptible to simple
plain passive attacks (e.g. "PLAIN") are
not permitted
"false" if such mechanisms are permitted
POLICY_NOACTIVE ("javax.security.sasl.policy.noactive")
"true" if mechanisms susceptible to active
(non-dictionary) attacks are not
permitted
"false" if such mechanisms are permitted.
POLICY_NODICTIONARY ("javax.security.sasl.policy.nodictionary")
"true" if mechanisms susceptible to passive
dictionary attacks are not permitted
"false" if such mechanisms are permitted
POLICY_NOANONYMOUS ("javax.security.sasl.policy.noanonymous")
"true" if mechanisms that accept anonymous
login are not permitted
"false" if such mechanisms are permitted
POLICY_FORWARD_SECRECY ("javax.security.sasl.policy.forward")
Forward secrecy means that breaking into one session will not
automatically provide information for breaking into future sessions.
"true" if mechanisms that implement forward
secrecy between sessions are required
"false" if such mechanisms are not required
POLICY_PASS_CREDENTIALS ("javax.security.sasl.policy.credentials")
"true" if mechanisms that pass client
credentials are required
"false" if such mechanisms are not required
|
All LDAP Classes Internal LDAP Classes |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |