com.novell.security.sasl
Class Sasl
java.lang.Object
com.novell.security.sasl.Sasl
- public class Sasl
- extends java.lang.Object
A static class for creating SASL clients and servers. It transparently locates
and uses any available SaslClientFactory/SaslServerFactory instances.
Currently, only the client methods are available.
Field Summary |
static java.lang.String |
CLIENTPKGS
The name of the property that specifies the SaslClientFactorys to use. |
static java.lang.String |
MAX_BUFFER
The name of a property that specifies the maximum size of the receive
buffer in bytes of SaslClient or SaslServer. |
static java.lang.String |
POLICY_FORWARD_SECRECY
The name of a property that specifies if mechanisms that implement
forward secrecy between sessions are required or not
The property can contain following values:
true - If such mechansims are required
false - If such mechanisms not required
Absence of the property is interpreted as "false". |
static java.lang.String |
POLICY_NOACTIVE
The name of a property that specifies if mechanisms susceptible to active
(non-dictionary) attacks are permitted or not. |
static java.lang.String |
POLICY_NOANONYMOUS
The name of a property that specifies if mechanisms that accept anonymous
login are permitted or not. |
static java.lang.String |
POLICY_NODICTIONARY
The name of a property that specifies if mechanisms susceptible to
passive dictionary attacks are permitted or not. |
static java.lang.String |
POLICY_NOPLAINTEXT
The name of a property that specifies if mechanisms susceptible to simple
plain passive attacks are permitted or not
The property can contain following values:
true - If such mechansims are not permitted
false - If such mechanisms are permitted
Absence of the property is interpreted as "false". |
static java.lang.String |
POLICY_PASS_CREDENTIALS
The name of a property that specifies if mechanisms that pass client
credentials are required or not
The property can contain following values:
true - If such mechansims are required
false - If such mechanisms are not required
Absence of the property is interpreted as "false". |
static java.lang.String |
QOP
The name of a property that specifies the quality-of-protection to use. |
static java.lang.String |
RAW_SEND_SIZE
The name of a property that specifies the maximum size of the raw send
buffer in bytes of SaslClient/SaslServer. |
static java.lang.String |
SERVER_AUTH
The name of a property that specifies whether the server must
authenticate to the client. |
static java.lang.String |
STRENGTH
The name of a property that specifies the cipher strength to use. |
Method Summary |
static SaslClient |
createSaslClient(java.lang.String[] mechanisms,
java.lang.String authorizationId,
java.lang.String protocol,
java.lang.String serverName,
java.util.Map props,
javax.security.auth.callback.CallbackHandler cbh)
Creates a SaslClient using the parameters supplied. |
static java.util.Enumeration |
getSaslClientFactories(java.util.Map props)
Gets an enumeration of known factories for producing SaslClient. |
static void |
setSaslClientFactory(SaslClientFactory fac)
Sets the default SaslClientFactory to use. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
CLIENTPKGS
public static final java.lang.String CLIENTPKGS
- The name of the property that specifies the SaslClientFactorys to use.
A |-separated list of package names to use when locating a
SaslClientFactory.Each package MUST contain a class named that
implements the SaslClientFactory interface
Value of this constant is "com.novell.security.sasl.client.pkgs"
- See Also:
- Constant Field Values
QOP
public static final java.lang.String QOP
- The name of a property that specifies the quality-of-protection to use.
A comma-separated, ordered list of quality-of-protection values
that the client or server is willing to support A qop valie is one of
- auth - authentication only
- auth-int - authentication plus integrity protection
- auth-conf - authentication plus integrity and
confidentiality protection
The order of the list specifies the preference order of the client
or server.If this property is absent, the default qop is "auth".
Value of this constant is "com.novell.security.sasl.qop"
- See Also:
- Constant Field Values
STRENGTH
public static final java.lang.String STRENGTH
- The name of a property that specifies the cipher strength to use.
A comma-separated, ordered list of cipher strength values that the
client or server is willing to support. A strength value is one of :
The order of the list specifies the preference order of the client
or server. An implementation SHOULD allow configuration of the meaning
of these values.
An application MAY use the Java Cryptography Extension (JCE) with
JCE-aware mechanisms to control the selection of cipher suites that
match the strength values.If this property is absent, the default
strength is "high,medium,low".
Value of this constant is "com.novell.security.sasl.strength"
- See Also:
- Constant Field Values
SERVER_AUTH
public static final java.lang.String SERVER_AUTH
- The name of a property that specifies whether the server must
authenticate to the client.
This property should be "true" if server must authenticate to client,
default is "false".
Value of this constant is "com.novell.security.sasl.authentication"
- See Also:
- Constant Field Values
MAX_BUFFER
public static final java.lang.String MAX_BUFFER
- The name of a property that specifies the maximum size of the receive
buffer in bytes of SaslClient or SaslServer.
The default size is defined by the mechanism.The property value is
the string representation of an integer.
Value of this constant is "com.novell.security.sasl.maxbuffer"
- See Also:
- Constant Field Values
RAW_SEND_SIZE
public static final java.lang.String RAW_SEND_SIZE
- The name of a property that specifies the maximum size of the raw send
buffer in bytes of SaslClient/SaslServer.
The property value is the string representation of an integer and is
negotiated between the client and server during the authentication
exchange.
Value of this constant is "com.novell.security.sasl.rawsendsize"
- See Also:
- Constant Field Values
POLICY_NOPLAINTEXT
public static final java.lang.String POLICY_NOPLAINTEXT
- The name of a property that specifies if mechanisms susceptible to simple
plain passive attacks are permitted or not
The property can contain following values:
- true - If such mechansims are not permitted
- false - If such mechanisms are permitted
Absence of the property is interpreted as "false".
Value of this constant is "com.novell.security.sasl.policy.noplaintext"
- See Also:
- Constant Field Values
POLICY_NOACTIVE
public static final java.lang.String POLICY_NOACTIVE
- The name of a property that specifies if mechanisms susceptible to active
(non-dictionary) attacks are permitted or not.
The property can contain following values:
- true - If such mechansims are not permitted
- false - If such mechanisms are permitted
Absence of the property is interpreted as "false".
Value of this constant is "com.novell.security.sasl.policy.noactive"
- See Also:
- Constant Field Values
POLICY_NODICTIONARY
public static final java.lang.String POLICY_NODICTIONARY
- The name of a property that specifies if mechanisms susceptible to
passive dictionary attacks are permitted or not.
The property can contain following values:
- true - If such mechansims are not permitted
- false - If such mechanisms are permitted
Absence of the property is interpreted as "false".
Value of this constant is "com.novell.security.sasl.policy.nodictionary"
- See Also:
- Constant Field Values
POLICY_NOANONYMOUS
public static final java.lang.String POLICY_NOANONYMOUS
- The name of a property that specifies if mechanisms that accept anonymous
login are permitted or not.
The property can contain following values:
- true - If such mechansims are not permitted
- false - If such mechanisms are permitted
Absence of the property is interpreted as "false".
Value of this constant is "com.novell.security.sasl.policy.noanonymous"
- See Also:
- Constant Field Values
POLICY_FORWARD_SECRECY
public static final java.lang.String POLICY_FORWARD_SECRECY
- The name of a property that specifies if mechanisms that implement
forward secrecy between sessions are required or not
The property can contain following values:
- true - If such mechansims are required
- false - If such mechanisms not required
Absence of the property is interpreted as "false".
Value of this constant is "com.novell.security.sasl.policy.forward"
- See Also:
- Constant Field Values
POLICY_PASS_CREDENTIALS
public static final java.lang.String POLICY_PASS_CREDENTIALS
- The name of a property that specifies if mechanisms that pass client
credentials are required or not
The property can contain following values:
- true - If such mechansims are required
- false - If such mechanisms are not required
Absence of the property is interpreted as "false".
Value of this constant is "com.novell.security.sasl.policy.credentials"
- See Also:
- Constant Field Values
createSaslClient
public static SaslClient createSaslClient(java.lang.String[] mechanisms,
java.lang.String authorizationId,
java.lang.String protocol,
java.lang.String serverName,
java.util.Map props,
javax.security.auth.callback.CallbackHandler cbh)
throws SaslException
- Creates a SaslClient using the parameters supplied.
The algorithm for selection is as follows:
- If a factory has been installed via setSaslClientFactory(),
invoke createSaslClient() on it. If the method invocation returns
a non-null SaslClient instance, return the SaslClient instance;
otherwise continue.
- Create a list of fully qualified class names using the package
names listed in the CLIENTPKGS ("com.novell.security.sasl.client.pkgs")
property in props and the class name ClientFactory. Each class name
in this list identifies a SaslClientFactory implementation. Starting
with the first class on the list, create an instance of SaslClientFactory
using the class' public no-argument constructor and invoke
createSaslClient() on it. If the method invocation returns a non-null
SaslClient instance, return it; otherwise repeat using the next class
on the list until a non-null SaslClient is produced or the list is
exhausted.
- Repeat the previous step using the CLIENTPKGS ("com.novell.security.sasl
.client.pkgs") System property instead of the property in props.
- As per the Java 2 Standard Edition version 1.3 service provider
guidelines, check for the existence of one of more files named
META-INF/services/com.novell.security.sasl.SaslClientFactory in the
classpath and installed JAR files. Each file lists the fully
qualified class names of the factories (i.e. implementations of
SaslClientFactory) found in the JAR files or classpath. Construct
a merged list of class names using these files and repeat Step 2
using this list. If there are more than one of these files, the
order in which they are processed is undefined. If no non-null
SaslClient instance is produced, return null.
- Parameters:
mechanisms
- The non-null list of mechanism names to try.Each
is the IANA-registered name of a SASL mechanism. (e.g. "Digest-MD5",
"NMAS_LOGIN").authorizationId
- The possibly null protocol-dependent
identification to be used for authorization.When the SASL authentication
completes successfully,the specified entity is granted access.protocol
- The non-null string name of the protocol for
which the authentication is being performed (e.g., "LDAP").serverName
- The non-null fully qualified host name of the
server to authenticate to.props
- The possibly null set of properties used to
select the SASL mechanisms and to configure the authentication exchange
of teh selected mechanism. For example, "if props includes the
Sasl.POLICY_NOPLAINTEXT property with the value "true", then the selected
SASL mechanism must not be susceptible to simple plain passive attacks.cbh
- The possibly null callback handler to used by
the SASL mechanisms to get further information from the application/
library to complete the authentication. For example, a SASL mechanism
might require the authentication ID and password from the caller.The
authentication ID is requested by using a NameCallback. The password is
requested by using a PasswordCallback. The realm is requested by using
a RealmChoiceCallback if there is a list of realms to choose from, and
by using a RealmCallback if the realm must be entered.
- Returns:
- A non-null SaslClient using teh parameters supplied. It returns
null if no SaslClient can be created using the parameters supplied.
- Throws:
SaslException
- if it cannot create a SaslClient because
of an error.
getSaslClientFactories
public static java.util.Enumeration getSaslClientFactories(java.util.Map props)
- Gets an enumeration of known factories for producing SaslClient.
This method uses the same sources for locating factories as
createSaslClient().
- Parameters:
props
- A possibly null set of properties that may contain policy
properties and the property CLIENTPKGS("com.novell.security.sasl.client.pkgs")
for specifying a list of SaslClientFactory implementation package names.
- Returns:
- An enumeration of known SaslClientfactories for producing
SaslClient.
setSaslClientFactory
public static void setSaslClientFactory(SaslClientFactory fac)
- Sets the default SaslClientFactory to use.
This method sets fac to be the default factory. It can only be called
with a non-null value once per VM.
- Throws:
java.lang.IllegalStateException
- If a factory has been set already
Copyright © 2002 Novell, Inc. All Rights Reserved.
Novell, Inc.
1800 South Novell Place
Provo, Ut 84606
Phone: (801) 861-5000