com.ibm.security.sasl.gsskerb
Class FactoryImpl
- java.lang.Object
com.ibm.security.sasl.gsskerb.FactoryImpl
All implemented interfaces:
- public final class FactoryImpl
- extends java.lang.Object
- implements SaslClientFactory, SaslServerFactory
Author:
Rosanna Lee
Constructor Summary
Constructor and Description |
---|
FactoryImpl()
|
Method Summary
Modifier and Type | Method and Description |
---|---|
createSaslClient(java.lang.String[] mechs,java.lang.String authorizationId,java.lang.String protocol,java.lang.String serverName,java.util.Map<java.lang.String,?> props,javax.security.auth.callback.CallbackHandler cbh)
|
|
createSaslServer(java.lang.String mech,java.lang.String protocol,java.lang.String serverName,java.util.Map<java.lang.String,?> props,javax.security.auth.callback.CallbackHandler cbh)
|
|
|
getMechanismNames(java.util.Map<java.lang.String,?> props)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
FactoryImpl
- public FactoryImpl()
Method Detail
createSaslClient
- public SaslClient createSaslClient( java.lang.String[] mechs,
- java.lang.String authorizationId,
- java.lang.String protocol,
- java.lang.String serverName,
- java.util.Map<java.lang.String,?> props,
- javax.security.auth.callback.CallbackHandler cbh)
- throws SaslException
Creates a SaslClient using the parameters supplied.
Specified by:
createSaslClient
in interface SaslClientFactory
Parameters:
mechs
- The non-null list of mechanism names to try. Each is the
IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5"). authorizationId
- The possibly null protocol-dependent
identification to be used for authorization.
If null or empty, the server derives an authorization
ID from the client's authentication credentials.
When the SASL authentication completes successfully,
the specified entity is granted access. protocol
- The non-null string name of the protocol for which
the authentication is being performed (e.g., "ldap"). serverName
- The non-null fully qualified host name
of the server to authenticate to. props
- The possibly null set of properties used to select the SASL
mechanism and to configure the authentication exchange of the selected
mechanism. See the Sasl
class for a list of standard properties.
Other, possibly mechanism-specific, properties can be included.
Properties not relevant to the selected mechanism are ignored. cbh
- The possibly null callback handler to used by the SASL
mechanisms to get further information from the application/library
to complete the authentication. For example, a SASL mechanism might
require the authentication ID, password and realm from the caller.
The authentication ID is requested by using a NameCallback
.
The password is requested by using a PasswordCallback
.
The realm is requested by using a RealmChoiceCallback
if there is a list
of realms to choose from, and by using a RealmCallback
if
the realm must be entered. Returns:
A possibly null
SaslClient
created using the parameters
supplied. If null, this factory cannot produce a SaslClient
using the parameters supplied. Throws:
SaslException
- If cannot create a SaslClient
because
of an error. createSaslServer
- public SaslServer createSaslServer( java.lang.String mech,
- java.lang.String protocol,
- java.lang.String serverName,
- java.util.Map<java.lang.String,?> props,
- javax.security.auth.callback.CallbackHandler cbh)
- throws SaslException
Description copied from interface:
SaslServerFactory
Creates a
SaslServer
using the parameters supplied.
It returns null
if no SaslServer
can be created using the parameters supplied.
Throws SaslException
if it cannot create a SaslServer
because of an error.
Specified by:
createSaslServer
in interface SaslServerFactory
Parameters:
mech
- The non-null
IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5"). protocol
- The non-null string name of the protocol for which
the authentication is being performed (e.g., "ldap"). serverName
- The non-null fully qualified host name of the server
to authenticate to. props
- The possibly null set of properties used to select the SASL
mechanism and to configure the authentication exchange of the selected
mechanism. See the Sasl
class for a list of standard properties.
Other, possibly mechanism-specific, properties can be included.
Properties not relevant to the selected mechanism are ignored. cbh
- The possibly null callback handler to used by the SASL
mechanisms to get further information from the application/library
to complete the authentication. For example, a SASL mechanism might
require the authentication ID, password and realm from the caller.
The authentication ID is requested by using a NameCallback
.
The password is requested by using a PasswordCallback
.
The realm is requested by using a RealmChoiceCallback
if there is a list
of realms to choose from, and by using a RealmCallback
if
the realm must be entered. Returns:
A possibly null
SaslServer
created using the parameters
supplied. If null, this factory cannot produce a SaslServer
using the parameters supplied. Throws:
SaslException
- If cannot create a SaslServer
because
of an error. getMechanismNames
- public java.lang.String[] getMechanismNames( java.util.Map<java.lang.String,?> props)
Description copied from interface:
SaslClientFactory
Returns an array of names of mechanisms that match the specified
mechanism selection policies.
Specified by:
getMechanismNames
in interface SaslClientFactory
Specified by:
getMechanismNames
in interface SaslServerFactory
Parameters:
props
- The possibly null set of properties used to specify the
security policy of the SASL mechanisms. For example, if props
contains the Sasl.POLICY_NOPLAINTEXT
property with the value
"true"
, then the factory must not return any SASL mechanisms
that are susceptible to simple plain passive attacks.
See the Sasl
class for a complete list of policy properties.
Non-policy related properties, if present in props
, are ignored. Returns:
A non-null array containing a IANA-registered SASL mechanism names.
SaslClientFactory