| author | jlaskey |
| Tue, 16 Jul 2013 09:09:09 -0300 | |
| changeset 21394 | 131a8af639f4 |
| parent 5551 | 327690766109 |
| permissions | -rw-r--r-- |
| 2 | 1 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
2 |
<html> |
|
3 |
<head> |
|
4 |
<!-- |
|
| 5506 | 5 |
Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved. |
| 2 | 6 |
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
7 |
||
8 |
This code is free software; you can redistribute it and/or modify it |
|
9 |
under the terms of the GNU General Public License version 2 only, as |
|
| 5506 | 10 |
published by the Free Software Foundation. Oracle designates this |
| 2 | 11 |
particular file as subject to the "Classpath" exception as provided |
| 5506 | 12 |
by Oracle in the LICENSE file that accompanied this code. |
| 2 | 13 |
|
14 |
This code is distributed in the hope that it will be useful, but WITHOUT |
|
15 |
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
16 |
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
17 |
version 2 for more details (a copy is included in the LICENSE file that |
|
18 |
accompanied this code). |
|
19 |
||
20 |
You should have received a copy of the GNU General Public License version |
|
21 |
2 along with this work; if not, write to the Free Software Foundation, |
|
22 |
Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
23 |
||
|
5551
327690766109
6956202: Fix a few missed rebranding issues, please contact lines etc.
ohair
parents:
5506
diff
changeset
|
24 |
Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
327690766109
6956202: Fix a few missed rebranding issues, please contact lines etc.
ohair
parents:
5506
diff
changeset
|
25 |
or visit www.oracle.com if you need additional information or have any |
|
327690766109
6956202: Fix a few missed rebranding issues, please contact lines etc.
ohair
parents:
5506
diff
changeset
|
26 |
questions. |
| 2 | 27 |
--> |
28 |
</head> |
|
29 |
<body bgcolor="white"> |
|
30 |
||
31 |
Contains class and interfaces for supporting SASL. |
|
32 |
||
33 |
This package defines classes and interfaces for SASL mechanisms. |
|
34 |
It is used by developers to add authentication support for |
|
35 |
connection-based protocols that use SASL. |
|
36 |
||
37 |
<h4>SASL Overview</h4> |
|
38 |
<p> |
|
39 |
||
40 |
Simple Authentication and Security Layer (SASL) specifies a |
|
41 |
challenge-response protocol in which data is exchanged between the |
|
42 |
client and the server for the purposes of |
|
43 |
authentication and (optional) establishment of a security layer on |
|
44 |
which to carry on subsequent communications. It is used with |
|
45 |
connection-based protocols such as LDAPv3 or IMAPv4. SASL is |
|
46 |
described in |
|
47 |
<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>. |
|
48 |
||
49 |
<p> |
|
50 |
There are various <em>mechanisms</em> defined for SASL. |
|
51 |
Each mechanism defines the data that must be exchanged between the |
|
52 |
client and server in order for the authentication to succeed. |
|
53 |
This data exchange required for a particular mechanism is referred to |
|
54 |
to as its <em>protocol profile</em>. |
|
55 |
The following are some examples of mechanims that have been defined by |
|
56 |
the Internet standards community. |
|
57 |
<ul> |
|
58 |
<li>DIGEST-MD5 (<A HREF="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>). |
|
59 |
This mechanism defines how HTTP Digest Authentication can be used as a SASL |
|
60 |
mechanism. |
|
61 |
<li>Anonymous (<A HREF="http://www.ietf.org/rfc/rfc2245.txt">RFC 2245</a>). |
|
62 |
This mechamism is anonymous authentication in which no credentials are |
|
63 |
necessary. |
|
64 |
<li>External (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>). |
|
65 |
This mechanism obtains authentication information |
|
66 |
from an external source (such as TLS or IPsec). |
|
67 |
<li>S/Key (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>). |
|
68 |
This mechanism uses the MD4 digest algorithm to exchange data based on |
|
69 |
a shared secret. |
|
70 |
<li>GSSAPI (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>). |
|
71 |
This mechanism uses the |
|
72 |
<A HREF="http://www.ietf.org/rfc/rfc2078.txt">GSSAPI</A> |
|
73 |
for obtaining authentication information. |
|
74 |
</ul> |
|
75 |
||
76 |
<p> |
|
77 |
Some of these mechanisms provide both authentication and establishment |
|
78 |
of a security layer, others only authentication. Anonymous and |
|
79 |
S/Key do not provide for any security layers. GSSAPI and DIGEST-MD5 |
|
80 |
allow negotiation of the security layer. For External, the |
|
81 |
security layer is determined by the external protocol. |
|
82 |
||
83 |
<h4>Usage</h4> |
|
84 |
||
85 |
<p> |
|
86 |
Users of this API are typically developers who produce |
|
87 |
client library implementations for connection-based protocols, |
|
88 |
such as LDAPv3 and IMAPv4, |
|
89 |
and developers who write servers (such as LDAP servers and IMAP servers). |
|
90 |
Developers who write client libraries use the |
|
91 |
<tt>SaslClient</tt> and <tt>SaslClientFactory</tt> interfaces. |
|
92 |
Developers who write servers use the |
|
93 |
<tt>SaslServer</tt> and <tt>SaslServerFactory</tt> interfaces. |
|
94 |
<p> |
|
95 |
Among these two groups of users, each can be further divided into two groups: |
|
96 |
those who <em>produce</em> the SASL mechanisms and those |
|
97 |
who <em>use</em> the SASL mechanisms. |
|
98 |
The producers of SASL mechanisms need to provide implementations |
|
99 |
for these interfaces, while users of the SASL mechanisms use |
|
100 |
the APIs in this package to access those implementations. |
|
101 |
||
102 |
<h2>Related Documentation</h2> |
|
103 |
||
104 |
Please refer to the |
|
105 |
<a href="../../../../technotes/guides/security/sasl/sasl-refguide.html">Java |
|
106 |
SASL Programming Guide</a> for information on how to use this API. |
|
107 |
||
108 |
||
109 |
@since 1.5 |
|
110 |
||
111 |
||
112 |
</body> |
|
113 |
</html> |
|
114 |