jdk/src/share/classes/javax/security/sasl/package.html
author ohair
Wed, 26 May 2010 20:28:04 -0700
changeset 5551 327690766109
parent 5506 202f599c92aa
permissions -rw-r--r--
6956202: Fix a few missed rebranding issues, please contact lines etc. Reviewed-by: jjg, darcy, weijun
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
90ce3da70b43 Initial load
duke
parents:
diff changeset
     2
<html>
90ce3da70b43 Initial load
duke
parents:
diff changeset
     3
<head>
90ce3da70b43 Initial load
duke
parents:
diff changeset
     4
<!--
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
     5
Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     6
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     7
90ce3da70b43 Initial load
duke
parents:
diff changeset
     8
This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load
duke
parents:
diff changeset
     9
under the terms of the GNU General Public License version 2 only, as
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
    10
published by the Free Software Foundation.  Oracle designates this
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    11
particular file as subject to the "Classpath" exception as provided
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
    12
by Oracle in the LICENSE file that accompanied this code.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    13
90ce3da70b43 Initial load
duke
parents:
diff changeset
    14
This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load
duke
parents:
diff changeset
    15
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load
duke
parents:
diff changeset
    16
FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
90ce3da70b43 Initial load
duke
parents:
diff changeset
    17
version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load
duke
parents:
diff changeset
    18
accompanied this code).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    19
90ce3da70b43 Initial load
duke
parents:
diff changeset
    20
You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load
duke
parents:
diff changeset
    21
2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    22
Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    23
5551
327690766109 6956202: Fix a few missed rebranding issues, please contact lines etc.
ohair
parents: 5506
diff changeset
    24
Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
327690766109 6956202: Fix a few missed rebranding issues, please contact lines etc.
ohair
parents: 5506
diff changeset
    25
or visit www.oracle.com if you need additional information or have any
327690766109 6956202: Fix a few missed rebranding issues, please contact lines etc.
ohair
parents: 5506
diff changeset
    26
questions.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    27
-->
90ce3da70b43 Initial load
duke
parents:
diff changeset
    28
</head>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    29
<body bgcolor="white">
90ce3da70b43 Initial load
duke
parents:
diff changeset
    30
90ce3da70b43 Initial load
duke
parents:
diff changeset
    31
Contains class and interfaces for supporting SASL.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    32
90ce3da70b43 Initial load
duke
parents:
diff changeset
    33
This package defines classes and interfaces for SASL mechanisms.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    34
It is used by developers to add authentication support for 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    35
connection-based protocols that use SASL. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    36
90ce3da70b43 Initial load
duke
parents:
diff changeset
    37
<h4>SASL Overview</h4>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    38
<p>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    39
90ce3da70b43 Initial load
duke
parents:
diff changeset
    40
Simple Authentication and Security Layer (SASL) specifies a
90ce3da70b43 Initial load
duke
parents:
diff changeset
    41
challenge-response protocol in which data is exchanged between the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    42
client and the server for the purposes of
90ce3da70b43 Initial load
duke
parents:
diff changeset
    43
authentication and (optional) establishment of a security layer on
90ce3da70b43 Initial load
duke
parents:
diff changeset
    44
which to carry on subsequent communications.  It is used with
90ce3da70b43 Initial load
duke
parents:
diff changeset
    45
connection-based protocols such as LDAPv3 or IMAPv4.  SASL is
90ce3da70b43 Initial load
duke
parents:
diff changeset
    46
described in
90ce3da70b43 Initial load
duke
parents:
diff changeset
    47
<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    48
90ce3da70b43 Initial load
duke
parents:
diff changeset
    49
<p>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    50
There are various <em>mechanisms</em> defined for SASL.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    51
Each mechanism defines the data that must be exchanged between the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    52
client and server in order for the authentication to succeed.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    53
This data exchange required for a particular mechanism is referred to
90ce3da70b43 Initial load
duke
parents:
diff changeset
    54
to as its <em>protocol profile</em>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    55
The following are some examples of mechanims that have been defined by 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    56
the Internet standards community.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    57
<ul>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    58
<li>DIGEST-MD5 (<A HREF="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    59
This mechanism defines how HTTP Digest Authentication can be used as a SASL
90ce3da70b43 Initial load
duke
parents:
diff changeset
    60
mechanism.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    61
<li>Anonymous (<A HREF="http://www.ietf.org/rfc/rfc2245.txt">RFC 2245</a>).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    62
This mechamism is anonymous authentication in which no credentials are
90ce3da70b43 Initial load
duke
parents:
diff changeset
    63
necessary.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    64
<li>External (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    65
This mechanism obtains authentication information 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    66
from an external source (such as TLS or IPsec).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    67
<li>S/Key (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    68
This mechanism uses the MD4 digest algorithm to exchange data based on
90ce3da70b43 Initial load
duke
parents:
diff changeset
    69
a shared secret.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    70
<li>GSSAPI (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    71
This mechanism uses the 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    72
<A HREF="http://www.ietf.org/rfc/rfc2078.txt">GSSAPI</A>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    73
for obtaining authentication information.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    74
</ul>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    75
90ce3da70b43 Initial load
duke
parents:
diff changeset
    76
<p>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    77
Some of these mechanisms provide both authentication and establishment
90ce3da70b43 Initial load
duke
parents:
diff changeset
    78
of a security layer, others only authentication.  Anonymous and
90ce3da70b43 Initial load
duke
parents:
diff changeset
    79
S/Key do not provide for any security layers.  GSSAPI and DIGEST-MD5
90ce3da70b43 Initial load
duke
parents:
diff changeset
    80
allow negotiation of the security layer.  For External, the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    81
security layer is determined by the external protocol.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    82
90ce3da70b43 Initial load
duke
parents:
diff changeset
    83
<h4>Usage</h4>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    84
90ce3da70b43 Initial load
duke
parents:
diff changeset
    85
<p>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    86
Users of this API are typically developers who produce
90ce3da70b43 Initial load
duke
parents:
diff changeset
    87
client library implementations for connection-based protocols,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    88
such as LDAPv3 and IMAPv4,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    89
and developers who write servers (such as LDAP servers and IMAP servers).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    90
Developers who write client libraries use the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    91
<tt>SaslClient</tt> and <tt>SaslClientFactory</tt> interfaces.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    92
Developers who write servers use the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    93
<tt>SaslServer</tt> and <tt>SaslServerFactory</tt> interfaces.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    94
<p>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    95
Among these two groups of users, each can be further divided into two groups:
90ce3da70b43 Initial load
duke
parents:
diff changeset
    96
those who <em>produce</em> the SASL mechanisms and those 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    97
who <em>use</em> the SASL mechanisms.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    98
The producers of SASL mechanisms need to provide implementations
90ce3da70b43 Initial load
duke
parents:
diff changeset
    99
for these interfaces, while users of the SASL mechanisms use 
90ce3da70b43 Initial load
duke
parents:
diff changeset
   100
the APIs in this package to access those implementations.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   101
90ce3da70b43 Initial load
duke
parents:
diff changeset
   102
<h2>Related Documentation</h2>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   103
90ce3da70b43 Initial load
duke
parents:
diff changeset
   104
Please refer to the 
90ce3da70b43 Initial load
duke
parents:
diff changeset
   105
<a href="../../../../technotes/guides/security/sasl/sasl-refguide.html">Java 
90ce3da70b43 Initial load
duke
parents:
diff changeset
   106
SASL Programming Guide</a> for information on how to use this API.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   107
90ce3da70b43 Initial load
duke
parents:
diff changeset
   108
90ce3da70b43 Initial load
duke
parents:
diff changeset
   109
@since 1.5
90ce3da70b43 Initial load
duke
parents:
diff changeset
   110
90ce3da70b43 Initial load
duke
parents:
diff changeset
   111
90ce3da70b43 Initial load
duke
parents:
diff changeset
   112
</body>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   113
</html>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   114