|
2
|
1 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
|
2 |
<html>
|
|
|
3 |
<head>
|
|
|
4 |
<!--
|
|
|
5 |
Copyright 1999-2006 Sun Microsystems, Inc. All Rights Reserved.
|
|
|
6 |
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
7 |
|
|
|
8 |
This code is free software; you can redistribute it and/or modify it
|
|
|
9 |
under the terms of the GNU General Public License version 2 only, as
|
|
|
10 |
published by the Free Software Foundation. Sun designates this
|
|
|
11 |
particular file as subject to the "Classpath" exception as provided
|
|
|
12 |
by Sun in the LICENSE file that accompanied this code.
|
|
|
13 |
|
|
|
14 |
This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
15 |
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
16 |
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
17 |
version 2 for more details (a copy is included in the LICENSE file that
|
|
|
18 |
accompanied this code).
|
|
|
19 |
|
|
|
20 |
You should have received a copy of the GNU General Public License version
|
|
|
21 |
2 along with this work; if not, write to the Free Software Foundation,
|
|
|
22 |
Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
23 |
|
|
|
24 |
Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
|
|
25 |
CA 95054 USA or visit www.sun.com if you need additional information or
|
|
|
26 |
have any questions.
|
|
|
27 |
-->
|
|
|
28 |
</head>
|
|
|
29 |
<body bgcolor="white">
|
|
|
30 |
|
|
|
31 |
Contains class and interfaces for supporting SASL.
|
|
|
32 |
|
|
|
33 |
This package defines classes and interfaces for SASL mechanisms.
|
|
|
34 |
It is used by developers to add authentication support for
|
|
|
35 |
connection-based protocols that use SASL.
|
|
|
36 |
|
|
|
37 |
<h4>SASL Overview</h4>
|
|
|
38 |
<p>
|
|
|
39 |
|
|
|
40 |
Simple Authentication and Security Layer (SASL) specifies a
|
|
|
41 |
challenge-response protocol in which data is exchanged between the
|
|
|
42 |
client and the server for the purposes of
|
|
|
43 |
authentication and (optional) establishment of a security layer on
|
|
|
44 |
which to carry on subsequent communications. It is used with
|
|
|
45 |
connection-based protocols such as LDAPv3 or IMAPv4. SASL is
|
|
|
46 |
described in
|
|
|
47 |
<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>.
|
|
|
48 |
|
|
|
49 |
<p>
|
|
|
50 |
There are various <em>mechanisms</em> defined for SASL.
|
|
|
51 |
Each mechanism defines the data that must be exchanged between the
|
|
|
52 |
client and server in order for the authentication to succeed.
|
|
|
53 |
This data exchange required for a particular mechanism is referred to
|
|
|
54 |
to as its <em>protocol profile</em>.
|
|
|
55 |
The following are some examples of mechanims that have been defined by
|
|
|
56 |
the Internet standards community.
|
|
|
57 |
<ul>
|
|
|
58 |
<li>DIGEST-MD5 (<A HREF="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>).
|
|
|
59 |
This mechanism defines how HTTP Digest Authentication can be used as a SASL
|
|
|
60 |
mechanism.
|
|
|
61 |
<li>Anonymous (<A HREF="http://www.ietf.org/rfc/rfc2245.txt">RFC 2245</a>).
|
|
|
62 |
This mechamism is anonymous authentication in which no credentials are
|
|
|
63 |
necessary.
|
|
|
64 |
<li>External (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
|
|
|
65 |
This mechanism obtains authentication information
|
|
|
66 |
from an external source (such as TLS or IPsec).
|
|
|
67 |
<li>S/Key (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
|
|
|
68 |
This mechanism uses the MD4 digest algorithm to exchange data based on
|
|
|
69 |
a shared secret.
|
|
|
70 |
<li>GSSAPI (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
|
|
|
71 |
This mechanism uses the
|
|
|
72 |
<A HREF="http://www.ietf.org/rfc/rfc2078.txt">GSSAPI</A>
|
|
|
73 |
for obtaining authentication information.
|
|
|
74 |
</ul>
|
|
|
75 |
|
|
|
76 |
<p>
|
|
|
77 |
Some of these mechanisms provide both authentication and establishment
|
|
|
78 |
of a security layer, others only authentication. Anonymous and
|
|
|
79 |
S/Key do not provide for any security layers. GSSAPI and DIGEST-MD5
|
|
|
80 |
allow negotiation of the security layer. For External, the
|
|
|
81 |
security layer is determined by the external protocol.
|
|
|
82 |
|
|
|
83 |
<h4>Usage</h4>
|
|
|
84 |
|
|
|
85 |
<p>
|
|
|
86 |
Users of this API are typically developers who produce
|
|
|
87 |
client library implementations for connection-based protocols,
|
|
|
88 |
such as LDAPv3 and IMAPv4,
|
|
|
89 |
and developers who write servers (such as LDAP servers and IMAP servers).
|
|
|
90 |
Developers who write client libraries use the
|
|
|
91 |
<tt>SaslClient</tt> and <tt>SaslClientFactory</tt> interfaces.
|
|
|
92 |
Developers who write servers use the
|
|
|
93 |
<tt>SaslServer</tt> and <tt>SaslServerFactory</tt> interfaces.
|
|
|
94 |
<p>
|
|
|
95 |
Among these two groups of users, each can be further divided into two groups:
|
|
|
96 |
those who <em>produce</em> the SASL mechanisms and those
|
|
|
97 |
who <em>use</em> the SASL mechanisms.
|
|
|
98 |
The producers of SASL mechanisms need to provide implementations
|
|
|
99 |
for these interfaces, while users of the SASL mechanisms use
|
|
|
100 |
the APIs in this package to access those implementations.
|
|
|
101 |
|
|
|
102 |
<h2>Related Documentation</h2>
|
|
|
103 |
|
|
|
104 |
Please refer to the
|
|
|
105 |
<a href="../../../../technotes/guides/security/sasl/sasl-refguide.html">Java
|
|
|
106 |
SASL Programming Guide</a> for information on how to use this API.
|
|
|
107 |
|
|
|
108 |
|
|
|
109 |
@since 1.5
|
|
|
110 |
|
|
|
111 |
|
|
|
112 |
</body>
|
|
|
113 |
</html>
|
|
|
114 |
|