1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
|
2 <html> |
|
3 <head> |
|
4 <!-- |
|
5 Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved. |
|
6 DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
7 |
|
8 This code is free software; you can redistribute it and/or modify it |
|
9 under the terms of the GNU General Public License version 2 only, as |
|
10 published by the Free Software Foundation. Oracle designates this |
|
11 particular file as subject to the "Classpath" exception as provided |
|
12 by Oracle in the LICENSE file that accompanied this code. |
|
13 |
|
14 This code is distributed in the hope that it will be useful, but WITHOUT |
|
15 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
16 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
17 version 2 for more details (a copy is included in the LICENSE file that |
|
18 accompanied this code). |
|
19 |
|
20 You should have received a copy of the GNU General Public License version |
|
21 2 along with this work; if not, write to the Free Software Foundation, |
|
22 Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
23 |
|
24 Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
25 or visit www.oracle.com if you need additional information or have any |
|
26 questions. |
|
27 --> |
|
28 </head> |
|
29 <body bgcolor="white"> |
|
30 |
|
31 Contains class and interfaces for supporting SASL. |
|
32 |
|
33 This package defines classes and interfaces for SASL mechanisms. |
|
34 It is used by developers to add authentication support for |
|
35 connection-based protocols that use SASL. |
|
36 |
|
37 <h4>SASL Overview</h4> |
|
38 <p> |
|
39 |
|
40 Simple Authentication and Security Layer (SASL) specifies a |
|
41 challenge-response protocol in which data is exchanged between the |
|
42 client and the server for the purposes of |
|
43 authentication and (optional) establishment of a security layer on |
|
44 which to carry on subsequent communications. It is used with |
|
45 connection-based protocols such as LDAPv3 or IMAPv4. SASL is |
|
46 described in |
|
47 <A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>. |
|
48 |
|
49 <p> |
|
50 There are various <em>mechanisms</em> defined for SASL. |
|
51 Each mechanism defines the data that must be exchanged between the |
|
52 client and server in order for the authentication to succeed. |
|
53 This data exchange required for a particular mechanism is referred to |
|
54 to as its <em>protocol profile</em>. |
|
55 The following are some examples of mechanims that have been defined by |
|
56 the Internet standards community. |
|
57 <ul> |
|
58 <li>DIGEST-MD5 (<A HREF="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>). |
|
59 This mechanism defines how HTTP Digest Authentication can be used as a SASL |
|
60 mechanism. |
|
61 <li>Anonymous (<A HREF="http://www.ietf.org/rfc/rfc2245.txt">RFC 2245</a>). |
|
62 This mechamism is anonymous authentication in which no credentials are |
|
63 necessary. |
|
64 <li>External (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>). |
|
65 This mechanism obtains authentication information |
|
66 from an external source (such as TLS or IPsec). |
|
67 <li>S/Key (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>). |
|
68 This mechanism uses the MD4 digest algorithm to exchange data based on |
|
69 a shared secret. |
|
70 <li>GSSAPI (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>). |
|
71 This mechanism uses the |
|
72 <A HREF="http://www.ietf.org/rfc/rfc2078.txt">GSSAPI</A> |
|
73 for obtaining authentication information. |
|
74 </ul> |
|
75 |
|
76 <p> |
|
77 Some of these mechanisms provide both authentication and establishment |
|
78 of a security layer, others only authentication. Anonymous and |
|
79 S/Key do not provide for any security layers. GSSAPI and DIGEST-MD5 |
|
80 allow negotiation of the security layer. For External, the |
|
81 security layer is determined by the external protocol. |
|
82 |
|
83 <h4>Usage</h4> |
|
84 |
|
85 <p> |
|
86 Users of this API are typically developers who produce |
|
87 client library implementations for connection-based protocols, |
|
88 such as LDAPv3 and IMAPv4, |
|
89 and developers who write servers (such as LDAP servers and IMAP servers). |
|
90 Developers who write client libraries use the |
|
91 <tt>SaslClient</tt> and <tt>SaslClientFactory</tt> interfaces. |
|
92 Developers who write servers use the |
|
93 <tt>SaslServer</tt> and <tt>SaslServerFactory</tt> interfaces. |
|
94 <p> |
|
95 Among these two groups of users, each can be further divided into two groups: |
|
96 those who <em>produce</em> the SASL mechanisms and those |
|
97 who <em>use</em> the SASL mechanisms. |
|
98 The producers of SASL mechanisms need to provide implementations |
|
99 for these interfaces, while users of the SASL mechanisms use |
|
100 the APIs in this package to access those implementations. |
|
101 |
|
102 <h2>Related Documentation</h2> |
|
103 |
|
104 Please refer to the |
|
105 <a href="../../../../technotes/guides/security/sasl/sasl-refguide.html">Java |
|
106 SASL Programming Guide</a> for information on how to use this API. |
|
107 |
|
108 |
|
109 @since 1.5 |
|
110 |
|
111 |
|
112 </body> |
|
113 </html> |
|
114 |
|