2
|
1 |
/*
|
18830
|
2 |
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
|
2
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
4 |
*
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
5506
|
7 |
* published by the Free Software Foundation. Oracle designates this
|
2
|
8 |
* particular file as subject to the "Classpath" exception as provided
|
5506
|
9 |
* by Oracle in the LICENSE file that accompanied this code.
|
2
|
10 |
*
|
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
15 |
* accompanied this code).
|
|
16 |
*
|
|
17 |
* You should have received a copy of the GNU General Public License version
|
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
20 |
*
|
5506
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
22 |
* or visit www.oracle.com if you need additional information or have any
|
|
23 |
* questions.
|
2
|
24 |
*/
|
|
25 |
|
|
26 |
package javax.security.sasl;
|
|
27 |
|
|
28 |
import java.util.Map;
|
|
29 |
import javax.security.auth.callback.CallbackHandler;
|
|
30 |
|
|
31 |
/**
|
18830
|
32 |
* An interface for creating instances of {@code SaslClient}.
|
2
|
33 |
* A class that implements this interface
|
|
34 |
* must be thread-safe and handle multiple simultaneous
|
|
35 |
* requests. It must also have a public constructor that accepts no
|
|
36 |
* argument.
|
|
37 |
*<p>
|
|
38 |
* This interface is not normally accessed directly by a client, which will use the
|
18830
|
39 |
* {@code Sasl} static methods
|
2
|
40 |
* instead. However, a particular environment may provide and install a
|
18830
|
41 |
* new or different {@code SaslClientFactory}.
|
2
|
42 |
*
|
|
43 |
* @since 1.5
|
|
44 |
*
|
|
45 |
* @see SaslClient
|
|
46 |
* @see Sasl
|
|
47 |
*
|
|
48 |
* @author Rosanna Lee
|
|
49 |
* @author Rob Weltman
|
|
50 |
*/
|
|
51 |
public abstract interface SaslClientFactory {
|
|
52 |
/**
|
|
53 |
* Creates a SaslClient using the parameters supplied.
|
|
54 |
*
|
|
55 |
* @param mechanisms The non-null list of mechanism names to try. Each is the
|
|
56 |
* IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
|
|
57 |
* @param authorizationId The possibly null protocol-dependent
|
|
58 |
* identification to be used for authorization.
|
|
59 |
* If null or empty, the server derives an authorization
|
|
60 |
* ID from the client's authentication credentials.
|
|
61 |
* When the SASL authentication completes successfully,
|
|
62 |
* the specified entity is granted access.
|
|
63 |
* @param protocol The non-null string name of the protocol for which
|
|
64 |
* the authentication is being performed (e.g., "ldap").
|
|
65 |
* @param serverName The non-null fully qualified host name
|
|
66 |
* of the server to authenticate to.
|
|
67 |
* @param props The possibly null set of properties used to select the SASL
|
|
68 |
* mechanism and to configure the authentication exchange of the selected
|
18830
|
69 |
* mechanism. See the {@code Sasl} class for a list of standard properties.
|
2
|
70 |
* Other, possibly mechanism-specific, properties can be included.
|
|
71 |
* Properties not relevant to the selected mechanism are ignored,
|
|
72 |
* including any map entries with non-String keys.
|
|
73 |
*
|
|
74 |
* @param cbh The possibly null callback handler to used by the SASL
|
|
75 |
* mechanisms to get further information from the application/library
|
|
76 |
* to complete the authentication. For example, a SASL mechanism might
|
|
77 |
* require the authentication ID, password and realm from the caller.
|
18830
|
78 |
* The authentication ID is requested by using a {@code NameCallback}.
|
|
79 |
* The password is requested by using a {@code PasswordCallback}.
|
|
80 |
* The realm is requested by using a {@code RealmChoiceCallback} if there is a list
|
|
81 |
* of realms to choose from, and by using a {@code RealmCallback} if
|
2
|
82 |
* the realm must be entered.
|
|
83 |
*
|
18830
|
84 |
*@return A possibly null {@code SaslClient} created using the parameters
|
|
85 |
* supplied. If null, this factory cannot produce a {@code SaslClient}
|
2
|
86 |
* using the parameters supplied.
|
18830
|
87 |
*@exception SaslException If cannot create a {@code SaslClient} because
|
2
|
88 |
* of an error.
|
|
89 |
*/
|
|
90 |
public abstract SaslClient createSaslClient(
|
|
91 |
String[] mechanisms,
|
|
92 |
String authorizationId,
|
|
93 |
String protocol,
|
|
94 |
String serverName,
|
|
95 |
Map<String,?> props,
|
|
96 |
CallbackHandler cbh) throws SaslException;
|
|
97 |
|
|
98 |
/**
|
|
99 |
* Returns an array of names of mechanisms that match the specified
|
|
100 |
* mechanism selection policies.
|
|
101 |
* @param props The possibly null set of properties used to specify the
|
18830
|
102 |
* security policy of the SASL mechanisms. For example, if {@code props}
|
|
103 |
* contains the {@code Sasl.POLICY_NOPLAINTEXT} property with the value
|
|
104 |
* {@code "true"}, then the factory must not return any SASL mechanisms
|
2
|
105 |
* that are susceptible to simple plain passive attacks.
|
18830
|
106 |
* See the {@code Sasl} class for a complete list of policy properties.
|
|
107 |
* Non-policy related properties, if present in {@code props}, are ignored,
|
2
|
108 |
* including any map entries with non-String keys.
|
|
109 |
* @return A non-null array containing a IANA-registered SASL mechanism names.
|
|
110 |
*/
|
|
111 |
public abstract String[] getMechanismNames(Map<String,?> props);
|
|
112 |
}
|