Logo Search packages:      
Sourcecode: libgnucrypto-java version File versions  Download package

javax::security::sasl::SaslServer Interface Reference

Inheritance diagram for javax::security::sasl::SaslServer:

gnu::crypto::sasl::anonymous::AnonymousServer gnu::crypto::sasl::crammd5::CramMD5Server gnu::crypto::sasl::plain::PlainServer gnu::crypto::sasl::ServerMechanism gnu::crypto::sasl::srp::SRPServer gnu::crypto::sasl::anonymous::AnonymousServer gnu::crypto::sasl::crammd5::CramMD5Server gnu::crypto::sasl::plain::PlainServer gnu::crypto::sasl::srp::SRPServer

List of all members.

Detailed Description

Performs SASL authentication as a server.

A server such as an LDAP server gets an instance of this class in order to perform authentication defined by a specific SASL mechanism. Invoking methods on the SaslServer instance generates challenges corresponding to the SASL mechanism implemented by the SaslServer instance. As the authentication proceeds, the instance encapsulates the state of a SASL server's authentication exchange.

Here's an example of how an LDAP server might use a SaslServer instance. It first gets an instance of a SaslServer for the SASL mechanism requested by the client:

SaslServer ss =
      Sasl.createSaslServer(mechanism, "ldap", myFQDN, props, callbackHandler);

It can then proceed to use the server for authentication. For example, suppose the LDAP server received an LDAP BIND request containing the name of the SASL mechanism and an (optional) initial response. It then might use the server as follows:

while (!ss.isComplete()) {
   try {
      byte[] challenge = ss.evaluateResponse(response);
      if (ss.isComplete()) {
         status = ldap.sendBindResponse(mechanism, challenge, SUCCESS);
      } else {
         status = ldap.sendBindResponse(mechanism, challenge, SASL_BIND_IN_PROGRESS);
         response = ldap.readBindRequest();
   } catch (SaslException x) {
      status = ldap.sendErrorResponse(x);
if (ss.isComplete() && (status == SUCCESS)) {
   String qop = (String) sc.getNegotiatedProperty(Sasl.QOP);
   if (qop != null
         && (qop.equalsIgnoreCase("auth-int")
            || qop.equalsIgnoreCase("auth-conf"))) {
      // Use SaslServer.wrap() and SaslServer.unwrap() for future
      // communication with client
      ldap.in = new SecureInputStream(ss, ldap.in);
      ldap.out = new SecureOutputStream(ss, ldap.out);

See also:



Definition at line 102 of file SaslServer.java.

Public Member Functions

void dispose () throws SaslException
byte[] evaluateResponse (byte[] response) throws SaslException
String getAuthorizationID ()
Object getNegotiatedProperty (String propName) throws SaslException
boolean isComplete ()
byte[] unwrap (byte[] incoming, int offset, int len) throws SaslException
byte[] wrap (byte[] outgoing, int offset, int len) throws SaslException

Package Functions

String getMechanismName ()

The documentation for this interface was generated from the following file:

Generated by  Doxygen 1.6.0   Back to index