Package org.jivesoftware.smack.sasl
Class SASLMechanism
java.lang.Object
org.jivesoftware.smack.sasl.SASLMechanism
- All Implemented Interfaces:
Comparable<SASLMechanism>
- Direct Known Subclasses:
SASLAnonymous,SASLXOauth2Mechanism,ScramMechanism
Base class for SASL mechanisms.
Subclasses will likely want to implement their own versions of these methods:
authenticate(String, String, DomainBareJid, String, EntityBareJid, SSLSession)-- Initiate authentication stanza using the deprecated method.authenticate(String, DomainBareJid, CallbackHandler, EntityBareJid, SSLSession)-- Initiate authentication stanza using the CallbackHandler method.challengeReceived(String, boolean)-- Handle a challenge from the server.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected StringThen authentication identity (authcid).protected org.jxmpp.jid.EntityBareJidThe authorization identifier (authzid).protected XMPPConnectionprotected ConnectionConfigurationstatic final Stringstatic final Stringstatic final Stringstatic final Stringprotected Stringprotected StringThe users passwordstatic final Stringprotected org.jxmpp.jid.DomainBareJidThe name of the XMPP serviceprotected SSLSessionThe used SSL/TLS session (if any). -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionfinal voidCheck if the SASL mechanism was successful and if it was, then mark it so.final voidauthenticate(String username, String host, org.jxmpp.jid.DomainBareJid serviceName, String password, org.jxmpp.jid.EntityBareJid authzid, SSLSession sslSession) Builds and sends theauthstanza to the server.voidauthenticate(String host, org.jxmpp.jid.DomainBareJid serviceName, CallbackHandler cbh, org.jxmpp.jid.EntityBareJid authzid, SSLSession sslSession) Builds and sends theauthstanza to the server.protected voidprotected abstract voidbooleanfinal voidchallengeReceived(String challengeString, boolean finalChallenge) The server is challenging the SASL mechanism for the stanza he just sent.protected abstract voidfinal intcompareTo(SASLMechanism other) protected byte[]evaluateChallenge(byte[] challenge) Evaluate the SASL challenge.protected abstract byte[]Should return the initial response of the SASL mechanism.abstract StringgetName()Returns the common name of the SASL mechanism.abstract intGet the priority of this SASL mechanism.instanceForAuthentication(XMPPConnection connection, ConnectionConfiguration connectionConfiguration) booleanbooleanprotected abstract SASLMechanismbooleanprotected static StringSASLprep the given String.voidsetException(Exception exception) voidprotected static byte[]final StringtoString()
-
Field Details
-
CRAMMD5
- See Also:
-
DIGESTMD5
- See Also:
-
EXTERNAL
- See Also:
-
GSSAPI
- See Also:
-
PLAIN
- See Also:
-
connection
-
connectionConfiguration
-
authenticationId
Then authentication identity (authcid). RFC 6120 § 6.3.7 informs us that some SASL mechanisms use this as a "simple user name". But the exact form is a matter of the mechanism and that it does not necessarily map to an localpart. But it usually is the localpart of the client JID, although sometimes other formats are used (e.g. the full JID).Not to be confused with the authzid (see RFC 6120 § 6.3.8).
-
authorizationId
protected org.jxmpp.jid.EntityBareJid authorizationIdThe authorization identifier (authzid). This is always a bare Jid, but can be null. -
serviceName
protected org.jxmpp.jid.DomainBareJid serviceNameThe name of the XMPP service -
password
The users password -
host
-
sslSession
The used SSL/TLS session (if any).
-
-
Constructor Details
-
SASLMechanism
public SASLMechanism()
-
-
Method Details
-
authenticate
public final void authenticate(String username, String host, org.jxmpp.jid.DomainBareJid serviceName, String password, org.jxmpp.jid.EntityBareJid authzid, SSLSession sslSession) throws SmackException.SmackSaslException, SmackException.NotConnectedException, InterruptedException Builds and sends theauthstanza to the server. Note that this method of authentication is not recommended, since it is very inflexible. Useauthenticate(String, DomainBareJid, CallbackHandler, EntityBareJid, SSLSession)whenever possible. Explanation of auth stanza: The client authentication stanza needs to include the digest-uri of the form: xmpp/serviceName From RFC-2831: digest-uri = "digest-uri" "=" digest-uri-value digest-uri-value = serv-type "/" host [ "/" serv-name ] digest-uri: Indicates the principal name of the service with which the client wishes to connect, formed from the serv-type, host, and serv-name. For example, the FTP service on "ftp.example.com" would have a "digest-uri" value of "ftp/ftp.example.com"; the SMTP server from the example above would have a "digest-uri" value of "smtp/mail3.example.com/example.com". host: The DNS host name or IP address for the service requested. The DNS host name must be the fully-qualified canonical name of the host. The DNS host name is the preferred form; see notes on server processing of the digest-uri. serv-name: Indicates the name of the service if it is replicated. The service is considered to be replicated if the client's service-location process involves resolution using standard DNS lookup operations, and if these operations involve DNS records (such as SRV, or MX) which resolve one DNS name into a set of other DNS names. In this case, the initial name used by the client is the "serv-name", and the final name is the "host" component. For example, the incoming mail service for "example.com" may be replicated through the use of MX records stored in the DNS, one of which points at an SMTP server called "mail3.example.com"; it's "serv-name" would be "example.com", it's "host" would be "mail3.example.com". If the service is not replicated, or the serv-name is identical to the host, then the serv-name component MUST be omitted digest-uri verification is needed for ejabberd 2.0.3 and higher- Parameters:
username- the username of the user being authenticated.host- the hostname where the user account resides.serviceName- the xmpp service location - used by the SASL client in digest-uri creation serviceName format is: host [ "/" serv-name ] as per RFC-2831password- the password for this account.authzid- the optional authorization identity.sslSession- the optional SSL/TLS session (if one was established)- Throws:
SmackException.SmackSaslException- if a SASL related error occurs.SmackException.NotConnectedException- if the XMPP connection is not connected.InterruptedException- if the calling thread was interrupted.
-
authenticateInternal
-
authenticate
public void authenticate(String host, org.jxmpp.jid.DomainBareJid serviceName, CallbackHandler cbh, org.jxmpp.jid.EntityBareJid authzid, SSLSession sslSession) throws SmackException.SmackSaslException, SmackException.NotConnectedException, InterruptedException Builds and sends theauthstanza to the server. The callback handler will handle any additional information, such as the authentication ID or realm, if it is needed.- Parameters:
host- the hostname where the user account resides.serviceName- the xmpp service locationcbh- the CallbackHandler to obtain user information.authzid- the optional authorization identity.sslSession- the optional SSL/TLS session (if one was established)- Throws:
SmackException.SmackSaslException- if a SASL related error occurs.SmackException.NotConnectedException- if the XMPP connection is not connected.InterruptedException- if the calling thread was interrupted.
-
authenticateInternal
protected abstract void authenticateInternal(CallbackHandler cbh) throws SmackException.SmackSaslException -
getAuthenticationText
Should return the initial response of the SASL mechanism. The returned byte array will be send base64 encoded to the server. SASL mechanism are free to returnnullor an empty array here.- Returns:
- the initial response or null
- Throws:
SmackException.SmackSaslException- if a SASL specific error occurred.
-
challengeReceived
public final void challengeReceived(String challengeString, boolean finalChallenge) throws SmackException.SmackSaslException, InterruptedException, SmackException.NotConnectedException The server is challenging the SASL mechanism for the stanza he just sent. Send a response to the server's challenge.- Parameters:
challengeString- a base64 encoded string representing the challenge.finalChallenge- true if this is the last challenge send by the server within the success stanza- Throws:
SmackException.SmackSaslException- if a SASL related error occurs.InterruptedException- if the connection is interruptedSmackException.NotConnectedException- if the XMPP connection is not connected.
-
evaluateChallenge
Evaluate the SASL challenge.- Parameters:
challenge- challenge to evaluate.- Returns:
- null.
- Throws:
SmackException.SmackSaslException- If a SASL related error occurs.
-
compareTo
- Specified by:
compareToin interfaceComparable<SASLMechanism>
-
getName
Returns the common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or GSSAPI.- Returns:
- the common name of the SASL mechanism.
-
getPriority
public abstract int getPriority()Get the priority of this SASL mechanism. Lower values mean higher priority.- Returns:
- the priority of this SASL mechanism.
-
afterFinalSaslChallenge
Check if the SASL mechanism was successful and if it was, then mark it so.- Throws:
SmackException.SmackSaslException- in case of an SASL error.
-
checkIfSuccessfulOrThrow
-
instanceForAuthentication
public SASLMechanism instanceForAuthentication(XMPPConnection connection, ConnectionConfiguration connectionConfiguration) -
authzidSupported
public boolean authzidSupported() -
requiresPassword
public boolean requiresPassword() -
isAuthenticationSuccessful
public boolean isAuthenticationSuccessful() -
isFinished
public boolean isFinished() -
throwExceptionIfRequired
public void throwExceptionIfRequired() throws SmackException.SmackSaslException, SASLErrorException, SmackException.NotConnectedException, InterruptedException, SmackException.NoResponseException -
setException
-
newInstance
-
toBytes
-
saslPrep
SASLprep the given String. The resulting String is in UTF-8.- Parameters:
string- the String to sasl prep.- Returns:
- the given String SASL prepped
- See Also:
-
toString
-