Class SASLAuthentication


  • public class SASLAuthentication
    extends Object
    SASLAuthentication is responsible for returning the available SASL mechanisms to use and for actually performing the SASL authentication.

    The list of available SASL mechanisms is determined by:

    1. The type of UserProvider being used since some SASL mechanisms require the server to be able to retrieve user passwords
    2. Whether anonymous logins are enabled or not.
    3. Whether shared secret authentication is enabled or not.
    4. Whether the underlying connection has been secured or not.
    Author:
    Hao Chen, Gaston Dombiak
    • Field Detail

      • SKIP_PEER_CERT_REVALIDATION_CLIENT

        public static final SystemProperty<Boolean> SKIP_PEER_CERT_REVALIDATION_CLIENT
    • Constructor Detail

      • SASLAuthentication

        public SASLAuthentication()
    • Method Detail

      • getSASLMechanisms

        public static String getSASLMechanisms​(LocalSession session)
        Returns a string with the valid SASL mechanisms available for the specified session. If the session's connection is not secured then only include the SASL mechanisms that don't require TLS.
        Parameters:
        session - The current session
        Returns:
        a string with the valid SASL mechanisms available for the specified session.
      • getSASLMechanismsElement

        public static org.dom4j.Element getSASLMechanismsElement​(ClientSession session)
      • handle

        public static SASLAuthentication.Status handle​(LocalSession session,
                                                       org.dom4j.Element doc)
        Handles the SASL authentication packet. The entity may be sending an initial authentication request or a response to a challenge made by the server. The returned value indicates whether the authentication has finished either successfully or not or if the entity is expected to send a response to a challenge.
        Parameters:
        session - the session that is authenticating with the server.
        doc - the stanza sent by the authenticating entity.
        Returns:
        value that indicates whether the authentication has finished either successfully or not or if the entity is expected to send a response to a challenge.
      • verifyCertificate

        public static boolean verifyCertificate​(X509Certificate trustedCert,
                                                String hostname)
      • verifyCertificates

        public static boolean verifyCertificates​(Certificate[] chain,
                                                 String hostname,
                                                 boolean isS2S)
      • addSupportedMechanism

        public static void addSupportedMechanism​(String mechanismName)
        Adds a new SASL mechanism to the list of supported SASL mechanisms by the server. The new mechanism will be offered to clients and connection managers as stream features.

        Note: this method simply registers the SASL mechanism to be advertised as a supported mechanism by Openfire. Actual SASL handling is done by Java itself, so you must add the provider to Java.

        Parameters:
        mechanismName - the name of the new SASL mechanism (cannot be null or an empty String).
      • removeSupportedMechanism

        public static void removeSupportedMechanism​(String mechanismName)
        Removes a SASL mechanism from the list of supported SASL mechanisms by the server.
        Parameters:
        mechanismName - the name of the SASL mechanism to remove (cannot be null or empty, not case sensitive).
      • getSupportedMechanisms

        public static Set<String> getSupportedMechanisms()
        Returns the list of supported SASL mechanisms by the server. Note that Java may have support for more mechanisms but some of them may not be returned since a special setup is required that might be missing. Use addSupportedMechanism(String) to add new SASL mechanisms.
        Returns:
        the list of supported SASL mechanisms by the server.
      • getImplementedMechanisms

        public static Set<String> getImplementedMechanisms()
        Returns a collection of mechanism names for which the JVM has an implementation available.

        Note that this need not (and likely will not) correspond with the list of mechanisms that is offered to XMPP peer entities, which is provided by #getSupportedMechanisms.

        Returns:
        a collection of SASL mechanism names (never null, possibly empty)
      • getEnabledMechanisms

        public static List<String> getEnabledMechanisms()
        Returns a collection of SASL mechanism names that forms the source pool from which the mechanisms that are eventually being offered to peers are obtained. When a mechanism is not returned by this method, it will never be offered, but when a mechanism is returned by this method, there is no guarantee that it will be offered. Apart from being returned in this method, an implementation must be available (see getImplementedMechanisms() and configuration or other characteristics of this server must not prevent a particular mechanism from being used (see @{link getSupportedMechanisms()}.
        Returns:
        A collection of mechanisms that are considered for use in this instance of Openfire.
      • setEnabledMechanisms

        public static void setEnabledMechanisms​(List<String> mechanisms)
        Sets the collection of mechanism names that the system administrator allows to be used.
        Parameters:
        mechanisms - A collection of mechanisms that are considered for use in this instance of Openfire. Null to reset the default setting.
        See Also:
        getEnabledMechanisms()