Package org.jivesoftware.smack.sasl
Class SASLMechanism
java.lang.Object
org.jivesoftware.smack.sasl.SASLMechanism
- All Implemented Interfaces:
Comparable<SASLMechanism>
- Direct Known Subclasses:
SASLAnonymous
,SASLDigestMD5Mechanism
,SASLExternalMechanism
,SASLJavaXMechanism
,SASLPlainMechanism
,SASLXOauth2Mechanism
,ScramMechanism
Base class for SASL mechanisms.
Subclasses will likely want to implement their own versions of these methods:
authenticate(String, String, DomainBareJid, String, EntityBareJid, SSLSession)
-- Initiate authentication stanza using the deprecated method.authenticate(String, DomainBareJid, CallbackHandler, EntityBareJid, SSLSession)
-- Initiate authentication stanza using the CallbackHandler method.challengeReceived(String, boolean)
-- Handle a challenge from the server.
-
Field Summary
Modifier and TypeFieldDescriptionprotected String
Then authentication identity (authcid).protected EntityBareJid
The authorization identifier (authzid).protected XMPPConnection
protected ConnectionConfiguration
static final String
static final String
static final String
static final String
protected String
protected String
The users passwordstatic final String
protected DomainBareJid
The name of the XMPP serviceprotected SSLSession
The used SSL/TLS session (if any). -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal void
Check if the SASL mechanism was successful and if it was, then mark it so.final void
authenticate
(String username, String host, DomainBareJid serviceName, String password, EntityBareJid authzid, SSLSession sslSession) Builds and sends theauth
stanza to the server.void
authenticate
(String host, DomainBareJid serviceName, CallbackHandler cbh, EntityBareJid authzid, SSLSession sslSession) Builds and sends theauth
stanza to the server.protected void
protected abstract void
boolean
final void
challengeReceived
(String challengeString, boolean finalChallenge) The server is challenging the SASL mechanism for the stanza he just sent.protected abstract void
final int
compareTo
(SASLMechanism other) protected byte[]
evaluateChallenge
(byte[] challenge) Evaluate the SASL challenge.protected abstract byte[]
Should return the initial response of the SASL mechanism.abstract String
getName()
Returns the common name of the SASL mechanism.abstract int
Get the priority of this SASL mechanism.instanceForAuthentication
(XMPPConnection connection, ConnectionConfiguration connectionConfiguration) boolean
boolean
protected abstract SASLMechanism
boolean
protected static String
SASLprep the given String.void
setException
(Exception exception) void
protected static byte[]
final String
toString()
-
Field Details
-
CRAMMD5
- See Also:
-
DIGESTMD5
- See Also:
-
EXTERNAL
- See Also:
-
GSSAPI
- See Also:
-
PLAIN
- See Also:
-
connection
-
connectionConfiguration
-
authenticationId
Then authentication identity (authcid). RFC 6120 § 6.3.7 informs us that some SASL mechanisms use this as a "simple user name". But the exact form is a matter of the mechanism and that it does not necessarily map to an localpart. But it usually is the localpart of the client JID, although sometimes other formats are used (e.g. the full JID).Not to be confused with the authzid (see RFC 6120 § 6.3.8).
-
authorizationId
The authorization identifier (authzid). This is always a bare Jid, but can be null. -
serviceName
The name of the XMPP service -
password
The users password -
host
-
sslSession
The used SSL/TLS session (if any).
-
-
Constructor Details
-
SASLMechanism
public SASLMechanism()
-
-
Method Details
-
authenticate
public final void authenticate(String username, String host, DomainBareJid serviceName, String password, EntityBareJid authzid, SSLSession sslSession) throws SmackException.SmackSaslException, SmackException.NotConnectedException, InterruptedException Builds and sends theauth
stanza to the server. Note that this method of authentication is not recommended, since it is very inflexible. Useauthenticate(String, DomainBareJid, CallbackHandler, EntityBareJid, SSLSession)
whenever possible. Explanation of auth stanza: The client authentication stanza needs to include the digest-uri of the form: xmpp/serviceName From RFC-2831: digest-uri = "digest-uri" "=" digest-uri-value digest-uri-value = serv-type "/" host [ "/" serv-name ] digest-uri: Indicates the principal name of the service with which the client wishes to connect, formed from the serv-type, host, and serv-name. For example, the FTP service on "ftp.example.com" would have a "digest-uri" value of "ftp/ftp.example.com"; the SMTP server from the example above would have a "digest-uri" value of "smtp/mail3.example.com/example.com". host: The DNS host name or IP address for the service requested. The DNS host name must be the fully-qualified canonical name of the host. The DNS host name is the preferred form; see notes on server processing of the digest-uri. serv-name: Indicates the name of the service if it is replicated. The service is considered to be replicated if the client's service-location process involves resolution using standard DNS lookup operations, and if these operations involve DNS records (such as SRV, or MX) which resolve one DNS name into a set of other DNS names. In this case, the initial name used by the client is the "serv-name", and the final name is the "host" component. For example, the incoming mail service for "example.com" may be replicated through the use of MX records stored in the DNS, one of which points at an SMTP server called "mail3.example.com"; it's "serv-name" would be "example.com", it's "host" would be "mail3.example.com". If the service is not replicated, or the serv-name is identical to the host, then the serv-name component MUST be omitted digest-uri verification is needed for ejabberd 2.0.3 and higher- Parameters:
username
- the username of the user being authenticated.host
- the hostname where the user account resides.serviceName
- the xmpp service location - used by the SASL client in digest-uri creation serviceName format is: host [ "/" serv-name ] as per RFC-2831password
- the password for this account.authzid
- the optional authorization identity.sslSession
- the optional SSL/TLS session (if one was established)- Throws:
SmackException.SmackSaslException
- if a SASL related error occurs.SmackException.NotConnectedException
- if the XMPP connection is not connected.InterruptedException
- if the calling thread was interrupted.
-
authenticateInternal
-
authenticate
public void authenticate(String host, DomainBareJid serviceName, CallbackHandler cbh, EntityBareJid authzid, SSLSession sslSession) throws SmackException.SmackSaslException, SmackException.NotConnectedException, InterruptedException Builds and sends theauth
stanza to the server. The callback handler will handle any additional information, such as the authentication ID or realm, if it is needed.- Parameters:
host
- the hostname where the user account resides.serviceName
- the xmpp service locationcbh
- the CallbackHandler to obtain user information.authzid
- the optional authorization identity.sslSession
- the optional SSL/TLS session (if one was established)- Throws:
SmackException.SmackSaslException
- if a SASL related error occurs.SmackException.NotConnectedException
- if the XMPP connection is not connected.InterruptedException
- if the calling thread was interrupted.
-
authenticateInternal
protected abstract void authenticateInternal(CallbackHandler cbh) throws SmackException.SmackSaslException -
getAuthenticationText
Should return the initial response of the SASL mechanism. The returned byte array will be send base64 encoded to the server. SASL mechanism are free to returnnull
or an empty array here.- Returns:
- the initial response or null
- Throws:
SmackException.SmackSaslException
- if a SASL specific error occurred.
-
challengeReceived
public final void challengeReceived(String challengeString, boolean finalChallenge) throws SmackException.SmackSaslException, InterruptedException, SmackException.NotConnectedException The server is challenging the SASL mechanism for the stanza he just sent. Send a response to the server's challenge.- Parameters:
challengeString
- a base64 encoded string representing the challenge.finalChallenge
- true if this is the last challenge send by the server within the success stanza- Throws:
SmackException.SmackSaslException
- if a SASL related error occurs.InterruptedException
- if the connection is interruptedSmackException.NotConnectedException
- if the XMPP connection is not connected.
-
evaluateChallenge
Evaluate the SASL challenge.- Parameters:
challenge
- challenge to evaluate.- Returns:
- null.
- Throws:
SmackException.SmackSaslException
- If a SASL related error occurs.
-
compareTo
- Specified by:
compareTo
in interfaceComparable<SASLMechanism>
-
getName
Returns the common name of the SASL mechanism. E.g.: PLAIN, DIGEST-MD5 or GSSAPI.- Returns:
- the common name of the SASL mechanism.
-
getPriority
Get the priority of this SASL mechanism. Lower values mean higher priority.- Returns:
- the priority of this SASL mechanism.
-
afterFinalSaslChallenge
Check if the SASL mechanism was successful and if it was, then mark it so.- Throws:
SmackException.SmackSaslException
- in case of an SASL error.
-
checkIfSuccessfulOrThrow
-
instanceForAuthentication
public SASLMechanism instanceForAuthentication(XMPPConnection connection, ConnectionConfiguration connectionConfiguration) -
authzidSupported
-
requiresPassword
-
isAuthenticationSuccessful
-
isFinished
-
throwExceptionIfRequired
-
setException
-
newInstance
-
toBytes
-
saslPrep
SASLprep the given String. The resulting String is in UTF-8.- Parameters:
string
- the String to sasl prep.- Returns:
- the given String SASL prepped
- See Also:
-
toString
-