SASLAuthentication (Openfire 3.9.0 Javadoc)

Overview

Package

Class

Tree

Deprecated

Index

Help

Openfire 3.9.0 Javadoc

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jivesoftware.openfire.net
Class SASLAuthentication

java.lang.Object
  org.jivesoftware.openfire.net.SASLAuthentication

public class SASLAuthentication
extends Object
extends Object

SASLAuthentication is responsible for returning the available SASL mechanisms to use and for actually performing the SASL authentication.

The list of available SASL mechanisms is determined by:

The type of UserProvider being used since some SASL mechanisms require the server to be able to retrieve user passwords
Whether anonymous logins are enabled or not.
Whether shared secret authentication is enabled or not.
Whether the underlying connection has been secured or not.

Author:: Hao Chen, Gaston Dombiak

Nested Class Summary
`static class`	`SASLAuthentication.ElementType`
`static class`	`SASLAuthentication.Status`

Field Summary
`protected static String`	`CHARSET` The utf-8 charset for decoding and encoding Jabber packet streams.

Constructor Summary
`SASLAuthentication()`

Method Summary
`static void`	`addSupportedMechanism(String mechanism)` Adds a new SASL mechanism to the list of supported SASL mechanisms by the server.
`static boolean`	`authenticateSharedSecret(String digest)` Returns true if the supplied digest matches the shared secret value.
`static String`	`getSASLMechanisms(LocalSession session)` Returns a string with the valid SASL mechanisms available for the specified session.
`static org.dom4j.Element`	`getSASLMechanismsElement(Session session)`
`static String`	`getSharedSecret()` Returns the shared secret value, or `null` if shared secret authentication is disabled.
`static Set<String>`	`getSupportedMechanisms()` Returns the list of supported SASL mechanisms by the server.
`static SASLAuthentication.Status`	`handle(LocalSession session, org.dom4j.Element doc)` Handles the SASL authentication packet.
`static boolean`	`isSharedSecretAllowed()` Returns true if shared secret authentication is enabled.
`static void`	`removeSupportedMechanism(String mechanism)` Removes a SASL mechanism from the list of supported SASL mechanisms by the server.
`static void`	`setSharedSecretAllowed(boolean sharedSecretAllowed)` Sets whether shared secret authentication is enabled.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

CHARSET

protected static String CHARSET

The utf-8 charset for decoding and encoding Jabber packet streams.

Constructor Detail

SASLAuthentication

public SASLAuthentication()

Method Detail

getSASLMechanisms

public static String getSASLMechanisms(LocalSession session)

Returns a string with the valid SASL mechanisms available for the specified session. If the session's connection is not secured then only include the SASL mechanisms that don't require TLS.

Parameters:: session - The current session
Returns:: a string with the valid SASL mechanisms available for the specified session.

getSASLMechanismsElement

public static org.dom4j.Element getSASLMechanismsElement(Session session)

handle

public static SASLAuthentication.Status handle(LocalSession session,
                                               org.dom4j.Element doc)
                                        throws UnsupportedEncodingException

Handles the SASL authentication packet. The entity may be sending an initial authentication request or a response to a challenge made by the server. The returned value indicates whether the authentication has finished either successfully or not or if the entity is expected to send a response to a challenge.

Parameters:: session - the session that is authenticating with the server.; doc - the stanza sent by the authenticating entity.
Returns:: value that indicates whether the authentication has finished either successfully or not or if the entity is expected to send a response to a challenge.
Throws:: UnsupportedEncodingException - If UTF-8 charset is not supported.

isSharedSecretAllowed

public static boolean isSharedSecretAllowed()

Returns true if shared secret authentication is enabled. Shared secret authentication creates an anonymous session, but requires that the authenticating entity know a shared secret key. The client sends a digest of the secret key, which is compared against a digest of the local shared key.

Returns:: true if shared secret authentication is enabled.

setSharedSecretAllowed

public static void setSharedSecretAllowed(boolean sharedSecretAllowed)

Sets whether shared secret authentication is enabled. Shared secret authentication creates an anonymous session, but requires that the authenticating entity know a shared secret key. The client sends a digest of the secret key, which is compared against a digest of the local shared key.

Parameters:: sharedSecretAllowed - true if shared secret authentication should be enabled.

getSharedSecret

public static String getSharedSecret()

Returns the shared secret value, or null if shared secret authentication is disabled. If this is the first time the shared secret value has been requested (and shared secret auth is enabled), the key will be randomly generated and stored in the property xmpp.auth.sharedSecret.

Returns:: the shared secret value.

authenticateSharedSecret

public static boolean authenticateSharedSecret(String digest)

Returns true if the supplied digest matches the shared secret value. The digest must be an MD5 hash of the secret key, encoded as hex. This value is supplied by clients attempting shared secret authentication.

Parameters:: digest - the MD5 hash of the secret key, encoded as hex.
Returns:: true if authentication succeeds.

addSupportedMechanism

public static void addSupportedMechanism(String mechanism)

Adds a new SASL mechanism to the list of supported SASL mechanisms by the server. The new mechanism will be offered to clients and connection managers as stream features.

Note: this method simply registers the SASL mechanism to be advertised as a supported mechanism by Openfire. Actual SASL handling is done by Java itself, so you must add the provider to Java.

Parameters:: mechanism - the new SASL mechanism.

removeSupportedMechanism

public static void removeSupportedMechanism(String mechanism)

Removes a SASL mechanism from the list of supported SASL mechanisms by the server.

Parameters:: mechanism - the SASL mechanism to remove.

getSupportedMechanisms

public static Set<String> getSupportedMechanisms()

Returns the list of supported SASL mechanisms by the server. Note that Java may have support for more mechanisms but some of them may not be returned since a special setup is required that might be missing. Use addSupportedMechanism(String) to add new SASL mechanisms.

Returns:: the list of supported SASL mechanisms by the server.