public abstract class SASLMechanism extends Object implements Comparable<SASLMechanism>
getName()
-- returns the common name of the SASL mechanism.authenticate(String, String, String, String)
-- Initiate authentication stanza using the
deprecated method.authenticate(String, String, CallbackHandler)
-- Initiate authentication stanza
using the CallbackHandler method.challengeReceived(String, boolean)
-- Handle a challenge from the server.Modifier and Type | Field and Description |
---|---|
protected String |
authenticationId
Then authentication identity (authcid).
|
protected XMPPConnection |
connection |
static String |
CRAMMD5 |
static String |
DIGESTMD5 |
static String |
EXTERNAL |
static String |
GSSAPI |
protected String |
host |
protected String |
password
The users password
|
static String |
PLAIN |
protected String |
serviceName
The name of the XMPP service
|
Constructor and Description |
---|
SASLMechanism() |
Modifier and Type | Method and Description |
---|---|
void |
authenticate(String host,
String serviceName,
CallbackHandler cbh)
Builds and sends the auth stanza to the server.
|
void |
authenticate(String username,
String host,
String serviceName,
String password)
Builds and sends the auth stanza to the server.
|
protected void |
authenticateInternal() |
protected abstract void |
authenticateInternal(CallbackHandler cbh) |
void |
challengeReceived(String challengeString,
boolean finalChallenge)
The server is challenging the SASL mechanism for the stanza he just sent.
|
abstract void |
checkIfSuccessfulOrThrow() |
int |
compareTo(SASLMechanism other) |
protected byte[] |
evaluateChallenge(byte[] challenge) |
protected abstract byte[] |
getAuthenticationText()
Should return the initial response of the SASL mechanism.
|
abstract String |
getName()
Returns the common name of the SASL mechanism.
|
abstract int |
getPriority() |
SASLMechanism |
instanceForAuthentication(XMPPConnection connection) |
protected abstract SASLMechanism |
newInstance() |
protected static String |
saslPrep(String string)
SASLprep the given String.
|
static void |
setSaslPrepTransformer(StringTransformer stringTransformer)
Set the SASLPrep StringTransformer.
|
protected static byte[] |
toBytes(String string) |
public static final String CRAMMD5
public static final String DIGESTMD5
public static final String EXTERNAL
public static final String GSSAPI
public static final String PLAIN
protected XMPPConnection connection
protected String authenticationId
Not to be confused with the authzid (see RFC 6120 § 6.3.8).
protected String serviceName
public SASLMechanism()
public static void setSaslPrepTransformer(StringTransformer stringTransformer)
A simple SASLPrep StringTransformer would be for example: java.text.Normalizer.normalize(string, Form.NFKC);
stringTransformer
- set StringTransformer to use for SASLPrep.public final void authenticate(String username, String host, String serviceName, String password) throws SmackException, SmackException.NotConnectedException
authenticate(String, String, CallbackHandler)
whenever possible.
Explanation of auth stanza:
The client authentication stanza needs to include the digest-uri of the form: xmpp/serviceName
From RFC-2831:
digest-uri = "digest-uri" "=" digest-uri-value
digest-uri-value = serv-type "/" host [ "/" serv-name ]
digest-uri:
Indicates the principal name of the service with which the client
wishes to connect, formed from the serv-type, host, and serv-name.
For example, the FTP service
on "ftp.example.com" would have a "digest-uri" value of "ftp/ftp.example.com"; the SMTP
server from the example above would have a "digest-uri" value of
"smtp/mail3.example.com/example.com".
host:
The DNS host name or IP address for the service requested. The DNS host name
must be the fully-qualified canonical name of the host. The DNS host name is the
preferred form; see notes on server processing of the digest-uri.
serv-name:
Indicates the name of the service if it is replicated. The service is
considered to be replicated if the client's service-location process involves resolution
using standard DNS lookup operations, and if these operations involve DNS records (such
as SRV, or MX) which resolve one DNS name into a set of other DNS names. In this case,
the initial name used by the client is the "serv-name", and the final name is the "host"
component. For example, the incoming mail service for "example.com" may be replicated
through the use of MX records stored in the DNS, one of which points at an SMTP server
called "mail3.example.com"; it's "serv-name" would be "example.com", it's "host" would be
"mail3.example.com". If the service is not replicated, or the serv-name is identical to
the host, then the serv-name component MUST be omitted
digest-uri verification is needed for ejabberd 2.0.3 and higherusername
- the username of the user being authenticated.host
- the hostname where the user account resides.serviceName
- the xmpp service location - used by the SASL client in digest-uri creation
serviceName format is: host [ "/" serv-name ] as per RFC-2831password
- the password for this account.SmackException
- If a network error occurs while authenticating.SmackException.NotConnectedException
protected void authenticateInternal() throws SmackException
SmackException
public void authenticate(String host, String serviceName, CallbackHandler cbh) throws SmackException, SmackException.NotConnectedException
host
- the hostname where the user account resides.serviceName
- the xmpp service locationcbh
- the CallbackHandler to obtain user information.SmackException
SmackException.NotConnectedException
protected abstract void authenticateInternal(CallbackHandler cbh) throws SmackException
SmackException
protected abstract byte[] getAuthenticationText() throws SmackException
null
or an
empty array here.SmackException
public final void challengeReceived(String challengeString, boolean finalChallenge) throws SmackException, SmackException.NotConnectedException
challengeString
- a base64 encoded string representing the challenge.finalChallenge
- true if this is the last challenge send by the server within the success stanzaSmackException.NotConnectedException
SmackException
protected byte[] evaluateChallenge(byte[] challenge) throws SmackException
SmackException
public final int compareTo(SASLMechanism other)
compareTo
in interface Comparable<SASLMechanism>
public abstract String getName()
public abstract int getPriority()
public abstract void checkIfSuccessfulOrThrow() throws SmackException
SmackException
public SASLMechanism instanceForAuthentication(XMPPConnection connection)
protected abstract SASLMechanism newInstance()
protected static String saslPrep(String string)
string
- the String to sasl prep.