public class SaslClient
extends java.lang.Object
implements javax.security.sasl.SaslClient
SecurityProvider that this SASL client should use. If the provider.classname propery is not supplied, the default provider is jespa.ntlm.NtlmSecurityProvider. If a property is prefixed with "jespa.", the prefix will be removed and passed through to the provider constructor properties map.
The NtlmSecurityProvider does not require any properties to act as an initiator in a SASL client although it may be desireable to do so. For example, jespa.flags.confidentiality could be set to false to turn off encryption.
See also the The Java SASL API Programming and Deployment Guide.
| Modifier and Type | Field and Description |
|---|---|
protected java.lang.String |
mechanismName |
protected SecurityProvider |
provider |
| Constructor and Description |
|---|
SaslClient(java.lang.String mechanismName,
java.lang.String authorizationId,
java.lang.String protocol,
java.lang.String serverName,
java.util.Map props,
javax.security.auth.callback.CallbackHandler cbh)
Create a SaslClient that supports NTLM authentication, integrity and confidentiality.
|
| Modifier and Type | Method and Description |
|---|---|
void |
dispose() |
byte[] |
evaluateChallenge(byte[] challenge) |
java.lang.String |
getMechanismName() |
java.lang.Object |
getNegotiatedProperty(java.lang.String propName) |
boolean |
hasInitialResponse() |
boolean |
isComplete() |
byte[] |
unwrap(byte[] incoming,
int offset,
int len) |
byte[] |
wrap(byte[] outgoing,
int offset,
int len) |
protected java.lang.String mechanismName
protected SecurityProvider provider
public SaslClient(java.lang.String mechanismName,
java.lang.String authorizationId,
java.lang.String protocol,
java.lang.String serverName,
java.util.Map props,
javax.security.auth.callback.CallbackHandler cbh)
throws javax.security.sasl.SaslException
Currently this SASL client only supports an NTLM security provider and therefore the mechanismName should be "NTLM". However, even though the NTLM security provider does not implement SPNEGO, the Windows LDAP client authenticating with Active Directory using raw NTLMSSP will use a mechanism name of "GSS-SPNEGO". The props parameter indicates which security provider should be used with the provider.classname property. Any properties prefixed with "jespa." will be stripped of the prefix and passed to the security provider constructor in a new map. In practice, because the NTLM security provider does not need any properties to initiate authentication, the props parameter will likely be an empty map. The authorizationId, protocol, serverName and cbh parameters are currently ignored and should be null.
mechanismName - the mechanism name such as "NTLM"props - the properties that define which security provider is used and it's properties (usually an empty map)javax.security.sasl.SaslException - if the underlying security provider could not be instantiatedpublic java.lang.String getMechanismName()
getMechanismName in interface javax.security.sasl.SaslClientpublic boolean hasInitialResponse()
hasInitialResponse in interface javax.security.sasl.SaslClientpublic byte[] evaluateChallenge(byte[] challenge)
throws javax.security.sasl.SaslException
evaluateChallenge in interface javax.security.sasl.SaslClientjavax.security.sasl.SaslExceptionpublic boolean isComplete()
isComplete in interface javax.security.sasl.SaslClientpublic byte[] unwrap(byte[] incoming,
int offset,
int len)
throws javax.security.sasl.SaslException
unwrap in interface javax.security.sasl.SaslClientjavax.security.sasl.SaslExceptionpublic byte[] wrap(byte[] outgoing,
int offset,
int len)
throws javax.security.sasl.SaslException
wrap in interface javax.security.sasl.SaslClientjavax.security.sasl.SaslExceptionpublic java.lang.Object getNegotiatedProperty(java.lang.String propName)
getNegotiatedProperty in interface javax.security.sasl.SaslClientpublic void dispose()
throws javax.security.sasl.SaslException
dispose in interface javax.security.sasl.SaslClientjavax.security.sasl.SaslException