Package org.infinispan.server.core.security

Interface ServerAuthenticationProvider

All Known Implementing Classes:

SimpleServerAuthenticationProvider

public interface ServerAuthenticationProvider

Author:

Darran Lofthouse, Tristan Tarrant

Method Summary

Modifier and Type	Method	Description
default javax.security.sasl.SaslServer	createSaslServer(java.lang.String mechanism, java.util.List<java.security.Principal> principals, java.lang.String protocol, java.lang.String serverName, java.util.Map<java.lang.String,java.lang.String> props)	Create a SaslServer, to be used for a single authentication session, for the specified mechanismName.
default AuthorizingCallbackHandler	getCallbackHandler(java.lang.String mechanismName, java.util.Map<java.lang.String,java.lang.String> mechanismProperties)	Deprecated. This method will no longer be invoked directly.

Method Detail

getCallbackHandler

@Deprecated
default AuthorizingCallbackHandler getCallbackHandler(java.lang.String mechanismName,
                                                      java.util.Map<java.lang.String,java.lang.String> mechanismProperties)

Deprecated.

This method will no longer be invoked directly. Implement the #createSaslServer(String, List, String, String, Map, ClassLoader) method instead.

Get a callback handler for the given mechanism name.

This method is called each time a mechanism is selected for the connection and the resulting AuthorizingCallbackHandler will be cached and used multiple times for this connection, AuthorizingCallbackHandler should either be thread safe or the ServerAuthenticationProvider should provide a new instance each time called.

Parameters:

mechanismName - the SASL mechanism to get a callback handler for

mechanismProperties - the mechanism properties that might need to be adjusted to support the specific mechanism / callbackhandler combination

Returns:

the callback handler or null if the mechanism is not supported

createSaslServer

default javax.security.sasl.SaslServer createSaslServer(java.lang.String mechanism,
                                                        java.util.List<java.security.Principal> principals,
                                                        java.lang.String protocol,
                                                        java.lang.String serverName,
                                                        java.util.Map<java.lang.String,java.lang.String> props)
                                                 throws javax.security.sasl.SaslException

Create a SaslServer, to be used for a single authentication session, for the specified mechanismName. On completion of the SASL authentication exchange, the SaslServer MUST provide a non-read-only negotiated Subject when SaslServer.getNegotiatedProperty(String) is invoked with the SubjectSaslServer.SUBJECT property. The default implementation of this method wraps any matching SaslServerFactory with a SubjectSaslServer to transparently supply the resolved Subject.

Parameters:

mechanism - The non-null IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").

principals - Any principals which can be obtained before the authentication (e.g. TLS peer, remote network address). Can be empty.

protocol - The non-null string name of the protocol for which the authentication is being performed (e.g., "ldap").

serverName - The fully qualified host name of the server to authenticate to, or null if the server is not bound to any specific host name. If the mechanism does not allow an unbound server, a SaslException will be thrown.

props - The possibly null set of properties used to select the SASL mechanism and to configure the authentication exchange of the selected mechanism. See the Sasl class for a list of standard properties. Other, possibly mechanism-specific, properties can be included. Properties not relevant to the selected mechanism are ignored, including any map entries with non-String keys.

Returns:

an instance of SaslServer (or null if it cannot be created)

Throws:

javax.security.sasl.SaslException