GSSAPISASLMechanismHandler (Wren:DS Server 4.0.0-M3 Documentation)

java.lang.Object
- org.opends.server.api.SASLMechanismHandler<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>
- - org.opends.server.extensions.GSSAPISASLMechanismHandler

All Implemented Interfaces:: CallbackHandler, org.forgerock.opendj.config.server.ConfigurationChangeListener<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>

public class GSSAPISASLMechanismHandler
extends SASLMechanismHandler<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>
implements org.forgerock.opendj.config.server.ConfigurationChangeListener<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>, CallbackHandler

This class provides an implementation of a SASL mechanism that authenticates clients through Kerberos v5 over GSSAPI.

Constructor Summary

Constructors
Constructor and Description

GSSAPISASLMechanismHandler()
Creates a new instance of this SASL mechanism handler.

Constructors
Constructor and Description
`GSSAPISASLMechanismHandler()` Creates a new instance of this SASL mechanism handler.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`org.forgerock.opendj.config.server.ConfigChangeResult`	`applyConfigurationChange(org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg newConfiguration)`
`void`	`finalizeSASLMechanismHandler()` Performs any finalization that may be necessary for this SASL mechanism handler.
`static org.forgerock.i18n.LocalizableMessage`	`getGSSExceptionMessage(GSSException gex)` Get the underlying GSSException messages that really tell what the problem is.
`void`	`handle(Callback[] callbacks)` During login, callbacks are usually used to prompt for passwords.
`void`	`initializeSASLMechanismHandler(org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg configuration)` Initializes this SASL mechanism handler based on the information in the provided configuration entry.
`boolean`	`isConfigurationAcceptable(org.forgerock.opendj.server.config.server.SASLMechanismHandlerCfg configuration, List<org.forgerock.i18n.LocalizableMessage> unacceptableReasons)` Indicates whether the provided configuration is acceptable for this SASL mechanism handler.
`boolean`	`isConfigurationChangeAcceptable(org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg newConfiguration, List<org.forgerock.i18n.LocalizableMessage> unacceptableReasons)`
`boolean`	`isPasswordBased(String mechanism)` Indicates whether the specified SASL mechanism is password-based or uses some other form of credentials (e.g., an SSL client certificate or Kerberos ticket).
`boolean`	`isSecure(String mechanism)` Indicates whether the specified SASL mechanism should be considered secure (i.e., it does not expose the authentication credentials in a manner that is useful to a third-party observer, and other aspects of the authentication are generally secure).
`void`	`processSASLBind(BindOperation bindOp)` Processes the SASL bind operation.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - GSSAPISASLMechanismHandler
```
public GSSAPISASLMechanismHandler()
```
    Creates a new instance of this SASL mechanism handler. No initialization should be done in this method, as it should all be performed in the initializeSASLMechanismHandler method.
- Method Detail
  - initializeSASLMechanismHandler
```
public void initializeSASLMechanismHandler(org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg configuration)
                                    throws org.forgerock.opendj.config.server.ConfigException,
                                           InitializationException
```
    Description copied from class: SASLMechanismHandler
    
    Initializes this SASL mechanism handler based on the information in the provided configuration entry. It should also register itself with the Directory Server for the particular kinds of SASL mechanisms that it will process.
    
    Specified by:
    
    initializeSASLMechanismHandler in class SASLMechanismHandler<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>
    
    Parameters:
    
    configuration - The configuration to use to initialize this SASL mechanism handler.
    
    Throws:
    
    org.forgerock.opendj.config.server.ConfigException - If an unrecoverable problem arises in the process of performing the initialization.
    
    InitializationException - If a problem occurs during initialization that is not related to the server configuration.
  - handle
```
public void handle(Callback[] callbacks)
            throws UnsupportedCallbackException
```
    During login, callbacks are usually used to prompt for passwords. All of the GSSAPI login information is provided in the properties and login.conf file, so callbacks are ignored.
    
    Specified by:
    
    handle in interface CallbackHandler
    
    Parameters:
    
    callbacks - An array of callbacks to process.
    
    Throws:
    
    UnsupportedCallbackException - if an error occurs.
  - finalizeSASLMechanismHandler
```
public void finalizeSASLMechanismHandler()
```
    Description copied from class: SASLMechanismHandler
    
    Performs any finalization that may be necessary for this SASL mechanism handler. By default, no finalization is performed.
    
    Overrides:
    
    finalizeSASLMechanismHandler in class SASLMechanismHandler<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>
  - processSASLBind
```
public void processSASLBind(BindOperation bindOp)
```
    Description copied from class: SASLMechanismHandler
    Processes the SASL bind operation. SASL mechanism implementations must ensure that the following actions are taken during the processing of this method:
    - The BindOperation.setResultCode method must be used to set the appropriate result code.
    - If the SASL processing gets far enough to be able to map the request to a user entry (regardless of whether the authentication is ultimately successful), then this method must call the BindOperation.setSASLAuthUserEntry method to provide it with the entry for the user that attempted to authenticate.
    - If the bind processing was successful, then the BindOperation.setAuthenticationInfo method must be used to set the authentication info for the bind operation.
    - If the bind processing was not successful, then the BindOperation.setAuthFailureReason method should be used to provide a message explaining why the authentication failed.
    Specified by:
    
    processSASLBind in class SASLMechanismHandler<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>
    
    Parameters:
    
    bindOp - The SASL bind operation to be processed.
  - getGSSExceptionMessage
```
public static org.forgerock.i18n.LocalizableMessage getGSSExceptionMessage(GSSException gex)
```
    Get the underlying GSSException messages that really tell what the problem is. The major code is the GSS-API status and the minor is the mechanism specific error.
    
    Parameters:
    
    gex - The GSSException thrown.
    
    Returns:
    
    The message containing the major and (optional) minor codes and strings.
  - isPasswordBased
```
public boolean isPasswordBased(String mechanism)
```
    Description copied from class: SASLMechanismHandler
    
    Indicates whether the specified SASL mechanism is password-based or uses some other form of credentials (e.g., an SSL client certificate or Kerberos ticket).
    
    Specified by:
    
    isPasswordBased in class SASLMechanismHandler<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>
    
    Parameters:
    
    mechanism - The name of the mechanism for which to make the determination. This will only be invoked with names of mechanisms for which this handler has previously registered.
    
    Returns:
    
    true if this SASL mechanism is password-based, or false if it uses some other form of credentials.
  - isSecure
```
public boolean isSecure(String mechanism)
```
    Description copied from class: SASLMechanismHandler
    
    Indicates whether the specified SASL mechanism should be considered secure (i.e., it does not expose the authentication credentials in a manner that is useful to a third-party observer, and other aspects of the authentication are generally secure).
    
    Specified by:
    
    isSecure in class SASLMechanismHandler<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>
    
    Parameters:
    
    mechanism - The name of the mechanism for which to make the determination. This will only be invoked with names of mechanisms for which this handler has previously registered.
    
    Returns:
    
    true if this SASL mechanism should be considered secure, or false if not.
  - isConfigurationAcceptable
```
public boolean isConfigurationAcceptable(org.forgerock.opendj.server.config.server.SASLMechanismHandlerCfg configuration,
                                         List<org.forgerock.i18n.LocalizableMessage> unacceptableReasons)
```
    Description copied from class: SASLMechanismHandler
    
    Indicates whether the provided configuration is acceptable for this SASL mechanism handler. It should be possible to call this method on an uninitialized SASL mechanism handler instance in order to determine whether the SASL mechanism handler would be able to use the provided configuration.
    
    Note that implementations which use a subclass of the provided configuration class will likely need to cast the configuration to the appropriate subclass type.
    
    Overrides:
    
    isConfigurationAcceptable in class SASLMechanismHandler<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>
    
    Parameters:
    
    configuration - The SASL mechanism handler configuration for which to make the determination.
    
    unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.
    
    Returns:
    
    true if the provided configuration is acceptable for this SASL mechanism handler, or false if not.
  - isConfigurationChangeAcceptable
```
public boolean isConfigurationChangeAcceptable(org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg newConfiguration,
                                               List<org.forgerock.i18n.LocalizableMessage> unacceptableReasons)
```
    Specified by:
    
    isConfigurationChangeAcceptable in interface org.forgerock.opendj.config.server.ConfigurationChangeListener<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>
  - applyConfigurationChange
```
public org.forgerock.opendj.config.server.ConfigChangeResult applyConfigurationChange(org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg newConfiguration)
```
    Specified by:
    
    applyConfigurationChange in interface org.forgerock.opendj.config.server.ConfigurationChangeListener<org.forgerock.opendj.server.config.server.GSSAPISASLMechanismHandlerCfg>

Class GSSAPISASLMechanismHandler

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

GSSAPISASLMechanismHandler

Method Detail

initializeSASLMechanismHandler

handle

finalizeSASLMechanismHandler

processSASLBind

getGSSExceptionMessage

isPasswordBased

isSecure

isConfigurationAcceptable

isConfigurationChangeAcceptable

applyConfigurationChange