javax.security.sasl

Home
Java Source Code / Java Documentation
1.6.0 JDK Core
2.6.0 JDK Modules
3.6.0 JDK Modules com.sun
4.6.0 JDK Modules com.sun.java
5.6.0 JDK Modules sun
6.6.0 JDK Platform
7.Ajax
8.Apache Harmony Java SE
9.Aspect oriented
10.Authentication Authorization
11.Blogger System
12.Build
13.Byte Code
14.Cache
15.Chart
16.Chat
17.Code Analyzer
18.Collaboration
19.Content Management System
20.Database Client
21.Database DBMS
22.Database JDBC Connection Pool
23.Database ORM
24.Development
25.EJB Server
26.ERP CRM Financial
27.ESB
28.Forum
29.Game
30.GIS
31.Graphic 3D
32.Graphic Library
33.Groupware
34.HTML Parser
35.IDE
36.IDE Eclipse
37.IDE Netbeans
38.Installer
39.Internationalization Localization
40.Inversion of Control
41.Issue Tracking
42.J2EE
43.J2ME
44.JBoss
45.JMS
46.JMX
47.Library
48.Mail Clients
49.Music
50.Net
51.Parser
52.PDF
53.Portal
54.Profiler
55.Project Management
56.Report
57.RSS RDF
58.Rule Engine
59.Science
60.Scripting
61.Search Engine
62.Security
63.Sevlet Container
64.Source Control
65.Swing Library
66.Template Engine
67.Test Coverage
68.Testing
69.UML
70.Web Crawler
71.Web Framework
72.Web Mail
73.Web Server
74.Web Services
75.Web Services apache cxf 2.2.6
76.Web Services AXIS2
77.Wiki Engine
78.Workflow Engines
79.XML
80.XML UI
Java Source Code / Java Documentation » 6.0 JDK Core » security » javax.security.sasl 
javax.security.sasl
Contains class and interfaces for supporting SASL. This package defines classes and interfaces for SASL mechanisms. It is used by developers to add authentication support for connection-based protocols that use SASL.

SASL Overview

Simple Authentication and Security Layer (SASL) specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and (optional) establishment of a security layer on which to carry on subsequent communications. It is used with connection-based protocols such as LDAPv3 or IMAPv4. SASL is described in RFC 2222.

There are various mechanisms defined for SASL. Each mechanism defines the data that must be exchanged between the client and server in order for the authentication to succeed. This data exchange required for a particular mechanism is referred to to as its protocol profile. The following are some examples of mechanims that have been defined by the Internet standards community.

  • DIGEST-MD5 (RFC 2831). This mechanism defines how HTTP Digest Authentication can be used as a SASL mechanism.
  • Anonymous (RFC 2245). This mechamism is anonymous authentication in which no credentials are necessary.
  • External (RFC 2222). This mechanism obtains authentication information from an external source (such as TLS or IPsec).
  • S/Key (RFC 2222). This mechanism uses the MD4 digest algorithm to exchange data based on a shared secret.
  • GSSAPI (RFC 2222). This mechanism uses the GSSAPI for obtaining authentication information.

Some of these mechanisms provide both authentication and establishment of a security layer, others only authentication. Anonymous and S/Key do not provide for any security layers. GSSAPI and DIGEST-MD5 allow negotiation of the security layer. For External, the security layer is determined by the external protocol.

Usage

Users of this API are typically developers who produce client library implementations for connection-based protocols, such as LDAPv3 and IMAPv4, and developers who write servers (such as LDAP servers and IMAP servers). Developers who write client libraries use the SaslClient and SaslClientFactory interfaces. Developers who write servers use the SaslServer and SaslServerFactory interfaces.

Among these two groups of users, each can be further divided into two groups: those who produce the SASL mechanisms and those who use the SASL mechanisms. The producers of SASL mechanisms need to provide implementations for these interfaces, while users of the SASL mechanisms use the APIs in this package to access those implementations.

Related Documentation

Please refer to the Java SASL Programming Guide for information on how to use this API. @since 1.5
Java Source File NameTypeComment
AuthenticationException.javaClass This exception is thrown by a SASL mechanism implementation to indicate that the SASL exchange has failed due to reasons related to authentication, such as an invalid identity, passphrase, or key.

Note that the lack of an AuthenticationException does not mean that the failure was not due to an authentication error.

AuthorizeCallback.javaClass This callback is used by SaslServer to determine whether one entity (identified by an authenticated authentication id) can act on behalf of another entity (identified by an authorization id).
RealmCallback.javaClass This callback is used by SaslClient and SaslServer to retrieve realm information.
RealmChoiceCallback.javaClass This callback is used by SaslClient and SaslServer to obtain a realm given a list of realm choices.
Sasl.javaClass A static class for creating SASL clients and servers.

This class defines the policy of how to locate, load, and instantiate SASL clients and servers.

SaslClient.javaInterface Performs SASL authentication as a client.

A protocol library such as one for LDAP gets an instance of this class in order to perform authentication defined by a specific SASL mechanism.

SaslClientFactory.javaInterface An interface for creating instances of SaslClient. A class that implements this interface must be thread-safe and handle multiple simultaneous requests.
SaslException.javaClass This class represents an error that has occurred when using SASL.
SaslServer.javaInterface Performs SASL authentication as a server.

A server such an LDAP server gets an instance of this class in order to perform authentication defined by a specific SASL mechanism.

SaslServerFactory.javaInterface An interface for creating instances of SaslServer. A class that implements this interface must be thread-safe and handle multiple simultaneous requests.
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.