/* * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /** * Contains class and interfaces for supporting SASL. * * This package defines classes and interfaces for SASL mechanisms. * It is used by developers to add authentication support for * connection-based protocols that use SASL. * *

SASL Overview

* * Simple Authentication and Security Layer (SASL) specifies a * challenge-response protocol in which data is exchanged between the * client and the server for the purposes of * authentication and (optional) establishment of a security layer on * which to carry on subsequent communications. It is used with * connection-based protocols such as LDAPv3 or IMAPv4. SASL is * described in * RFC 2222. * * * There are various mechanisms defined for SASL. * Each mechanism defines the data that must be exchanged between the * client and server in order for the authentication to succeed. * This data exchange required for a particular mechanism is referred to * to as its protocol profile. * The following are some examples of mechanisms that have been defined by * the Internet standards community. *

DIGEST-MD5 (RFC 2831). * This mechanism defines how HTTP Digest Authentication can be used as a SASL * mechanism. *
Anonymous (RFC 2245). * This mechanism is anonymous authentication in which no credentials are * necessary. *
External (RFC 2222). * This mechanism obtains authentication information * from an external source (such as TLS or IPsec). *
S/Key (RFC 2222). * This mechanism uses the MD4 digest algorithm to exchange data based on * a shared secret. *
GSSAPI (RFC 2222). * This mechanism uses the * GSSAPI * for obtaining authentication information. *

* * Some of these mechanisms provide both authentication and establishment * of a security layer, others only authentication. Anonymous and * S/Key do not provide for any security layers. GSSAPI and DIGEST-MD5 * allow negotiation of the security layer. For External, the * security layer is determined by the external protocol. * *

Usage

* * Users of this API are typically developers who produce * client library implementations for connection-based protocols, * such as LDAPv3 and IMAPv4, * and developers who write servers (such as LDAP servers and IMAP servers). * Developers who write client libraries use the * {@code SaslClient} and {@code SaslClientFactory} interfaces. * Developers who write servers use the * {@code SaslServer} and {@code SaslServerFactory} interfaces. * * Among these two groups of users, each can be further divided into two groups: * those who produce the SASL mechanisms and those * who use the SASL mechanisms. * The producers of SASL mechanisms need to provide implementations * for these interfaces, while users of the SASL mechanisms use * the APIs in this package to access those implementations. * *

SASL Overview

Usage

Related Documentation