Package org.infinispan.server.core.security

Interface ServerAuthenticationProvider

All Known Implementing Classes:
SimpleServerAuthenticationProvider
public interface ServerAuthenticationProvider
Author:
Darran Lofthouse, Tristan Tarrant

  • Method Details

    • getCallbackHandler

      @Deprecated(forRemoval=true) default AuthorizingCallbackHandler getCallbackHandler(String mechanismName, Map<String,String> mechanismProperties)
      Deprecated, for removal: This API element is subject to removal in a future version.
      This method will no longer be invoked directly. Implement the #createSaslServer(String, List, String, String, Map, ClassLoader) method instead.
      Get a callback handler for the given mechanism name.

      This method is called each time a mechanism is selected for the connection and the resulting AuthorizingCallbackHandler will be cached and used multiple times for this connection, AuthorizingCallbackHandler should either be thread safe or the ServerAuthenticationProvider should provide a new instance each time called.

      Parameters:
      mechanismName - the SASL mechanism to get a callback handler for
      mechanismProperties - the mechanism properties that might need to be adjusted to support the specific mechanism / callbackhandler combination
      Returns:
      the callback handler or null if the mechanism is not supported

    • createSaslServer

      default SaslServer createSaslServer(String mechanism, List<Principal> principals, String protocol, String serverName, Map<String,String> props) throws SaslException
      Create a SaslServer, to be used for a single authentication session, for the specified mechanismName. On completion of the SASL authentication exchange, the SaslServer MUST provide a non-read-only negotiated Subject when SaslServer.getNegotiatedProperty(String) is invoked with the SubjectSaslServer.SUBJECT property. The default implementation of this method wraps any matching SaslServerFactory with a SubjectSaslServer to transparently supply the resolved Subject.
      Parameters:
      mechanism - The non-null IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
      principals - Any principals which can be obtained before the authentication (e.g. TLS peer, remote network address). Can be empty.
      protocol - The non-null string name of the protocol for which the authentication is being performed (e.g., "ldap").
      serverName - The fully qualified host name of the server to authenticate to, or null if the server is not bound to any specific host name. If the mechanism does not allow an unbound server, a SaslException will be thrown.
      props - The possibly null set of properties used to select the SASL mechanism and to configure the authentication exchange of the selected mechanism. See the Sasl class for a list of standard properties. Other, possibly mechanism-specific, properties can be included. Properties not relevant to the selected mechanism are ignored, including any map entries with non-String keys.
      Returns:
      an instance of SaslServer (or null if it cannot be created)
      Throws:
      SaslException