org.apache.directory.server.ldap.handlers.sasl.gssapi

Class GssapiCallbackHandler

java.lang.Object

org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler

org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiCallbackHandler

All Implemented Interfaces:

javax.security.auth.callback.CallbackHandler

public class GssapiCallbackHandler
extends AbstractSaslCallbackHandler

Field Summary

Fields

Modifier and Type	Field and Description
private static org.slf4j.Logger	LOG

Fields inherited from class org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler

adminSession, bindRequest, directoryService, ldapSession

Constructor Summary

Constructors

Constructor and Description
GssapiCallbackHandler(LdapSession ldapSession, CoreSession adminSession, org.apache.directory.api.ldap.model.message.BindRequest bindRequest) Creates a new instance of GssapiCallbackHandler.

Method Summary

Modifier and Type	Method and Description
protected void	authorize(javax.security.sasl.AuthorizeCallback authorizeCB) Final check to authorize user.
protected org.apache.directory.api.ldap.model.entry.Attribute	lookupPassword(java.lang.String username, java.lang.String password) Implementors set the password based on a lookup, using the username and realm as keys.

Methods inherited from class org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler

getContext, getEnvironment, getRealm, getUsername, handle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

Constructor Detail

GssapiCallbackHandler

public GssapiCallbackHandler(LdapSession ldapSession,
                             CoreSession adminSession,
                             org.apache.directory.api.ldap.model.message.BindRequest bindRequest)

Creates a new instance of GssapiCallbackHandler.

Parameters:

ldapSession - the mina IO session

adminSession - the admin session

bindRequest - the bind message

Method Detail

lookupPassword

protected org.apache.directory.api.ldap.model.entry.Attribute lookupPassword(java.lang.String username,
                                                                             java.lang.String password)

Description copied from class: AbstractSaslCallbackHandler

Implementors set the password based on a lookup, using the username and realm as keys.

• For DIGEST-MD5, lookup password based on username and realm.
• For CRAM-MD5, lookup password based on username.
• For GSSAPI, this callback is unused.

Specified by:

lookupPassword in class AbstractSaslCallbackHandler

Parameters:

username - The username.

password - The realm.

Returns:

The Password entry attribute resulting from the lookup. It may contain more than one password

authorize

protected void authorize(javax.security.sasl.AuthorizeCallback authorizeCB)
                  throws java.lang.Exception

Description copied from class: AbstractSaslCallbackHandler

Final check to authorize user. Used by all SASL mechanisms. This is the only callback used by GSSAPI. Implementors use setAuthorizedID() to set the base Dn after canonicalization. Implementors must setAuthorized() to true if authentication was successful.

Specified by:

authorize in class AbstractSaslCallbackHandler

Parameters:

authorizeCB - An AuthorizeCallback.

Throws:

java.lang.Exception