Added SASL mechanisms to session creation response.

git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/branches/httpbind_branch@5897 b35dd754-fafc-0310-a699-88a17e54d16e

src/java/org/jivesoftware/wildfire/http/HttpSession.java

@@ -15,6 +15,7 @@ import org.jivesoftware.wildfire.StreamID;
 import org.jivesoftware.wildfire.Connection;
 import org.jivesoftware.wildfire.XMPPServer;
 import org.jivesoftware.wildfire.net.VirtualConnection;
+import org.jivesoftware.wildfire.net.SASLAuthentication;
 import org.jivesoftware.wildfire.auth.UnauthorizedException;
 import org.xmpp.packet.Packet;
 import org.xmpp.packet.Message;
@@ -111,6 +112,11 @@ public class HttpSession extends ClientSession {
     public Collection<Element> getAvailableStreamFeaturesElements() {
         List<Element> elements = new ArrayList<Element>();
 
+        Element sasl = SASLAuthentication.getSASLMechanismsElement(this);
+        if(sasl != null) {
+            elements.add(sasl);
+        }
+
         // Include Stream Compression Mechanism
         if (conn.getCompressionPolicy() != Connection.CompressionPolicy.disabled &&
                 !conn.isCompressed()) {

src/java/org/jivesoftware/wildfire/net/SASLAuthentication.java

@@ -12,6 +12,9 @@
 package org.jivesoftware.wildfire.net;
 
 import org.dom4j.Element;
+import org.dom4j.DocumentHelper;
+import org.dom4j.QName;
+import org.dom4j.Namespace;
 import org.jivesoftware.util.JiveGlobals;
 import org.jivesoftware.util.Log;
 import org.jivesoftware.util.StringUtils;
@@ -147,6 +150,43 @@ public class SASLAuthentication {
         return sb.toString();
     }
 
+    public static Element getSASLMechanismsElement(Session session) {
+        if (!(session instanceof ClientSession) && !(session instanceof IncomingServerSession)) {
+            return null;
+        }
+
+        Element mechs = DocumentHelper.createElement(new QName("mechanisms",
+                new Namespace("", "urn:ietf:params:xml:ns:xmpp-sasl")));
+        if (session instanceof IncomingServerSession) {
+            // Server connections dont follow the same rules as clients
+            if (session.getConnection().isSecure()) {
+                // Offer SASL EXTERNAL only if TLS has already been negotiated
+                Element mechanism = mechs.addElement("mechanism");
+                mechanism.setText("EXTERNAL");
+            }
+        }
+        else {
+            for (String mech : mechanisms) {
+                if (mech.equals("CRAM-MD5") || mech.equals("DIGEST-MD5")) {
+                    // Check if the user provider in use supports passwords retrieval. Accessing
+                    // to the users passwords will be required by the CallbackHandler
+                    if (!AuthFactory.getAuthProvider().supportsPasswordRetrieval()) {
+                        continue;
+                    }
+                }
+                else if (mech.equals("ANONYMOUS")) {
+                    // Check anonymous is supported
+                    if (!XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed()) {
+                        continue;
+                    }
+                }
+                Element mechanism = mechs.addElement("mechanism");
+                mechanism.setText(mech);
+            }
+        }
+        return mechs;
+    }
+
     /**
      * Handles the SASL authentication packet. The entity may be sending an initial
      * authentication request or a response to a challenge made by the server. The returned