Commit 56aab80a authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gato

#getSupportedMechanisms() was not filtering invalid SASL mechs. JM-996

git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@7436 b35dd754-fafc-0310-a699-88a17e54d16e
parent b65824d9
...@@ -133,26 +133,7 @@ public class SASLAuthentication { ...@@ -133,26 +133,7 @@ public class SASLAuthentication {
} }
} }
else { else {
for (String mech : mechanisms) { for (String mech : getSupportedMechanisms()) {
if (mech.equals("CRAM-MD5") || mech.equals("DIGEST-MD5")) {
// Check if the user provider in use supports passwords retrieval. Accessing
// to the users passwords will be required by the CallbackHandler
if (!AuthFactory.getAuthProvider().supportsPasswordRetrieval()) {
continue;
}
}
else if (mech.equals("ANONYMOUS")) {
// Check anonymous is supported
if (!XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed()) {
continue;
}
}
else if (mech.equals("JIVE-SHAREDSECRET")) {
// Check anonymous is supported
if (!isSharedSecretAllowed()) {
continue;
}
}
sb.append("<mechanism>"); sb.append("<mechanism>");
sb.append(mech); sb.append(mech);
sb.append("</mechanism>"); sb.append("</mechanism>");
...@@ -178,26 +159,7 @@ public class SASLAuthentication { ...@@ -178,26 +159,7 @@ public class SASLAuthentication {
} }
} }
else { else {
for (String mech : mechanisms) { for (String mech : getSupportedMechanisms()) {
if (mech.equals("CRAM-MD5") || mech.equals("DIGEST-MD5")) {
// Check if the user provider in use supports passwords retrieval. Accessing
// to the users passwords will be required by the CallbackHandler
if (!AuthFactory.getAuthProvider().supportsPasswordRetrieval()) {
continue;
}
}
else if (mech.equals("ANONYMOUS")) {
// Check anonymous is supported
if (!XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed()) {
continue;
}
}
else if (mech.equals("JIVE-SHAREDSECRET")) {
// Check shared secret is supported
if (!isSharedSecretAllowed()) {
continue;
}
}
Element mechanism = mechs.addElement("mechanism"); Element mechanism = mechs.addElement("mechanism");
mechanism.setText(mech); mechanism.setText(mech);
} }
...@@ -643,7 +605,31 @@ public class SASLAuthentication { ...@@ -643,7 +605,31 @@ public class SASLAuthentication {
* @return the list of supported SASL mechanisms by the server. * @return the list of supported SASL mechanisms by the server.
*/ */
public static Set<String> getSupportedMechanisms() { public static Set<String> getSupportedMechanisms() {
return Collections.unmodifiableSet(mechanisms); Set<String> answer = new HashSet<String>(mechanisms);
// Clean up not-available mechanisms
for (Iterator<String> it=answer.iterator(); it.hasNext();) {
String mech = it.next();
if (mech.equals("CRAM-MD5") || mech.equals("DIGEST-MD5")) {
// Check if the user provider in use supports passwords retrieval. Accessing
// to the users passwords will be required by the CallbackHandler
if (!AuthFactory.getAuthProvider().supportsPasswordRetrieval()) {
it.remove();
}
}
else if (mech.equals("ANONYMOUS")) {
// Check anonymous is supported
if (!XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed()) {
it.remove();
}
}
else if (mech.equals("JIVE-SHAREDSECRET")) {
// Check shared secret is supported
if (!isSharedSecretAllowed()) {
it.remove();
}
}
}
return answer;
} }
private static void initMechanisms() { private static void initMechanisms() {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment