Skip to content

O
Openfire
Commit 6b17ff21 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gato
Browse files
Options

Added #addSupportedMechanism and #removeSupportedMechanism. JM-740 

git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@4160 b35dd754-fafc-0310-a699-88a17e54d16e
parent b2dc7b9c
Show whitespace changes
Inline Side-by-side
Showing with 62 additions and 29 deletions
src/java/org/jivesoftware/wildfire/net/SASLAuthentication.java
View file @ 6b17ff21
...@@ -57,7 +57,11 @@ public class SASLAuthentication { ...@@ -57,7 +57,11 @@ public class SASLAuthentication {
private static Map<String, ElementType> typeMap = new TreeMap<String, ElementType>(); private static Map<String, ElementType> typeMap = new TreeMap<String, ElementType>();
private static Collection<String> mechanisms = null; private static Set<String> mechanisms = null;
static {
initMechanisms();
}
public enum ElementType { public enum ElementType {
...@@ -128,7 +132,7 @@ public class SASLAuthentication { ...@@ -128,7 +132,7 @@ public class SASLAuthentication {
} }
else if (mech.equals("ANONYMOUS")) { else if (mech.equals("ANONYMOUS")) {
// Check anonymous is supported // Check anonymous is supported
if (!XMPPServer.getInstance().getIQAuthHandler().isAllowAnonymous()) { if (!XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed()) {
continue; continue;
} }
} }
...@@ -297,7 +301,7 @@ public class SASLAuthentication { ...@@ -297,7 +301,7 @@ public class SASLAuthentication {
} }
private static Status doAnonymousAuthentication(Session session) { private static Status doAnonymousAuthentication(Session session) {
if (XMPPServer.getInstance().getIQAuthHandler().isAllowAnonymous()) { if (XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed()) {
// Just accept the authentication :) // Just accept the authentication :)
authenticationSuccessful(session, null, null); authenticationSuccessful(session, null, null);
return Status.authenticated; return Status.authenticated;
...@@ -443,44 +447,73 @@ public class SASLAuthentication { ...@@ -443,44 +447,73 @@ public class SASLAuthentication {
} }
} }
public static Collection<String> getSupportedMechanisms() { /**
if (mechanisms == null) { * Adds a new SASL mechanism to the list of supported SASL mechanisms by the server.
mechanisms = new ArrayList<String>(); *
* @param mechanism the new SASL mechanism.
*/
public void addSupportedMechanism(String mechanism) {
mechanisms.add(mechanism);
}
/**
* Removes a SASL mechanism from the list of supported SASL mechanisms by the server.
*
* @param mechanism the SASL mechanism to remove.
*/
public void removeSupportedMechanism(String mechanism) {
mechanisms.remove(mechanism);
}
/**
* Returns the list of supported SASL mechanisms by the server. Note that Java may have
* support for more mechanisms but some of them may not be returned since a special setup
* is required that might be missing. Use {@link #addSupportedMechanism(String)} to add
* new SASL mechanisms.
*
* @return the list of supported SASL mechanisms by the server.
*/
public static Set<String> getSupportedMechanisms() {
return mechanisms;
}
private static void initMechanisms() {
mechanisms = new HashSet<String>();
String available = JiveGlobals.getXMLProperty("sasl.mechs"); String available = JiveGlobals.getXMLProperty("sasl.mechs");
if (available == null) { if (available == null) {
mechanisms.add("ANONYMOUS"); mechanisms.add("ANONYMOUS");
mechanisms.add("PLAIN"); mechanisms.add("PLAIN");
mechanisms.add("DIGEST-MD5"); mechanisms.add("DIGEST-MD5");
mechanisms.add("CRAM-MD5"); mechanisms.add("CRAM-MD5");
return mechanisms; } else {
}
StringTokenizer st = new StringTokenizer(available, " ,\t\n\r\f"); StringTokenizer st = new StringTokenizer(available, " ,\t\n\r\f");
while (st.hasMoreTokens()) { while (st.hasMoreTokens()) {
String mech = st.nextToken().toUpperCase(); String mech = st.nextToken().toUpperCase();
// Check that the mech is a supported mechansim. Maybe we shouldnt check this and allow any? // Check that the mech is a supported mechansim. Maybe we shouldnt check this and allow any?
if(mech.equals("ANONYMOUS") || if (mech.equals("ANONYMOUS") ||
mech.equals("PLAIN") || mech.equals("PLAIN") ||
mech.equals("DIGEST-MD5") || mech.equals("DIGEST-MD5") ||
mech.equals("CRAM-MD5") || mech.equals("CRAM-MD5") ||
mech.equals("GSSAPI") ) { mech.equals("GSSAPI")) {
Log.debug("SASLAuthentication: Added "+mech+" to mech list"); Log.debug("SASLAuthentication: Added " + mech + " to mech list");
mechanisms.add(mech); mechanisms.add(mech);
} }
} }
if(getSupportedMechanisms().contains("GSSAPI")) { if (getSupportedMechanisms().contains("GSSAPI")) {
if(JiveGlobals.getXMLProperty("sasl.gssapi.config") != null) { if (JiveGlobals.getXMLProperty("sasl.gssapi.config") != null) {
System.setProperty("java.security.krb5.debug", JiveGlobals.getXMLProperty("sasl.gssapi.debug","false")); System.setProperty("java.security.krb5.debug",
System.setProperty("java.security.auth.login.config",JiveGlobals.getXMLProperty("sasl.gssapi.config")); JiveGlobals.getXMLProperty("sasl.gssapi.debug", "false"));
System.setProperty("javax.security.auth.useSubjectCredsOnly",JiveGlobals.getXMLProperty("sasl.gssapi.useSubjectCredsOnly","false")); System.setProperty("java.security.auth.login.config",
JiveGlobals.getXMLProperty("sasl.gssapi.config"));
System.setProperty("javax.security.auth.useSubjectCredsOnly",
JiveGlobals.getXMLProperty("sasl.gssapi.useSubjectCredsOnly", "false"));
} else { } else {
//Not configured, remove the option. //Not configured, remove the option.
Log.debug("SASLAuthentication: Removed GSSAPI from mech list"); Log.debug("SASLAuthentication: Removed GSSAPI from mech list");
mechanisms.remove("GSSAPI"); mechanisms.remove("GSSAPI");
} }
} }
} }
return mechanisms;
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023