OF-477: SASL requires FQHN (not XMPP domain name)

Sasl.createSaslServer() explicitly states that the value of serverName
must be a fully qualified host name.
parent a4462425
...@@ -261,12 +261,15 @@ public class SASLAuthentication { ...@@ -261,12 +261,15 @@ public class SASLAuthentication {
throw new SaslFailureException( Failure.INVALID_MECHANISM, "The configuration of Openfire does not contain or allow the mechanism." ); throw new SaslFailureException( Failure.INVALID_MECHANISM, "The configuration of Openfire does not contain or allow the mechanism." );
} }
// OF-477: The SASL implementation requires the fully qualified host name (not the domain name!) of this server.
final String fqhn = JiveGlobals.getProperty( "xmpp.fqdn", XMPPServer.getInstance().getServerInfo().getHostname() );
// Construct the configuration properties // Construct the configuration properties
final Map<String, Object> props = new HashMap<>(); final Map<String, Object> props = new HashMap<>();
props.put( LocalSession.class.getCanonicalName(), session ); props.put( LocalSession.class.getCanonicalName(), session );
props.put( Sasl.POLICY_NOANONYMOUS, Boolean.toString( !JiveGlobals.getBooleanProperty( "xmpp.auth.anonymous" ) ) ); props.put( Sasl.POLICY_NOANONYMOUS, Boolean.toString( !JiveGlobals.getBooleanProperty( "xmpp.auth.anonymous" ) ) );
SaslServer saslServer = Sasl.createSaslServer( mechanismName, "xmpp", session.getServerName(), props, new XMPPCallbackHandler() ); SaslServer saslServer = Sasl.createSaslServer( mechanismName, "xmpp", fqhn, props, new XMPPCallbackHandler() );
if ( saslServer == null ) if ( saslServer == null )
{ {
throw new SaslFailureException( Failure.INVALID_MECHANISM, "There is no provider that can provide a SASL server for the desired mechanism and properties." ); throw new SaslFailureException( Failure.INVALID_MECHANISM, "There is no provider that can provide a SASL server for the desired mechanism and properties." );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment