Skip to content

O
Openfire
Commit 9fd11ffd authored by Jay Kline's avatar Jay Kline Committed by jay
Browse files
Options

Add support to disable IQ Auth (enforce SASL only) 



git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@8581 b35dd754-fafc-0310-a699-88a17e54d16e
parent 14ac1e1f
Show whitespace changes
Inline Side-by-side
Showing with 54 additions and 43 deletions
src/java/org/jivesoftware/openfire/handler/IQAuthHandler.java
View file @ 9fd11ffd
...@@ -57,6 +57,7 @@ import java.util.List; ...@@ -57,6 +57,7 @@ import java.util.List;
public class IQAuthHandler extends IQHandler implements IQAuthInfo { public class IQAuthHandler extends IQHandler implements IQAuthInfo {
private boolean anonymousAllowed; private boolean anonymousAllowed;
private boolean iqAuthAllowed;
private Element probeResponse; private Element probeResponse;
private IQHandlerInfo info; private IQHandlerInfo info;
...@@ -100,6 +101,7 @@ public class IQAuthHandler extends IQHandler implements IQAuthInfo { ...@@ -100,6 +101,7 @@ public class IQAuthHandler extends IQHandler implements IQAuthInfo {
return reply; return reply;
} }
IQ response; IQ response;
if (JiveGlobals.getBooleanProperty("xmpp.auth.iqauth",true)) {
try { try {
Element iq = packet.getElement(); Element iq = packet.getElement();
Element query = iq.element("query"); Element query = iq.element("query");
...@@ -155,6 +157,12 @@ public class IQAuthHandler extends IQHandler implements IQAuthInfo { ...@@ -155,6 +157,12 @@ public class IQAuthHandler extends IQHandler implements IQAuthInfo {
response.setChildElement(packet.getChildElement().createCopy()); response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.not_authorized); response.setError(PacketError.Condition.not_authorized);
} }
}
else {
response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.not_authorized);
}
// Send the response directly since we want to be sure that we are sending it back // Send the response directly since we want to be sure that we are sending it back
// to the correct session. Any other session of the same user but with different // to the correct session. Any other session of the same user but with different
// resource is incorrect. // resource is incorrect.
...@@ -181,6 +189,9 @@ public class IQAuthHandler extends IQHandler implements IQAuthInfo { ...@@ -181,6 +189,9 @@ public class IQAuthHandler extends IQHandler implements IQAuthInfo {
response.setError(PacketError.Condition.not_acceptable); response.setError(PacketError.Condition.not_acceptable);
return response; return response;
} }
if (! JiveGlobals.getBooleanProperty("xmpp.auth.iqauth",true)) {
throw new UnauthorizedException();
}
username = username.toLowerCase(); username = username.toLowerCase();
// Verify that supplied username and password are correct (i.e. user authentication was successful) // Verify that supplied username and password are correct (i.e. user authentication was successful)
AuthToken token = null; AuthToken token = null;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023