Classes |
| class | AuthMechanism |
| class | Challenge |
| class | Failure |
| class | Response |
| class | Success |
Public Member Functions |
| | SASLMechanism (SASLAuthentication saslAuthentication) |
| void | authenticate (String username, String host, String serviceName, String password) throws IOException, XMPPException |
| void | authenticate (String username, String host, String password) throws IOException, XMPPException |
| void | authenticate (String username, String host, CallbackHandler cbh) throws IOException, XMPPException |
| void | challengeReceived (String challenge) throws IOException |
| void | handle (Callback[] callbacks) throws IOException, UnsupportedCallbackException |
Protected Member Functions |
| void | authenticate () throws IOException, XMPPException |
| abstract String | getName () |
| SASLAuthentication | getSASLAuthentication () |
Protected Attributes |
| SaslClient | sc |
| String | authenticationId |
| String | password |
| String | hostname |
Base class for SASL mechanisms. Subclasses must implement these methods:
-
getName() -- returns the common name of the SASL mechanism.
Subclasses will likely want to implement their own versions of these mthods: authenticate(String, String, String) -- Initiate authentication stanza using the deprecated method. authenticate(String, String, CallbackHandler) -- Initiate authentication stanza using the CallbackHandler method. challengeReceived(String) -- Handle a challenge from the server.
Basic XMPP SASL authentication steps: 1. Client authentication initialization, stanza sent to the server (Base64 encoded): <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="DIGEST-MD5"> 2. Server sends back to the client the challenge response (Base64 encoded) sample: realm=<sasl server="" realm>="">,nonce="OA6MG9tEQGm2hh",qop="auth",charset=utf-8,algorithm=md5-sess 3. The client responds back to the server (Base 64 encoded): sample: username=<userid>,realm=<sasl server="" realm="" from="" above>="">,nonce="OA6MG9tEQGm2hh", cnonce="OA6MHXh6VqTrRk",nc=00000001,qop=auth, digest-uri=<digesturi>, response=d388dad90d4bbd760a152321f2143af7, charset=utf-8, authzid=<id> 4. The server evaluates if the user is present and contained in the REALM if successful it sends: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl"> (Base64 encoded) if not successful it sends: sample: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl"> cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZA== </challenge>
- Author:
- Jay Kline
| void org.jivesoftware.smack.sasl.SASLMechanism.authenticate |
( |
String |
username, |
|
|
String |
host, |
|
|
String |
serviceName, |
|
|
String |
password |
|
) |
| throws IOException, XMPPException |
Builds and sends the auth stanza to the server. Note that this method of authentication is not recommended, since it is very inflexable. Use authenticate(String, String, CallbackHandler) whenever possible.
Explanation of auth stanza:
The client authentication stanza needs to include the digest-uri of the form: xmpp/serverName From RFC-2831: digest-uri = "digest-uri" "=" digest-uri-value digest-uri-value = serv-type "/" host [ "/" serv-name ]
digest-uri: Indicates the principal name of the service with which the client wishes to connect, formed from the serv-type, host, and serv-name. For example, the FTP service on "ftp.example.com" would have a "digest-uri" value of "ftp/ftp.example.com"; the SMTP server from the example above would have a "digest-uri" value of "smtp/mail3.example.com/example.com".
host: The DNS host name or IP address for the service requested. The DNS host name must be the fully-qualified canonical name of the host. The DNS host name is the preferred form; see notes on server processing of the digest-uri.
serv-name: Indicates the name of the service if it is replicated. The service is considered to be replicated if the client's service-location process involves resolution using standard DNS lookup operations, and if these operations involve DNS records (such as SRV, or MX) which resolve one DNS name into a set of other DNS names. In this case, the initial name used by the client is the "serv-name", and the final name is the "host" component. For example, the incoming mail service for "example.com" may be replicated through the use of MX records stored in the DNS, one of which points at an SMTP server called "mail3.example.com"; it's "serv-name" would be "example.com", it's "host" would be "mail3.example.com". If the service is not replicated, or the serv-name is identical to the host, then the serv-name component MUST be omitted
digest-uri verification is needed for ejabberd 2.0.3 and higher
- Parameters:
-
| username | the username of the user being authenticated. |
| host | the hostname where the user account resides. |
| serviceName | the xmpp service location - used by the SASL client in digest-uri creation serviceName format is: host [ "/" serv-name ] as per RFC-2831 |
| password | the password for this account. |
- Exceptions:
-
| IOException | If a network error occurs while authenticating. |
| XMPPException | If a protocol error occurs or the user is not authenticated. |
1.7.4 
