org.apache.directory.server.ldap.handlers.sasl.gssapi

Class GssapiCallbackHandler

java.lang.Object

org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler

org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiCallbackHandler

All Implemented Interfaces:

CallbackHandler

public class GssapiCallbackHandler
extends AbstractSaslCallbackHandler

Author:

Apache Directory Project

Field Summary

Fields inherited from class org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler

adminSession, bindRequest, directoryService, ldapSession

Constructor Summary

Constructors

Constructor and Description
GssapiCallbackHandler(LdapSession ldapSession, org.apache.directory.server.core.api.CoreSession adminSession, org.apache.directory.api.ldap.model.message.BindRequest bindRequest) Creates a new instance of GssapiCallbackHandler.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	authorize(AuthorizeCallback authorizeCB) Final check to authorize user.
protected org.apache.directory.api.ldap.model.entry.Attribute	lookupPassword(String username, String password) Implementors set the password based on a lookup, using the username and realm as keys.

Methods inherited from class org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler

getContext, getEnvironment, getRealm, getUsername, handle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GssapiCallbackHandler

public GssapiCallbackHandler(LdapSession ldapSession,
                     org.apache.directory.server.core.api.CoreSession adminSession,
                     org.apache.directory.api.ldap.model.message.BindRequest bindRequest)

Creates a new instance of GssapiCallbackHandler.

Parameters:

ldapSession - the mina IO session

adminSession - the admin session

bindRequest - the bind message

Method Detail

lookupPassword

protected org.apache.directory.api.ldap.model.entry.Attribute lookupPassword(String username,
                                                                 String password)

Description copied from class: AbstractSaslCallbackHandler

Implementors set the password based on a lookup, using the username and realm as keys.

• For DIGEST-MD5, lookup password based on username and realm.
• For CRAM-MD5, lookup password based on username.
• For GSSAPI, this callback is unused.

Specified by:

lookupPassword in class AbstractSaslCallbackHandler

Parameters:

username - The username.

password - The realm.

Returns:

The Password entry attribute resulting from the lookup. It may contain more than one password

authorize

protected void authorize(AuthorizeCallback authorizeCB)
                  throws Exception

Description copied from class: AbstractSaslCallbackHandler

Final check to authorize user. Used by all SASL mechanisms. This is the only callback used by GSSAPI. Implementors use setAuthorizedID() to set the base Dn after canonicalization. Implementors must setAuthorized() to true if authentication was successful.

Specified by:

authorize in class AbstractSaslCallbackHandler

Parameters:

authorizeCB - An AuthorizeCallback.

Throws:

Exception