Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License.
018 *
019 */
020package org.apache.directory.server.ldap.handlers.sasl;
021
022
023import javax.security.sasl.SaslServer;
024
025import org.apache.directory.api.ldap.codec.api.SaslFilter;
026import org.apache.directory.server.ldap.LdapSession;
027import org.apache.mina.core.filterchain.IoFilterChain;
028import org.apache.mina.core.session.IoSession;
029import org.slf4j.Logger;
030import org.slf4j.LoggerFactory;
031
032
033/**
034 * 
035 * An abstract class for all the MechanismHandlers, implementing some common methods
036 *
037 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
038 */
039public abstract class AbstractMechanismHandler implements MechanismHandler
040{
041    /** A logger for this class **/
042    private static final Logger LOG = LoggerFactory.getLogger( AbstractMechanismHandler.class );
043
044
045    /**
046     * Inject a SaslFilter into the Filter chain, to deal with modified
047     * PDU sent when some mechanisms have been negotiated (DIGEST-MD5, GSSAPI, 
048     * for instance)
049     *
050     * @param ldapSession the LdapSession instance
051     */
052    protected void insertSaslFilter( LdapSession ldapSession )
053    {
054        LOG.debug( "Inserting SaslFilter to engage negotiated security layer." );
055        IoSession ioSession = ldapSession.getIoSession();
056
057        // get the Io chain
058        IoFilterChain chain = ioSession.getFilterChain();
059
060        if ( !chain.contains( SaslConstants.SASL_FILTER ) )
061        {
062            SaslServer saslServer = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
063            chain.addBefore( "codec", SaslConstants.SASL_FILTER, new SaslFilter( saslServer ) );
064        }
065
066        /*
067         * We disable the SASL security layer once, to write the outbound SUCCESS
068         * message without SASL security layer processing.
069         */
070        ioSession.setAttribute( SaslFilter.DISABLE_SECURITY_LAYER_ONCE, Boolean.TRUE );
071    }
072}