0N/A<!
DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2362N/ACopyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved. 0N/ADO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/AThis code is free software; you can redistribute it and/or modify it 0N/Aunder the terms of the GNU General Public License version 2 only, as 2362N/Apublished by the Free Software Foundation. Oracle designates this 0N/Aparticular file as subject to the "Classpath" exception as provided 2362N/Aby Oracle in the LICENSE file that accompanied this code. 0N/AThis code is distributed in the hope that it will be useful, but WITHOUT 0N/AANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/AFITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/Aversion 2 for more details (a copy is included in the LICENSE file that 0N/Aaccompanied this code). 0N/AYou should have received a copy of the GNU General Public License version 0N/A2 along with this work; if not, write to the Free Software Foundation, 0N/AInc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2365N/APlease contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 0N/A<
body bgcolor="white">
0N/AContains class and interfaces for supporting SASL.
0N/AThis package defines classes and interfaces for SASL mechanisms.
0N/AIt is used by developers to add authentication support for
0N/Aconnection-based protocols that use SASL.
0N/A<
h4>SASL Overview</
h4>
0N/ASimple Authentication and Security Layer (SASL) specifies a
0N/Achallenge-response protocol in which data is exchanged between the
0N/Aclient and the server for the purposes of
0N/Aauthentication and (optional) establishment of a security layer on
0N/Awhich to carry on subsequent communications. It is used with
0N/Aconnection-based protocols such as LDAPv3 or IMAPv4. SASL is
0N/AThere are various <
em>mechanisms</
em> defined for SASL.
0N/AEach mechanism defines the data that must be exchanged between the
0N/Aclient and server in order for the authentication to succeed.
0N/AThis data exchange required for a particular mechanism is referred to
0N/Ato as its <
em>protocol profile</
em>.
0N/AThe following are some examples of mechanims that have been defined by
0N/Athe Internet standards community.
0N/AThis mechanism defines how HTTP Digest Authentication can be used as a SASL
0N/AThis mechamism is anonymous authentication in which no credentials are
0N/AThis mechanism obtains authentication information
0N/Afrom an external source (such as TLS or IPsec).
0N/AThis mechanism uses the MD4 digest algorithm to exchange data based on
0N/AThis mechanism uses the
0N/Afor obtaining authentication information.
0N/ASome of these mechanisms provide both authentication and establishment
0N/Aof a security layer, others only authentication. Anonymous and
0N/AS/
Key do not provide for any security layers. GSSAPI and DIGEST-MD5
0N/Aallow negotiation of the security layer. For External, the
0N/Asecurity layer is determined by the external protocol.
0N/AUsers of this API are typically developers who produce
0N/Aclient library implementations for connection-based protocols,
0N/Asuch as LDAPv3 and IMAPv4,
0N/Aand developers who write servers (such as LDAP servers and IMAP servers).
0N/ADevelopers who write client libraries use the
0N/A<
tt>SaslClient</
tt> and <
tt>SaslClientFactory</
tt> interfaces.
0N/ADevelopers who write servers use the
0N/A<
tt>SaslServer</
tt> and <
tt>SaslServerFactory</
tt> interfaces.
0N/AAmong these two groups of users, each can be further divided into two groups:
0N/Athose who <
em>produce</
em> the SASL mechanisms and those
0N/Awho <
em>use</
em> the SASL mechanisms.
0N/AThe producers of SASL mechanisms need to provide implementations
0N/Afor these interfaces, while users of the SASL mechanisms use
0N/Athe APIs in this package to access those implementations.
0N/A<
h2>Related Documentation</
h2>
0N/ASASL Programming Guide</
a> for information on how to use this API.