Package org.opends.server.extensions

Class ScramSha512SASLMechanismHandler

java.lang.Object
org.opends.server.api.SASLMechanismHandler<C>
org.opends.server.extensions.ScramSha512SASLMechanismHandler
All Implemented Interfaces:
ConfigurationChangeListener<ScramSha512SaslMechanismHandlerCfg>
public final class ScramSha512SASLMechanismHandler extends SASLMechanismHandler<C>
This class defines the SCRAM-SHA-512 SASL mechanism defined in RFCs 5802, 5803 and 7677.

  • Constructor Details

    • ScramSha512SASLMechanismHandler

      public ScramSha512SASLMechanismHandler()

  • Method Details

    • getMechanismName

      public String getMechanismName()
      Description copied from class: SASLMechanismHandler
      Returns the SASL mechanism name.
      Specified by:
      getMechanismName in class SASLMechanismHandler<ScramSha512SaslMechanismHandlerCfg>
      Returns:
      the SASL mechanism name.

    • initializeSASLMechanismHandler

      public void initializeSASLMechanismHandler(ScramSha512SaslMechanismHandlerCfg cfg, ServerContext serverContext) throws ConfigException
      Description copied from class: SASLMechanismHandler
      Initializes this SASL mechanism handler based on the information in the provided configuration entry. It should also register itself with the Directory Server for the particular kinds of SASL mechanisms that it will process.
      Specified by:
      initializeSASLMechanismHandler in class SASLMechanismHandler<C extends SaslMechanismHandlerCfg>
      Parameters:
      cfg - The configuration to use to initialize this SASL mechanism handler.
      serverContext - The server context
      Throws:
      ConfigException - If an unrecoverable problem arises in the process of performing the initialization.

    • finalizeSASLMechanismHandler

      public void finalizeSASLMechanismHandler()
      Description copied from class: SASLMechanismHandler
      Performs any finalization that may be necessary for this SASL mechanism handler. By default, no finalization is performed.
      Overrides:
      finalizeSASLMechanismHandler in class SASLMechanismHandler<C extends SaslMechanismHandlerCfg>

    • isConfigurationChangeAcceptable

      public boolean isConfigurationChangeAcceptable(ScramSha512SaslMechanismHandlerCfg cfg, List<LocalizableMessage> unacceptableReasons)
      Description copied from interface: ConfigurationChangeListener
      Indicates whether the proposed change to the configuration is acceptable to this change listener.
      Specified by:
      isConfigurationChangeAcceptable in interface ConfigurationChangeListener<C extends SaslMechanismHandlerCfg>
      Parameters:
      cfg - The new configuration containing the changes.
      unacceptableReasons - A list that can be used to hold messages about why the provided configuration is not acceptable.
      Returns:
      Returns true if the proposed change is acceptable, or false if it is not.

    • applyConfigurationChange

      public ConfigChangeResult applyConfigurationChange(ScramSha512SaslMechanismHandlerCfg cfg)
      Description copied from interface: ConfigurationChangeListener
      Applies the configuration changes to this change listener.
      Specified by:
      applyConfigurationChange in interface ConfigurationChangeListener<C extends SaslMechanismHandlerCfg>
      Parameters:
      cfg - The new configuration containing the changes.
      Returns:
      Returns information about the result of changing the configuration.

    • processSASLBind

      public void processSASLBind(BindOperation bindOp)
      Description copied from class: SASLMechanismHandler
      Processes the SASL bind operation. SASL mechanism implementations must ensure that the following actions are taken during the processing of this method:
      • The BindOperation.setResultCode method must be used to set the appropriate result code.
      • If the SASL processing gets far enough to be able to map the request to a user entry (regardless of whether the authentication is ultimately successful), then this method must call the BindOperation.setSASLAuthUserEntry method to provide it with the entry for the user that attempted to authenticate.
      • If the bind processing was successful, then the BindOperation.setAuthenticationInfo method must be used to set the authentication info for the bind operation.
      • If the bind processing was not successful, then the BindOperation.setAuthFailureReason method should be used to provide a message explaining why the authentication failed.
      Specified by:
      processSASLBind in class SASLMechanismHandler<C extends SaslMechanismHandlerCfg>
      Parameters:
      bindOp - The SASL bind operation to be processed.

    • isPasswordBased

      public boolean isPasswordBased()
      Description copied from class: SASLMechanismHandler
      Indicates whether this SASL mechanism is password-based or uses some other form of credentials (e.g., an SSL client certificate or Kerberos ticket).
      Specified by:
      isPasswordBased in class SASLMechanismHandler<C extends SaslMechanismHandlerCfg>
      Returns:
      true if this SASL mechanism is password-based, or false if it uses some other form of credentials.

    • isSecure

      public boolean isSecure()
      Description copied from class: SASLMechanismHandler
      Indicates whether this SASL mechanism should be considered secure (i.e., it does not expose the authentication credentials in a manner that is useful to a third-party observer, and other aspects of the authentication are generally secure).
      Specified by:
      isSecure in class SASLMechanismHandler<C extends SaslMechanismHandlerCfg>
      Returns:
      true if this SASL mechanism should be considered secure, or false if not.