| J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
| 2 | <html> |
| 3 | <head> |
| 4 | <!-- |
| 5 | Copyright 1999-2006 Sun Microsystems, Inc. All Rights Reserved. |
| 6 | DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 7 | |
| 8 | This code is free software; you can redistribute it and/or modify it |
| 9 | under the terms of the GNU General Public License version 2 only, as |
| 10 | published by the Free Software Foundation. Sun designates this |
| 11 | particular file as subject to the "Classpath" exception as provided |
| 12 | by Sun in the LICENSE file that accompanied this code. |
| 13 | |
| 14 | This code is distributed in the hope that it will be useful, but WITHOUT |
| 15 | ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 16 | FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 17 | version 2 for more details (a copy is included in the LICENSE file that |
| 18 | accompanied this code). |
| 19 | |
| 20 | You should have received a copy of the GNU General Public License version |
| 21 | 2 along with this work; if not, write to the Free Software Foundation, |
| 22 | Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 23 | |
| 24 | Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 25 | CA 95054 USA or visit www.sun.com if you need additional information or |
| 26 | have any questions. |
| 27 | --> |
| 28 | </head> |
| 29 | <body bgcolor="white"> |
| 30 | |
| 31 | Contains class and interfaces for supporting SASL. |
| 32 | |
| 33 | This package defines classes and interfaces for SASL mechanisms. |
| 34 | It is used by developers to add authentication support for |
| 35 | connection-based protocols that use SASL. |
| 36 | |
| 37 | <h4>SASL Overview</h4> |
| 38 | <p> |
| 39 | |
| 40 | Simple Authentication and Security Layer (SASL) specifies a |
| 41 | challenge-response protocol in which data is exchanged between the |
| 42 | client and the server for the purposes of |
| 43 | authentication and (optional) establishment of a security layer on |
| 44 | which to carry on subsequent communications. It is used with |
| 45 | connection-based protocols such as LDAPv3 or IMAPv4. SASL is |
| 46 | described in |
| 47 | <A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>. |
| 48 | |
| 49 | <p> |
| 50 | There are various <em>mechanisms</em> defined for SASL. |
| 51 | Each mechanism defines the data that must be exchanged between the |
| 52 | client and server in order for the authentication to succeed. |
| 53 | This data exchange required for a particular mechanism is referred to |
| 54 | to as its <em>protocol profile</em>. |
| 55 | The following are some examples of mechanims that have been defined by |
| 56 | the Internet standards community. |
| 57 | <ul> |
| 58 | <li>DIGEST-MD5 (<A HREF="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>). |
| 59 | This mechanism defines how HTTP Digest Authentication can be used as a SASL |
| 60 | mechanism. |
| 61 | <li>Anonymous (<A HREF="http://www.ietf.org/rfc/rfc2245.txt">RFC 2245</a>). |
| 62 | This mechamism is anonymous authentication in which no credentials are |
| 63 | necessary. |
| 64 | <li>External (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>). |
| 65 | This mechanism obtains authentication information |
| 66 | from an external source (such as TLS or IPsec). |
| 67 | <li>S/Key (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>). |
| 68 | This mechanism uses the MD4 digest algorithm to exchange data based on |
| 69 | a shared secret. |
| 70 | <li>GSSAPI (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>). |
| 71 | This mechanism uses the |
| 72 | <A HREF="http://www.ietf.org/rfc/rfc2078.txt">GSSAPI</A> |
| 73 | for obtaining authentication information. |
| 74 | </ul> |
| 75 | |
| 76 | <p> |
| 77 | Some of these mechanisms provide both authentication and establishment |
| 78 | of a security layer, others only authentication. Anonymous and |
| 79 | S/Key do not provide for any security layers. GSSAPI and DIGEST-MD5 |
| 80 | allow negotiation of the security layer. For External, the |
| 81 | security layer is determined by the external protocol. |
| 82 | |
| 83 | <h4>Usage</h4> |
| 84 | |
| 85 | <p> |
| 86 | Users of this API are typically developers who produce |
| 87 | client library implementations for connection-based protocols, |
| 88 | such as LDAPv3 and IMAPv4, |
| 89 | and developers who write servers (such as LDAP servers and IMAP servers). |
| 90 | Developers who write client libraries use the |
| 91 | <tt>SaslClient</tt> and <tt>SaslClientFactory</tt> interfaces. |
| 92 | Developers who write servers use the |
| 93 | <tt>SaslServer</tt> and <tt>SaslServerFactory</tt> interfaces. |
| 94 | <p> |
| 95 | Among these two groups of users, each can be further divided into two groups: |
| 96 | those who <em>produce</em> the SASL mechanisms and those |
| 97 | who <em>use</em> the SASL mechanisms. |
| 98 | The producers of SASL mechanisms need to provide implementations |
| 99 | for these interfaces, while users of the SASL mechanisms use |
| 100 | the APIs in this package to access those implementations. |
| 101 | |
| 102 | <h2>Related Documentation</h2> |
| 103 | |
| 104 | Please refer to the |
| 105 | <a href="../../../../technotes/guides/security/sasl/sasl-refguide.html">Java |
| 106 | SASL Programming Guide</a> for information on how to use this API. |
| 107 | |
| 108 | |
| 109 | @since 1.5 |
| 110 | |
| 111 | |
| 112 | </body> |
| 113 | </html> |
| 114 | |