Implementing a SASL Security Provider

There are three basic steps in implementing a SASL security provider.
  1. Write a class that implements the SaslClient or SaslServer interface.
  2. Write a factory class (that implements SaslClientFactory or SaslServerFactory) that creates instances of the class.
  3. Write a JCA provider that registers the factory.

The first step involves providing an implementation for the SASL mechanism. To implement a client mechanism, you need to implement the methods declared in the SaslClient interface. Similarly, for a server mechanism, you need to implement the methods declared in the SaslServer interface. For the purposes of this discussion, suppose you are developing an implementation for the client mechanism "SAMPLE-MECH", implemented by the class, com.example.SampleMechClient. You must decide what input are needed by the mechanism and how the implementation is going to collect them. For example, if the mechanism is username/password-based, then the implementation would likely need to collect that information via the callback handler parameter.

The next step involves providing a factory class that will create instances of com.example.SampleMechClient. The factory needs to determine the characteristics of the mechanism that it supports (as described by the Sasl.POLICY_* properties) so that it can return an instance of the mechanism when the API user requests it using compatible policy properties. The factory may also check for validity of the parameters before creating the mechanism. For the purposes of this discussion, suppose the factory class is named com.example.MySampleClientFactory. Although our sample factory is responsible for only one mechanism, a single factory can be responsible for any number of mechanisms.

The final step involves creating a JCA provider. The steps for creating a JCA provider is described in detail in the document, How to Implement a Provider for the Java™ Cryptography Architecture. SASL client factories are registered using property names of the form
    SaslClientFactory.mechName
while SASL server factories are registered using property names of the form
    SaslServerFactory.mechName
mechName is the SASL mechanism's name. This is what's returned by SaslClient.getMechanismName() and SaslServer.getMechanismName(). Continuing with our example, here is how the provider would register the "SAMPLE-MECH" mechanism.
put("SaslClientFactory.SAMPLE-MECH", "com.example.MySampleClientFactory");
A single SASL provider might be responsible for many mechanisms. Therefore, it might have many invocations of put to register the relevant factories. The completed SASL provider can then be made available to applications using the instructions given previously.