Implementing a SASL Security Provider
- Write a class that implements the SaslClient or SaslServer interface.
- Write a factory class (that implements SaslClientFactory or SaslServerFactory) that creates instances of the class.
- Write a JCA provider that registers the factory.
The first step involves providing an implementation for the SASL mechanism. To implement a client mechanism, you need to implement the methods declared in the SaslClient interface. Similarly, for a server mechanism, you need to implement the methods declared in the SaslServer interface. For the purposes of this discussion, suppose you are developing an implementation for the client mechanism "SAMPLE-MECH", implemented by the class, com.example.SampleMechClient. You must decide what input are needed by the mechanism and how the implementation is going to collect them. For example, if the mechanism is username/password-based, then the implementation would likely need to collect that information via the callback handler parameter.
The next step involves providing a factory class that will create instances of com.example.SampleMechClient. The factory needs to determine the characteristics of the mechanism that it supports (as described by the Sasl.POLICY_* properties) so that it can return an instance of the mechanism when the API user requests it using compatible policy properties. The factory may also check for validity of the parameters before creating the mechanism. For the purposes of this discussion, suppose the factory class is named com.example.MySampleClientFactory. Although our sample factory is responsible for only one mechanism, a single factory can be responsible for any number of mechanisms.
SaslClientFactory.mechName
while
SASL server factories are registered using property names of the form SaslServerFactory.mechName
mechName is
the SASL mechanism's name. This is what's returned by SaslClient.getMechanismName() and SaslServer.getMechanismName().
Continuing with our example, here is how the provider would register
the "SAMPLE-MECH" mechanism. put("SaslClientFactory.SAMPLE-MECH", "com.example.MySampleClientFactory");
A
single SASL provider might be responsible for many mechanisms. Therefore,
it might have many invocations of put
to register
the relevant factories. The completed SASL provider can then be made
available to applications using the instructions given previously.