The Mechanisms

The client and server code that uses the SASL mechanisms are not hardwired to use specific mechanisms. In many protocols that use SASL, the server advertises (either statically or dynamically) a list of SASL mechanisms that it supports. The client then selects one of these based on its security requirements.

The Sasl class is used for creating instances of SaslClient and SaslServer. Here is an example of how an application creates a SASL client mechanism using a list of possible SASL mechanisms.

 String[] mechanisms = new String[]{"DIGEST-MD5", "PLAIN"};
 SaslClient sc = Sasl.createSaslClient(mechanisms, authzid, protocol, serverName, props, callbackHandler);

Based on the availability of the mechanisms supported by the platform and other configuration information provided via the parameters, the Java™ SASL framework selects one of the listed mechanisms and return an instance of SaslClient. The name of the selected mechanism is usually transmitted to the server via the application protocol. Upon receiving the mechanism name, the server creates a corresponding SaslServer object to process client-sent responses. Here is an example of how the server would create an instance of SaslServer.

SaslServer ss = Sasl.createSaslServer(mechanism, protocol, myName, props, callbackHandler);