org.opends.server.extensions
Class GSSAPIStateInfo

java.lang.Object
  extended by org.opends.server.extensions.GSSAPIStateInfo
All Implemented Interfaces:
java.security.PrivilegedExceptionAction<java.lang.Boolean>, javax.security.auth.callback.CallbackHandler

public class GSSAPIStateInfo
extends java.lang.Object
implements java.security.PrivilegedExceptionAction<java.lang.Boolean>, javax.security.auth.callback.CallbackHandler

This class defines a data structure that holds state information needed for processing a SASL GSSAPI bind from a client.


Constructor Summary
GSSAPIStateInfo(GSSAPISASLMechanismHandler gssapiHandler, BindOperation bindOperation, java.lang.String serverFQDN)
          Creates a new GSSAPI state info structure with the provided information.
 
Method Summary
 void dispose()
          Destroys any sensitive information that might be associated with the SASL server instance.
 Entry getUserEntry()
          Retrieves the entry of the user that has authenticated on this GSSAPI session.
 void handle(javax.security.auth.callback.Callback[] callbacks)
          Handles any callbacks that might be required in order to process a SASL GSSAPI bind on the server.
 void processAuthenticationStage()
          Processes the next stage of the GSSAPI bind process.
 java.lang.Boolean run()
          Processes a stage of the SASL GSSAPI bind request.
 void setBindOperation(BindOperation bindOperation)
          Sets the bind operation for the next stage of processing in the GSSAPI authentication.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

GSSAPIStateInfo

public GSSAPIStateInfo(GSSAPISASLMechanismHandler gssapiHandler,
                       BindOperation bindOperation,
                       java.lang.String serverFQDN)
                throws InitializationException
Creates a new GSSAPI state info structure with the provided information.

Parameters:
gssapiHandler - The GSSAPI authentication handler that created this state information.
bindOperation - The bind operation with which this state is associated.
serverFQDN - The fully-qualified domain name for the server to use in the authentication process.
Throws:
InitializationException - If it is not possible to authenticate to the KDC to verify the client credentials.
Method Detail

setBindOperation

public void setBindOperation(BindOperation bindOperation)
Sets the bind operation for the next stage of processing in the GSSAPI authentication. This must be called before the processing is performed so that the appropriate response may be sent to the client.

Parameters:
bindOperation - The bind operation for the next stage of processing in the GSSAPI authentication.

getUserEntry

public Entry getUserEntry()
Retrieves the entry of the user that has authenticated on this GSSAPI session. This should only be available after a successful GSSAPI authentication. The return value of this method should be considered unreliable if GSSAPI authentication has not yet completed successfully.

Returns:
x

dispose

public void dispose()
Destroys any sensitive information that might be associated with the SASL server instance.


processAuthenticationStage

public void processAuthenticationStage()
Processes the next stage of the GSSAPI bind process. This may be used for the first stage or any stage thereafter until the authentication is complete. It will automatically take care of the JAAS processing behind the scenes as necessary.


run

public java.lang.Boolean run()
Processes a stage of the SASL GSSAPI bind request. The setBindOperation method must have been called to update the reference to the latest bind request before invoking this method through doAs or doAsPrivileged.

Specified by:
run in interface java.security.PrivilegedExceptionAction<java.lang.Boolean>
Returns:
true if there was no error during this stage of the bind and processing can continue, or false if an error occurred and and processing should not continue.

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws javax.security.auth.callback.UnsupportedCallbackException
Handles any callbacks that might be required in order to process a SASL GSSAPI bind on the server. In this case, if an authorization ID was provided, then a callback may be used to determine whether it is acceptable.

Specified by:
handle in interface javax.security.auth.callback.CallbackHandler
Parameters:
callbacks - The callbacks needed to provide information for the GSSAPI authentication process.
Throws:
javax.security.auth.callback.UnsupportedCallbackException - If an unexpected callback is included in the provided set.