Previous | Next | Trail Map | Tips for LDAP Users | Security

Using Arbitrary SASL Mechanisms


Note: The descriptions and examples presented here are based on a preview of a proposed Java SASL API standard. Although these examples work with version 1.2 of the LDAP provider, the APIs are still subject to change, depending on the evolution of the Java SASL API.
The LDAP provider has builtin support for the CRAM-MD5 and External SASL mechanisms. To use other SASL mechanisms, you must make the classes for the mechanisms available to your program (for example, by adding them to your classpath) and set the "javax.security.sasl.client.pkgs" environment property to the package name of the factory class that creates implementations for those mechanisms.

Here is an example that uses a package ("examples") containing a custom SASL mechanism.

// Specify package name for SASL to search for mechanism factories
env.put("javax.security.sasl.client.pkgs", "examples");

// Use bogus SASL mechanism name
env.put(Context.SECURITY_AUTHENTICATION, "SAMPLE");
The program first adds the package "examples" to the list of packages to search for SASL mechanisms (actually, mechanism factories), and then requests a SASL mechanism ("SAMPLE") from that package.

When you run the program, the SASL mechanism (SampleMech) prints a debug message to indicate that it has been invoked. When the program communicates with the LDAP server, the server will return an AuthenticationNotSupportedException(in the API reference documentation) because "SAMPLE" is a bogus mechanism. You can use a similar technique to access a SASL mechanism that the LDAP server does support, by using an appropriate value for the SASL mechanism name and the package name of mechanism implementation. SASL mechanism implementations are typically provided by vendors and must follow the interfaces and guidelines outlined in the Java SASL API.


Previous | Next | Trail Map | Tips for LDAP Users | Security