mirror of
https://github.com/vanitasvitae/Smack.git
synced 2024-10-09 15:59:32 +02:00
Remove non-SASL authentication code (SMACK-446)
This commit is contained in:
parent
3a4e6c6d39
commit
790343867a
|
@ -37,14 +37,12 @@ public class BOSHConfiguration extends ConnectionConfiguration {
|
|||
|
||||
public BOSHConfiguration(String xmppDomain) {
|
||||
super(xmppDomain, 7070);
|
||||
setSASLAuthenticationEnabled(true);
|
||||
ssl = false;
|
||||
file = "/http-bind/";
|
||||
}
|
||||
|
||||
public BOSHConfiguration(String xmppDomain, int port) {
|
||||
super(xmppDomain, port);
|
||||
setSASLAuthenticationEnabled(true);
|
||||
ssl = false;
|
||||
file = "/http-bind/";
|
||||
}
|
||||
|
@ -65,7 +63,6 @@ public class BOSHConfiguration extends ConnectionConfiguration {
|
|||
*/
|
||||
public BOSHConfiguration(boolean https, String host, int port, String filePath, String xmppDomain) {
|
||||
super(host, port, xmppDomain);
|
||||
setSASLAuthenticationEnabled(true);
|
||||
ssl = https;
|
||||
file = (filePath != null ? filePath : "/");
|
||||
}
|
||||
|
@ -87,7 +84,6 @@ public class BOSHConfiguration extends ConnectionConfiguration {
|
|||
*/
|
||||
public BOSHConfiguration(boolean https, String host, int port, String filePath, ProxyInfo proxy, String xmppDomain) {
|
||||
super(host, port, xmppDomain, proxy);
|
||||
setSASLAuthenticationEnabled(true);
|
||||
ssl = https;
|
||||
file = (filePath != null ? filePath : "/");
|
||||
}
|
||||
|
|
|
@ -308,8 +308,7 @@ public class BOSHConnection extends Connection {
|
|||
username = username.toLowerCase().trim();
|
||||
|
||||
String response;
|
||||
if (config.isSASLAuthenticationEnabled()
|
||||
&& saslAuthentication.hasNonAnonymousAuthentication()) {
|
||||
if (saslAuthentication.hasNonAnonymousAuthentication()) {
|
||||
// Authenticate using SASL
|
||||
if (password != null) {
|
||||
response = saslAuthentication.authenticate(username, password, resource);
|
||||
|
@ -317,8 +316,7 @@ public class BOSHConnection extends Connection {
|
|||
response = saslAuthentication.authenticate(username, resource, config.getCallbackHandler());
|
||||
}
|
||||
} else {
|
||||
// Authenticate using Non-SASL
|
||||
response = new NonSASLAuthentication(this).authenticate(username, password, resource);
|
||||
throw new XMPPException("No non-anonymous SASL authentication mechanism available");
|
||||
}
|
||||
|
||||
// Set the user.
|
||||
|
@ -370,13 +368,12 @@ public class BOSHConnection extends Connection {
|
|||
}
|
||||
|
||||
String response;
|
||||
if (config.isSASLAuthenticationEnabled() &&
|
||||
saslAuthentication.hasAnonymousAuthentication()) {
|
||||
if (saslAuthentication.hasAnonymousAuthentication()) {
|
||||
response = saslAuthentication.authenticateAnonymously();
|
||||
}
|
||||
else {
|
||||
// Authenticate using Non-SASL
|
||||
response = new NonSASLAuthentication(this).authenticateAnonymously();
|
||||
throw new XMPPException("No anonymous SASL authentication mechanism available");
|
||||
}
|
||||
|
||||
// Set the user value.
|
||||
|
|
|
@ -58,7 +58,6 @@ public class ConnectionConfiguration implements Cloneable {
|
|||
|
||||
private boolean compressionEnabled = false;
|
||||
|
||||
private boolean saslAuthenticationEnabled = true;
|
||||
/**
|
||||
* Used to get information from the user
|
||||
*/
|
||||
|
@ -367,30 +366,6 @@ public class ConnectionConfiguration implements Cloneable {
|
|||
this.compressionEnabled = compressionEnabled;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if the client is going to use SASL authentication when logging into the
|
||||
* server. If SASL authenticatin fails then the client will try to use non-sasl authentication.
|
||||
* By default SASL is enabled.
|
||||
*
|
||||
* @return true if the client is going to use SASL authentication when logging into the
|
||||
* server.
|
||||
*/
|
||||
public boolean isSASLAuthenticationEnabled() {
|
||||
return saslAuthenticationEnabled;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets whether the client will use SASL authentication when logging into the
|
||||
* server. If SASL authenticatin fails then the client will try to use non-sasl authentication.
|
||||
* By default, SASL is enabled.
|
||||
*
|
||||
* @param saslAuthenticationEnabled if the client is going to use SASL authentication when
|
||||
* logging into the server.
|
||||
*/
|
||||
public void setSASLAuthenticationEnabled(boolean saslAuthenticationEnabled) {
|
||||
this.saslAuthenticationEnabled = saslAuthenticationEnabled;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if the new connection about to be establish is going to be debugged. By
|
||||
* default the value of {@link Connection#DEBUG_ENABLED} is used.
|
||||
|
|
|
@ -1,102 +0,0 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2003-2007 Jive Software.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.jivesoftware.smack;
|
||||
|
||||
import org.jivesoftware.smack.packet.Authentication;
|
||||
import org.jivesoftware.smack.packet.IQ;
|
||||
import org.jivesoftware.smack.packet.Packet;
|
||||
|
||||
import javax.security.auth.callback.CallbackHandler;
|
||||
import javax.security.auth.callback.PasswordCallback;
|
||||
import javax.security.auth.callback.Callback;
|
||||
|
||||
/**
|
||||
* Implementation of JEP-0078: Non-SASL Authentication. Follow the following
|
||||
* <a href=http://www.jabber.org/jeps/jep-0078.html>link</a> to obtain more
|
||||
* information about the JEP.
|
||||
*
|
||||
* @author Gaston Dombiak
|
||||
*/
|
||||
class NonSASLAuthentication implements UserAuthentication {
|
||||
|
||||
private Connection connection;
|
||||
|
||||
public NonSASLAuthentication(Connection connection) {
|
||||
super();
|
||||
this.connection = connection;
|
||||
}
|
||||
|
||||
public String authenticate(String username, String resource, CallbackHandler cbh) throws XMPPException {
|
||||
//Use the callback handler to determine the password, and continue on.
|
||||
PasswordCallback pcb = new PasswordCallback("Password: ",false);
|
||||
try {
|
||||
cbh.handle(new Callback[]{pcb});
|
||||
return authenticate(username, String.valueOf(pcb.getPassword()),resource);
|
||||
} catch (Exception e) {
|
||||
throw new XMPPException("Unable to determine password.",e);
|
||||
}
|
||||
}
|
||||
|
||||
public String authenticate(String username, String password, String resource) throws
|
||||
XMPPException {
|
||||
// If we send an authentication packet in "get" mode with just the username,
|
||||
// the server will return the list of authentication protocols it supports.
|
||||
Authentication discoveryAuth = new Authentication();
|
||||
discoveryAuth.setType(IQ.Type.GET);
|
||||
discoveryAuth.setUsername(username);
|
||||
|
||||
// Otherwise, no error so continue processing.
|
||||
Authentication authTypes = (Authentication) connection.createPacketCollectorAndSend(
|
||||
discoveryAuth).nextResultOrThrow();
|
||||
|
||||
// Now, create the authentication packet we'll send to the server.
|
||||
Authentication auth = new Authentication();
|
||||
auth.setUsername(username);
|
||||
|
||||
// Figure out if we should use digest or plain text authentication.
|
||||
if (authTypes.getDigest() != null) {
|
||||
auth.setDigest(connection.getConnectionID(), password);
|
||||
}
|
||||
else if (authTypes.getPassword() != null) {
|
||||
auth.setPassword(password);
|
||||
}
|
||||
else {
|
||||
throw new XMPPException("Server does not support compatible authentication mechanism.");
|
||||
}
|
||||
|
||||
auth.setResource(resource);
|
||||
|
||||
Packet response = connection.createPacketCollectorAndSend(auth).nextResultOrThrow();
|
||||
|
||||
return response.getTo();
|
||||
}
|
||||
|
||||
public String authenticateAnonymously() throws XMPPException {
|
||||
// Create the authentication packet we'll send to the server.
|
||||
Authentication auth = new Authentication();
|
||||
|
||||
Packet response = connection.createPacketCollectorAndSend(auth).nextResultOrThrow();
|
||||
|
||||
if (response.getTo() != null) {
|
||||
return response.getTo();
|
||||
}
|
||||
else {
|
||||
return connection.getServiceName() + "/" + ((Authentication) response).getResource();
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,46 +0,0 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2003-2007 Jive Software.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.jivesoftware.smack;
|
||||
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
/**
|
||||
* Dummy trust manager that trust all certificates presented by the server. This class
|
||||
* is used during old SSL connections.
|
||||
*
|
||||
* @author Gaston Dombiak
|
||||
*/
|
||||
class OpenTrustManager implements X509TrustManager {
|
||||
|
||||
public OpenTrustManager() {
|
||||
}
|
||||
|
||||
public X509Certificate[] getAcceptedIssuers() {
|
||||
return new X509Certificate[0];
|
||||
}
|
||||
|
||||
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
|
||||
throws CertificateException {
|
||||
}
|
||||
|
||||
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
|
||||
throws CertificateException {
|
||||
}
|
||||
}
|
|
@ -56,7 +56,7 @@ import java.util.*;
|
|||
* @author Gaston Dombiak
|
||||
* @author Jay Kline
|
||||
*/
|
||||
public class SASLAuthentication implements UserAuthentication {
|
||||
public class SASLAuthentication {
|
||||
|
||||
private static Map<String, Class<? extends SASLMechanism>> implementedMechanisms = new HashMap<String, Class<? extends SASLMechanism>>();
|
||||
private static List<String> mechanismsPreferences = new ArrayList<String>();
|
||||
|
@ -348,24 +348,21 @@ public class SASLAuthentication implements UserAuthentication {
|
|||
return bindResourceAndEstablishSession(resource);
|
||||
}
|
||||
else {
|
||||
// SASL authentication failed so try a Non-SASL authentication
|
||||
return new NonSASLAuthentication(connection)
|
||||
.authenticate(username, password, resource);
|
||||
// SASL authentication failed
|
||||
throw new XMPPException("SASL authentication failed");
|
||||
}
|
||||
}
|
||||
catch (XMPPException e) {
|
||||
throw e;
|
||||
}
|
||||
catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
// SASL authentication failed so try a Non-SASL authentication
|
||||
return new NonSASLAuthentication(connection)
|
||||
.authenticate(username, password, resource);
|
||||
// SASL authentication failed
|
||||
throw new XMPPException("SASL authentication failed", e);
|
||||
}
|
||||
}
|
||||
else {
|
||||
// No SASL method was found so try a Non-SASL authentication
|
||||
return new NonSASLAuthentication(connection).authenticate(username, password, resource);
|
||||
// No SASL method was found, throw an exception
|
||||
throw new XMPPException("SASL authentication not supported by server");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -413,10 +410,10 @@ public class SASLAuthentication implements UserAuthentication {
|
|||
return bindResourceAndEstablishSession(null);
|
||||
}
|
||||
else {
|
||||
return new NonSASLAuthentication(connection).authenticateAnonymously();
|
||||
throw new XMPPException("SASL authentication failed");
|
||||
}
|
||||
} catch (IOException e) {
|
||||
return new NonSASLAuthentication(connection).authenticateAnonymously();
|
||||
throw new XMPPException("IOException while anonymous SASL authentication", e);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,76 +0,0 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2003-2007 Jive Software.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.jivesoftware.smack;
|
||||
|
||||
import javax.security.auth.callback.CallbackHandler;
|
||||
|
||||
/**
|
||||
* There are two ways to authenticate a user with a server. Using SASL or Non-SASL
|
||||
* authentication. This interface makes {@link SASLAuthentication} and
|
||||
* {@link NonSASLAuthentication} polyphormic.
|
||||
*
|
||||
* @author Gaston Dombiak
|
||||
* @author Jay Kline
|
||||
*/
|
||||
interface UserAuthentication {
|
||||
|
||||
/**
|
||||
* Authenticates the user with the server. This method will return the full JID provided by
|
||||
* the server. The server may assign a full JID with a username and resource different than
|
||||
* requested by this method.
|
||||
*
|
||||
* Note that using callbacks is the prefered method of authenticating users since it allows
|
||||
* more flexability in the mechanisms used.
|
||||
*
|
||||
* @param username the requested username (authorization ID) for authenticating to the server
|
||||
* @param resource the requested resource.
|
||||
* @param cbh the CallbackHandler used to obtain authentication ID, password, or other
|
||||
* information
|
||||
* @return the full JID provided by the server while binding a resource for the connection.
|
||||
* @throws XMPPException if an error occurs while authenticating.
|
||||
*/
|
||||
String authenticate(String username, String resource, CallbackHandler cbh) throws
|
||||
XMPPException;
|
||||
|
||||
/**
|
||||
* Authenticates the user with the server. This method will return the full JID provided by
|
||||
* the server. The server may assign a full JID with a username and resource different than
|
||||
* the requested by this method.
|
||||
*
|
||||
* It is recommended that @{link #authenticate(String, String, CallbackHandler)} be used instead
|
||||
* since it provides greater flexability in authenticaiton and authorization.
|
||||
*
|
||||
* @param username the username that is authenticating with the server.
|
||||
* @param password the password to send to the server.
|
||||
* @param resource the desired resource.
|
||||
* @return the full JID provided by the server while binding a resource for the connection.
|
||||
* @throws XMPPException if an error occures while authenticating.
|
||||
*/
|
||||
String authenticate(String username, String password, String resource) throws
|
||||
XMPPException;
|
||||
|
||||
/**
|
||||
* Performs an anonymous authentication with the server. The server will created a new full JID
|
||||
* for this connection. An exception will be thrown if the server does not support anonymous
|
||||
* authentication.
|
||||
*
|
||||
* @return the full JID provided by the server while binding a resource for the connection.
|
||||
* @throws XMPPException if an error occures while authenticating.
|
||||
*/
|
||||
String authenticateAnonymously() throws XMPPException;
|
||||
}
|
|
@ -130,7 +130,6 @@ public class XMPPConnection extends Connection {
|
|||
// Create the configuration for this new connection
|
||||
super(new ConnectionConfiguration(serviceName));
|
||||
config.setCompressionEnabled(false);
|
||||
config.setSASLAuthenticationEnabled(true);
|
||||
config.setDebuggerEnabled(DEBUG_ENABLED);
|
||||
config.setCallbackHandler(callbackHandler);
|
||||
}
|
||||
|
@ -147,7 +146,6 @@ public class XMPPConnection extends Connection {
|
|||
// Create the configuration for this new connection
|
||||
super(new ConnectionConfiguration(serviceName));
|
||||
config.setCompressionEnabled(false);
|
||||
config.setSASLAuthenticationEnabled(true);
|
||||
config.setDebuggerEnabled(DEBUG_ENABLED);
|
||||
}
|
||||
|
||||
|
@ -232,8 +230,7 @@ public class XMPPConnection extends Connection {
|
|||
username = username.toLowerCase().trim();
|
||||
|
||||
String response;
|
||||
if (config.isSASLAuthenticationEnabled() &&
|
||||
saslAuthentication.hasNonAnonymousAuthentication()) {
|
||||
if (saslAuthentication.hasNonAnonymousAuthentication()) {
|
||||
// Authenticate using SASL
|
||||
if (password != null) {
|
||||
response = saslAuthentication.authenticate(username, password, resource);
|
||||
|
@ -242,10 +239,8 @@ public class XMPPConnection extends Connection {
|
|||
response = saslAuthentication
|
||||
.authenticate(username, resource, config.getCallbackHandler());
|
||||
}
|
||||
}
|
||||
else {
|
||||
// Authenticate using Non-SASL
|
||||
response = new NonSASLAuthentication(this).authenticate(username, password, resource);
|
||||
} else {
|
||||
throw new XMPPException("No non-anonymous SASL authentication mechanism available");
|
||||
}
|
||||
|
||||
// Set the user.
|
||||
|
@ -305,13 +300,11 @@ public class XMPPConnection extends Connection {
|
|||
}
|
||||
|
||||
String response;
|
||||
if (config.isSASLAuthenticationEnabled() &&
|
||||
saslAuthentication.hasAnonymousAuthentication()) {
|
||||
if (saslAuthentication.hasAnonymousAuthentication()) {
|
||||
response = saslAuthentication.authenticateAnonymously();
|
||||
}
|
||||
else {
|
||||
// Authenticate using Non-SASL
|
||||
response = new NonSASLAuthentication(this).authenticateAnonymously();
|
||||
throw new XMPPException("No anonymous SASL authentication mechanism available");
|
||||
}
|
||||
|
||||
// Set the user value.
|
||||
|
|
Loading…
Reference in a new issue