Package org.wildfly.security.sasl

Class WildFlySasl

  • public final class WildFlySasl
extends Object
    The core WildFly SASL utilities.
    Author:
    David M. Lloyd

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String ALTERNATIVE_PROTOCOLS
      A property used to supply a separated list (space, comma, tab, new line) of alternative protocols to be acceptable in responses received from the client.
      static String AUTHENTICATION_TIMEOUT
      The amount of time, in seconds, after which a server should terminate an authentication attempt.
      static String CHANNEL_BINDING_REQUIRED
      A flag indicating that a mechanism which supports channel binding is required.
      static String GS2_DELEGATE_CREDENTIAL
      A property used to specify if the GS2 mechanism should support credential delegation.
      static String GSSAPI_CREATE_NAME_GSS_INIT
      A property used to enable workaround for native GSS, where createName() needs to be called for correct GSSContext initialization.
      static String GSSAPI_DELEGATE_CREDENTIAL
      Property name to specify if the GSSAPI mechanism should support credential delegation.
      static String LEGACY_ALTERNATIVE_PROTOCOLS
      Deprecated.
      See ALTERNATIVE_PROTOCOLS
      static String MECHANISM_QUERY_ALL
      A flag indicating that all possible supported mechanism names should be returned, regardless of the presence or absence of any other query flags.
      static String[] NO_NAMES
      The immutable empty names array.
      static String OTP_ALTERNATE_DICTIONARY
      A property used to provide an alternate dictionary to the OTP SASL mechanism.
      static String PRINCIPAL
      The property which holds the negotiated client principal after a successful SASL client-side authentication.
      static String REALM_LIST
      A property used by some SASL mechanisms (including the DIGEST-MD5 algorithm supplied with most Oracle JDKs) to provide the list of possible server realms to the mechanism.
      static String RELAX_COMPLIANCE
      The various specifications for the SASL mechanisms mandate certain behaviour and verification of that behaviour at the opposite side of the connection, unfortunately when interacting with other SASL mechanism implementations some of these requirements have been interpreted loosely.
      static String SCRAM_MAX_ITERATION_COUNT
      The maximum iteration count to use for SCRAM.
      static String SCRAM_MIN_ITERATION_COUNT
      The minimum iteration count to use for SCRAM.
      static String SECURE_RNG
      Property name for the algorithm name of a SecureRandom implementation to use.
      static String SECURITY_IDENTITY
      The property which holds the negotiated security identity after a successful SASL server-side authentication.
      static String SKIP_NORMALIZATION
      A property used to disable Unicode normalization for passwords.
      static String SUPPORTED_CIPHER_NAMES
      A property used to directly limit the set of supported ciphers for SASL mechanisms.
      static String USE_UTF8
      A property used by some SASL mechanisms (including the DIGEST-MD5 algorithm supplied with most Oracle JDKs) to indicate that information exchange should take place using the UTF-8 character encoding instead of the default Latin-1/ISO-8859-1 encoding.

    • Constructor Summary

      Constructors 
      Constructor Description
      WildFlySasl()  

    • Field Detail

      • GSSAPI_DELEGATE_CREDENTIAL

        public static final String GSSAPI_DELEGATE_CREDENTIAL
        Property name to specify if the GSSAPI mechanism should support credential delegation. The property contains "true" then the credential should be delegated from the client to the server, "false" otherwise. The default value is "false" unless a GSSCredential was already passed in using the Sasl.CREDENTIALS property in which case the default would be "true". Note: This is a client only property and is not used server side.
        See Also:
        Constant Field Values

      • GS2_DELEGATE_CREDENTIAL

        public static final String GS2_DELEGATE_CREDENTIAL
        A property used to specify if the GS2 mechanism should support credential delegation. A value of "true" indicates that the credential should be delegated from the client to the server. The default value is "false" unless a GSSCredential is passed in using a CredentialCallback, in which case the default is "true". Note: This is a client only property and is not used server side.
        See Also:
        Constant Field Values

      • RELAX_COMPLIANCE

        public static final String RELAX_COMPLIANCE
        The various specifications for the SASL mechanisms mandate certain behaviour and verification of that behaviour at the opposite side of the connection, unfortunately when interacting with other SASL mechanism implementations some of these requirements have been interpreted loosely. If this property contains "true" then where differences in spec interpretation have been identified the checking can be relaxed. The default value is "false".
        See Also:
        Constant Field Values

      • SCRAM_MIN_ITERATION_COUNT

        public static final String SCRAM_MIN_ITERATION_COUNT
        The minimum iteration count to use for SCRAM. Default is 4096.
        See Also:
        Constant Field Values

      • SCRAM_MAX_ITERATION_COUNT

        public static final String SCRAM_MAX_ITERATION_COUNT
        The maximum iteration count to use for SCRAM. Default is 16384.
        See Also:
        Constant Field Values

      • SECURE_RNG

        public static final String SECURE_RNG
        Property name for the algorithm name of a SecureRandom implementation to use. Using this property can improve security, at the cost of performance.
        See Also:
        Constant Field Values

      • CHANNEL_BINDING_REQUIRED

        public static final String CHANNEL_BINDING_REQUIRED
        A flag indicating that a mechanism which supports channel binding is required. A value of "true" indicates that channel binding is required; any other value (or lack of this property) indicates that channel binding is not required.
        See Also:
        Constant Field Values

      • SECURITY_IDENTITY

        public static final String SECURITY_IDENTITY
        The property which holds the negotiated security identity after a successful SASL server-side authentication.
        See Also:
        Constant Field Values

      • PRINCIPAL

        public static final String PRINCIPAL
        The property which holds the negotiated client principal after a successful SASL client-side authentication.
        See Also:
        Constant Field Values

      • NO_NAMES

        public static final String[] NO_NAMES
        The immutable empty names array.

      • USE_UTF8

        public static final String USE_UTF8
        A property used by some SASL mechanisms (including the DIGEST-MD5 algorithm supplied with most Oracle JDKs) to indicate that information exchange should take place using the UTF-8 character encoding instead of the default Latin-1/ISO-8859-1 encoding. The default value is "true".
        See Also:
        Constant Field Values

      • REALM_LIST

        public static final String REALM_LIST
        A property used by some SASL mechanisms (including the DIGEST-MD5 algorithm supplied with most Oracle JDKs) to provide the list of possible server realms to the mechanism. Each realm name should be separated by a space character (U+0020).
        See Also:
        Constant Field Values

      • SUPPORTED_CIPHER_NAMES

        public static final String SUPPORTED_CIPHER_NAMES
        A property used to directly limit the set of supported ciphers for SASL mechanisms. The list items should be separated by a comma character (",").
        See Also:
        Constant Field Values

      • LEGACY_ALTERNATIVE_PROTOCOLS

        @Deprecated
public static final String LEGACY_ALTERNATIVE_PROTOCOLS
        Deprecated.
        See ALTERNATIVE_PROTOCOLS
        A property used to supply a separated list (space, comma, tab, new line) of alternative protocols to be acceptable in responses received from the client.
        See Also:
        Constant Field Values

      • ALTERNATIVE_PROTOCOLS

        public static final String ALTERNATIVE_PROTOCOLS
        A property used to supply a separated list (space, comma, tab, new line) of alternative protocols to be acceptable in responses received from the client.
        See Also:
        Constant Field Values

      • OTP_ALTERNATE_DICTIONARY

        public static final String OTP_ALTERNATE_DICTIONARY
        A property used to provide an alternate dictionary to the OTP SASL mechanism. Each dictionary word should be separated by a space character (U+0020). Note: This is a client only property and is not used server side.
        See Also:
        Constant Field Values

      • AUTHENTICATION_TIMEOUT

        public static final String AUTHENTICATION_TIMEOUT
        The amount of time, in seconds, after which a server should terminate an authentication attempt. The default value is 150 seconds.
        See Also:
        Constant Field Values

      • GSSAPI_CREATE_NAME_GSS_INIT

        public static final String GSSAPI_CREATE_NAME_GSS_INIT
        A property used to enable workaround for native GSS, where createName() needs to be called for correct GSSContext initialization. Set to "true" to call createName() as part of GSSContext initialization. This is workaround of JDK-8194073. Note: This is a server only property and is not used client side.
        See Also:
        Constant Field Values

      • SKIP_NORMALIZATION

        public static final String SKIP_NORMALIZATION
        A property used to disable Unicode normalization for passwords. Note: This is a client only property and is not used server side.
        See Also:
        Constant Field Values

    • Constructor Detail

      • WildFlySasl

        public WildFlySasl()