Custom Mechanisms Development

Mechanism

'getAuthorizationID()\' method from 'SaslServer' class should return bare JID authorized user. In case that the method returns only user name such as romeo for example, the server automatically appends domain name to generate a valid BareJID: romeo@example.com. In case the method returns a full, valid BareJID, the server does not change anything.

'handleLogin()\' method from 'SessionManagerHandler' will be called with user’s Bare JID provided by getAuthorizationID() (or created later using stream domain name).

CallbackHandler

For each session authorization, the server creates a new and separate, empty handler. Factory which creates handler instance allows to inject different objects to the handler, depending on interfaces implemented by the handler class:

  • AuthRepositoryAware - injects AuthRepository;
  • DomainAware - injects domain name within which the user attempts to authenticate
  • NonAuthUserRepositoryAware - injects NonAuthUserRepository, although I have no idea what for…​

General Remarks

JabberIqAuth used for non-SASL authentication mechanisms uses the same callback as the SASL mechanisms.

Methods 'auth' in 'Repository' interfaces will be deprecated. These interfaces will be treated as user details providers only. There will be new methods available which will allow for additional login operations on the database such as last successful login recording and so on…​

Known Problems

Because JabberIqAuth is initialized separatelly, we strongly recommend to use more general prefix in init.properties:

sess-man/plugins-conf/${KEY}=${VALUE}

instead of

sess-man/plugins-conf/urn\:ietf\:params\:xml\:ns\:xmpp-sasl/${KEY}=${VALUE}

If JabberIqAuth is disabled, then you don’t care about it.