SASL implementation in Tigase XMPP Server is compatible with Java API, the same exact interfaces are used.
The SASL implementation consists of following parts:
- mechanism
- CallbackHandler
Properties list for SASL plugin (urn:ietf:params:xml:ns:xmpp-sasl' ()
|
Property |
Description |
|
factory |
A factory class for SASL mechanisms. Detailed description at Mechanisms configuration |
|
callbackhandler |
A default callback handler class. Detailed description at CallbackHandler configuration |
|
callbackhandler-${MECHANISM} |
A callback handler class for a particular mechanism. Detailed description at CallbackHandler configuration |
|
mechanism-selector |
A class for filtering SASL mechanisms available in a stream. Detailed description at Selecting mechanisms |
To add a new mechanism, a new factory for the mechanism has to be registered. It can be done with a new line in the config.tdsl file like this one:
'sess-man' () {
'urn:ietf:params:xml:ns:xmpp-sasl' () {
factory = 'com.example.OwnFactory'
}
}The class must implement the SaslServerFactory interface. All mechanisms returned by getMechanismNames() method will be registered automatically.
The default factory that is available and registered by default is tigase.auth.TigaseSaslServerFactory which provides PLAIN and ANONYMOUS mechanisms.
The CallbackHandler is a helper class used for loading/retrieving authentication data from data repository and providing them to a mechanism.
To register a new callback handler the config.tdsl file should include:
'sess-man' () {
'urn:ietf:params:xml:ns:xmpp-sasl' () {
callbackhandler = 'com.example.DefaultCallbackHandler'
}
}It is also possible to register different callback handlers for different mechanisms:
'sess-man' () {
'urn:ietf:params:xml:ns:xmpp-sasl' () {
'callbackhandler-OAUTH' = 'com.example.OAuthCallbackHandler'
'callbackhandler-PLAIN' = 'com.example.PlainCallbackHandler'
}
}During the authentication process, Tigase server always checks for a handler specific to selected mechanisms, and if there is no specific handler the default one is used.
The tigase.auth.MechanismSelector interface is used for selecting mechanisms available in a stream. Method filterMechanisms() should return a collection with mechanisms available based on:
- all registered SASL factories
- XMPP session data (from
XMPPResourceConnectionclass)
The default selector returns mechanisms from Tigase’s default factory (TigaseSaslServerFactory) only.
It is possible to use a custom selector by specifying it’s class int the config.tdsl file:
'sess-man' () {
'urn:ietf:params:xml:ns:xmpp-sasl' () {
'mechanism-selector' = 'com.example.OwnSelector'
}
}