You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@labs.apache.org by be...@apache.org on 2008/02/17 13:06:46 UTC

svn commit: r628484 - /labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java

Author: berndf
Date: Sun Feb 17 04:06:46 2008
New Revision: 628484

URL: http://svn.apache.org/viewvc?rev=628484&view=rev
Log:
[vysper] doc SASL PLAIN

Modified:
    labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java

Modified: labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java
URL: http://svn.apache.org/viewvc/labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java?rev=628484&r1=628483&r2=628484&view=diff
==============================================================================
--- labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java (original)
+++ labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java Sun Feb 17 04:06:46 2008
@@ -31,7 +31,7 @@
 import java.util.ArrayList;
 
 /**
- * handles SASL PLAIN mechanism
+ * handles SASL PLAIN mechanism. this mechanism is standardized in RFC4616
  */
 public class Plain implements SASLMechanism {
     public String getName() {
@@ -39,6 +39,8 @@
     }
 
     public Stanza started(SessionContext sessionContext, SessionStateHolder sessionStateHolder, Stanza authStanza) {
+        // TODO assure, that connection is secured via TLS. if not, reject SASL PLAIN 
+        
         List<XMLText> innerTexts = authStanza.getInnerTexts();
         if (innerTexts == null || innerTexts.isEmpty()) return new AuthorizationResponses().getFailureMalformedRequest();
 
@@ -63,12 +65,13 @@
             }
         }
 
-        if (decodedParts.size() < 2) {
+        if (decodedParts.size() != 3) {
             return new AuthorizationResponses().getFailureMalformedRequest();  
         }
         
-        String username = decodedParts.get(decodedParts.size()-2);
-        String password = decodedParts.get(decodedParts.size()-1);
+        String alias = decodedParts.get(0); // "authorization identity (identity to act as)", currently unused
+        String username = decodedParts.get(1); // "authentication identity (identity whose password will be used)"
+        String password = decodedParts.get(2);
 
         if (!username.contains("@")) username = username + "@" + sessionContext.getServerJID().getDomain();
         EntityImpl initiatingEntity;



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@labs.apache.org
For additional commands, e-mail: commits-help@labs.apache.org