You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@labs.apache.org by be...@apache.org on 2008/02/17 13:06:46 UTC
svn commit: r628484 -
/labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java
Author: berndf
Date: Sun Feb 17 04:06:46 2008
New Revision: 628484
URL: http://svn.apache.org/viewvc?rev=628484&view=rev
Log:
[vysper] doc SASL PLAIN
Modified:
labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java
Modified: labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java
URL: http://svn.apache.org/viewvc/labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java?rev=628484&r1=628483&r2=628484&view=diff
==============================================================================
--- labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java (original)
+++ labs/vysper/src/main/java/org/apache/vysper/xmpp/authorization/Plain.java Sun Feb 17 04:06:46 2008
@@ -31,7 +31,7 @@
import java.util.ArrayList;
/**
- * handles SASL PLAIN mechanism
+ * handles SASL PLAIN mechanism. this mechanism is standardized in RFC4616
*/
public class Plain implements SASLMechanism {
public String getName() {
@@ -39,6 +39,8 @@
}
public Stanza started(SessionContext sessionContext, SessionStateHolder sessionStateHolder, Stanza authStanza) {
+ // TODO assure, that connection is secured via TLS. if not, reject SASL PLAIN
+
List<XMLText> innerTexts = authStanza.getInnerTexts();
if (innerTexts == null || innerTexts.isEmpty()) return new AuthorizationResponses().getFailureMalformedRequest();
@@ -63,12 +65,13 @@
}
}
- if (decodedParts.size() < 2) {
+ if (decodedParts.size() != 3) {
return new AuthorizationResponses().getFailureMalformedRequest();
}
- String username = decodedParts.get(decodedParts.size()-2);
- String password = decodedParts.get(decodedParts.size()-1);
+ String alias = decodedParts.get(0); // "authorization identity (identity to act as)", currently unused
+ String username = decodedParts.get(1); // "authentication identity (identity whose password will be used)"
+ String password = decodedParts.get(2);
if (!username.contains("@")) username = username + "@" + sessionContext.getServerJID().getDomain();
EntityImpl initiatingEntity;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@labs.apache.org
For additional commands, e-mail: commits-help@labs.apache.org