001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.ldap.handlers.sasl; 021 022 023import javax.security.sasl.SaslServer; 024 025import org.apache.directory.server.ldap.LdapSession; 026import org.apache.mina.core.filterchain.IoFilterChain; 027import org.apache.mina.core.session.IoSession; 028import org.slf4j.Logger; 029import org.slf4j.LoggerFactory; 030 031 032/** 033 * 034 * An abstract class for all the MechanismHandlers, implementing some common methods 035 * 036 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 037 */ 038public abstract class AbstractMechanismHandler implements MechanismHandler 039{ 040 /** A logger for this class **/ 041 private static final Logger LOG = LoggerFactory.getLogger( AbstractMechanismHandler.class ); 042 043 044 /** 045 * Inject a SaslFilter into the Filter chain, to deal with modified 046 * PDU sent when some mechanisms have been negotiated (DIGEST-MD5, GSSAPI, 047 * for instance) 048 * 049 * @param ldapSession the LdapSession instance 050 */ 051 protected void insertSaslFilter( LdapSession ldapSession ) 052 { 053 LOG.debug( "Inserting SaslFilter to engage negotiated security layer." ); 054 IoSession ioSession = ldapSession.getIoSession(); 055 056 // get the Io chain 057 IoFilterChain chain = ioSession.getFilterChain(); 058 059 if ( !chain.contains( SaslConstants.SASL_FILTER ) ) 060 { 061 SaslServer saslServer = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER ); 062 chain.addBefore( "codec", SaslConstants.SASL_FILTER, new SaslFilter( saslServer ) ); 063 } 064 065 /* 066 * We disable the SASL security layer once, to write the outbound SUCCESS 067 * message without SASL security layer processing. 068 */ 069 ioSession.setAttribute( SaslFilter.DISABLE_SECURITY_LAYER_ONCE, Boolean.TRUE ); 070 } 071}