Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License.
018 *
019 */
020package org.apache.directory.server.ldap.handlers.sasl;
021
022
023import javax.security.sasl.SaslServer;
024
025import org.apache.directory.server.ldap.LdapSession;
026import org.apache.mina.core.filterchain.IoFilterChain;
027import org.apache.mina.core.session.IoSession;
028import org.slf4j.Logger;
029import org.slf4j.LoggerFactory;
030
031
032/**
033 * 
034 * An abstract class for all the MechanismHandlers, implementing some common methods
035 *
036 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
037 */
038public abstract class AbstractMechanismHandler implements MechanismHandler
039{
040    /** A logger for this class **/
041    private static final Logger LOG = LoggerFactory.getLogger( AbstractMechanismHandler.class );
042
043
044    /**
045     * Inject a SaslFilter into the Filter chain, to deal with modified
046     * PDU sent when some mechanisms have been negotiated (DIGEST-MD5, GSSAPI, 
047     * for instance)
048     *
049     * @param ldapSession the LdapSession instance
050     */
051    protected void insertSaslFilter( LdapSession ldapSession )
052    {
053        LOG.debug( "Inserting SaslFilter to engage negotiated security layer." );
054        IoSession ioSession = ldapSession.getIoSession();
055
056        // get the Io chain
057        IoFilterChain chain = ioSession.getFilterChain();
058
059        if ( !chain.contains( SaslConstants.SASL_FILTER ) )
060        {
061            SaslServer saslServer = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
062            chain.addBefore( "codec", SaslConstants.SASL_FILTER, new SaslFilter( saslServer ) );
063        }
064
065        /*
066         * We disable the SASL security layer once, to write the outbound SUCCESS
067         * message without SASL security layer processing.
068         */
069        ioSession.setAttribute( SaslFilter.DISABLE_SECURITY_LAYER_ONCE, Boolean.TRUE );
070    }
071}