Code review request: 7110803: SASL service for multiple hostnames
Weijun Wang
weijun.wang at oracle.com
Thu Oct 18 03:14:12 UTC 2012
Hi All
Please take a look at
http://cr.openjdk.java.net/~weijun/7110803/webrev.00/
In Sasl.createSaslServer() method, the serverName argument is documented
as "[t]he non-null fully qualified host name of the server". This means
a SASL service must specify the exact hostname it is serving at (say,
my.host.com). This is not true any more in today's virtualized world in
which a service might be serving clients from different networks by
exposing different service names.
The RFE allows serverName to be set to null in Sasl.createSaslServer()
and thus creates an unbound SASL server. This will be useful if the
server can accept multiple server names (think of virtual hosts in an
Apache HTTP server) or the name is configured in the underlying
mechanism. It also provides a new negotiated property called
BOUND_SERVER_NAME so that an unbound server has a chance to see its
bound name after the auth exchange is completed.
This patch includes the API change and trivial changes for some
mechanisms. The patch for the GSSAPI mechanism is a little more
complicated and will be addressed in a sub-bug.
Thanks
Max
More information about the security-dev
mailing list