Code review request: 7110803: SASL service for multiple hostnames
Sean Mullan
sean.mullan at oracle.com
Tue Oct 30 18:25:39 UTC 2012
Hi Max,
Looks good. A few minor comments:
* SaslServerFactory
64: typo: s/to. or null/to, or null/
* Sasl
124: it would be helpful to mention the methods that the serverName argument is
referring to.
* GssKrb5Server.java
76: s/Will/will
--Sean
On 10/17/12 11:14 PM, Weijun Wang wrote:
> Hi All
>
> Please take a look at
>
> http://cr.openjdk.java.net/~weijun/7110803/webrev.00/
>
> In Sasl.createSaslServer() method, the serverName argument is documented
> as "[t]he non-null fully qualified host name of the server". This means
> a SASL service must specify the exact hostname it is serving at (say,
> my.host.com). This is not true any more in today's virtualized world in
> which a service might be serving clients from different networks by
> exposing different service names.
>
> The RFE allows serverName to be set to null in Sasl.createSaslServer()
> and thus creates an unbound SASL server. This will be useful if the
> server can accept multiple server names (think of virtual hosts in an
> Apache HTTP server) or the name is configured in the underlying
> mechanism. It also provides a new negotiated property called
> BOUND_SERVER_NAME so that an unbound server has a chance to see its
> bound name after the auth exchange is completed.
>
> This patch includes the API change and trivial changes for some
> mechanisms. The patch for the GSSAPI mechanism is a little more
> complicated and will be addressed in a sub-bug.
>
> Thanks
> Max
>
More information about the security-dev
mailing list