1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136
/* * @(#)CallbackHandler.java 1.19 05/11/17 * * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package javax.security.auth.callback; /** * <p> An application implements a <code>CallbackHandler</code> and passes * it to underlying security services so that they may interact with * the application to retrieve specific authentication data, * such as usernames and passwords, or to display certain information, * such as error and warning messages. * * <p> CallbackHandlers are implemented in an application-dependent fashion. * For example, implementations for an application with a graphical user * interface (GUI) may pop up windows to prompt for requested information * or to display error messages. An implementation may also choose to obtain * requested information from an alternate source without asking the end user. * * <p> Underlying security services make requests for different types * of information by passing individual Callbacks to the * <code>CallbackHandler</code>. The <code>CallbackHandler</code> * implementation decides how to retrieve and display information * depending on the Callbacks passed to it. For example, * if the underlying service needs a username and password to * authenticate a user, it uses a <code>NameCallback</code> and * <code>PasswordCallback</code>. The <code>CallbackHandler</code> * can then choose to prompt for a username and password serially, * or to prompt for both in a single window. * * <p> A default <code>CallbackHandler</code> class implementation * may be specified in the <i>auth.login.defaultCallbackHandler</i> * security property. The security property can be set * in the Java security properties file located in the file named * <JAVA_HOME>/lib/security/java.security. * <JAVA_HOME> refers to the value of the java.home system property, * and specifies the directory where the JRE is installed. * * <p> If the security property is set to the fully qualified name of a * <code>CallbackHandler</code> implementation class, * then a <code>LoginContext</code> will load the specified * <code>CallbackHandler</code> and pass it to the underlying LoginModules. * The <code>LoginContext</code> only loads the default handler * if it was not provided one. * * <p> All default handler implementations must provide a public * zero-argument constructor. * * @version 1.19, 11/17/05 */ public interface CallbackHandler { /** * <p> Retrieve or display the information requested in the * provided Callbacks. * * <p> The <code>handle</code> method implementation checks the * instance(s) of the <code>Callback</code> object(s) passed in * to retrieve or display the requested information. * The following example is provided to help demonstrate what an * <code>handle</code> method implementation might look like. * This example code is for guidance only. Many details, * including proper error handling, are left out for simplicity. * * <pre> * public void handle(Callback[] callbacks) * throws IOException, UnsupportedCallbackException { * * for (int i = 0; i < callbacks.length; i++) { * if (callbacks[i] instanceof TextOutputCallback) { * * // display the message according to the specified type * TextOutputCallback toc = (TextOutputCallback)callbacks[i]; * switch (toc.getMessageType()) { * case TextOutputCallback.INFORMATION: * System.out.println(toc.getMessage()); * break; * case TextOutputCallback.ERROR: * System.out.println("ERROR: " + toc.getMessage()); * break; * case TextOutputCallback.WARNING: * System.out.println("WARNING: " + toc.getMessage()); * break; * default: * throw new IOException("Unsupported message type: " + * toc.getMessageType()); * } * * } else if (callbacks[i] instanceof NameCallback) { * * // prompt the user for a username * NameCallback nc = (NameCallback)callbacks[i]; * * // ignore the provided defaultName * System.err.print(nc.getPrompt()); * System.err.flush(); * nc.setName((new BufferedReader * (new InputStreamReader(System.in))).readLine()); * * } else if (callbacks[i] instanceof PasswordCallback) { * * // prompt the user for sensitive information * PasswordCallback pc = (PasswordCallback)callbacks[i]; * System.err.print(pc.getPrompt()); * System.err.flush(); * pc.setPassword(readPassword(System.in)); * * } else { * throw new UnsupportedCallbackException * (callbacks[i], "Unrecognized Callback"); * } * } * } * * // Reads user password from given input stream. * private char[] readPassword(InputStream in) throws IOException { * // insert code to read a user password from the input stream * } * </pre> * * @param callbacks an array of <code>Callback</code> objects provided * by an underlying security service which contains * the information requested to be retrieved or displayed. * * @exception java.io.IOException if an input or output error occurs. <p> * * @exception UnsupportedCallbackException if the implementation of this * method does not support one or more of the Callbacks * specified in the <code>callbacks</code> parameter. */ void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException; }