001    /*
002     *  Licensed to the Apache Software Foundation (ASF) under one
003     *  or more contributor license agreements.  See the NOTICE file
004     *  distributed with this work for additional information
005     *  regarding copyright ownership.  The ASF licenses this file
006     *  to you under the Apache License, Version 2.0 (the
007     *  "License"); you may not use this file except in compliance
008     *  with the License.  You may obtain a copy of the License at
009     *
010     *    http://www.apache.org/licenses/LICENSE-2.0
011     *
012     *  Unless required by applicable law or agreed to in writing,
013     *  software distributed under the License is distributed on an
014     *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     *  KIND, either express or implied.  See the License for the
016     *  specific language governing permissions and limitations
017     *  under the License.
018     *
019     */
020    package org.apache.directory.server.ldap.handlers.bind;
021    
022    import javax.security.sasl.SaslServer;
023    
024    import org.apache.directory.server.ldap.LdapSession;
025    import org.apache.mina.core.filterchain.IoFilterChain;
026    import org.apache.mina.core.session.IoSession;
027    import org.slf4j.Logger;
028    import org.slf4j.LoggerFactory;
029    
030    
031    /**
032     * 
033     * An abstract class for all the MechanismHandlers, implementing some common methods
034     *
035     * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
036     * @version $Rev$, $Date$
037     */
038    public abstract class AbstractMechanismHandler implements MechanismHandler
039    {
040        /** A logger for this class **/
041        private static final Logger LOG = LoggerFactory.getLogger( AbstractMechanismHandler.class );
042    
043        
044        /**
045         * Inject a SaslFilter into the Filter chain, to deal with modified
046         * PDU sent when some mechanisms have been negotiated (DIGEST-MD5, GSSAPI, 
047         * for instance)
048         *
049         * @param ldapSession the LdapSession instance
050         */
051        protected void insertSaslFilter( LdapSession ldapSession )
052        {
053            LOG.debug( "Inserting SaslFilter to engage negotiated security layer." );
054            IoSession ioSession = ldapSession.getIoSession();
055        
056            // get the Io chain
057            IoFilterChain chain = ioSession.getFilterChain();
058            
059            if ( !chain.contains( SaslConstants.SASL_FILTER ) )
060            {
061                SaslServer saslServer = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
062                chain.addBefore( "codec", SaslConstants.SASL_FILTER, new SaslFilter( saslServer ) );
063            }
064        
065            /*
066             * We disable the SASL security layer once, to write the outbound SUCCESS
067             * message without SASL security layer processing.
068             */
069            ioSession.setAttribute( SaslFilter.DISABLE_SECURITY_LAYER_ONCE, Boolean.TRUE );
070        }
071    }