1 /* 2 * @(#)CallbackHandler.java 1.17 04/06/28 3 * 4 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 5 * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. 6 */ 7 8 package javax.security.auth.callback; 9 10 /** 11 * <p> An application implements a <code>CallbackHandler</code> and passes 12 * it to underlying security services so that they may interact with 13 * the application to retrieve specific authentication data, 14 * such as usernames and passwords, or to display certain information, 15 * such as error and warning messages. 16 * 17 * <p> CallbackHandlers are implemented in an application-dependent fashion. 18 * For example, implementations for an application with a graphical user 19 * interface (GUI) may pop up windows to prompt for requested information 20 * or to display error messages. An implementation may also choose to obtain 21 * requested information from an alternate source without asking the end user. 22 * 23 * <p> Underlying security services make requests for different types 24 * of information by passing individual Callbacks to the 25 * <code>CallbackHandler</code>. The <code>CallbackHandler</code> 26 * implementation decides how to retrieve and display information 27 * depending on the Callbacks passed to it. For example, 28 * if the underlying service needs a username and password to 29 * authenticate a user, it uses a <code>NameCallback</code> and 30 * <code>PasswordCallback</code>. The <code>CallbackHandler</code> 31 * can then choose to prompt for a username and password serially, 32 * or to prompt for both in a single window. 33 * 34 * <p> A default <code>CallbackHandler</code> class implementation 35 * may be specified in the <i>auth.login.defaultCallbackHandler</i> 36 * security property. The security property can be set 37 * in the Java security properties file located in the file named 38 * <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> 39 * refers to the directory where the JDK was installed. 40 * 41 * <p> If the security property is set to the fully qualified name of a 42 * <code>CallbackHandler</code> implementation class, 43 * then a <code>LoginContext</code> will load the specified 44 * <code>CallbackHandler</code> and pass it to the underlying LoginModules. 45 * The <code>LoginContext</code> only loads the default handler 46 * if it was not provided one. 47 * 48 * <p> All default handler implementations must provide a public 49 * zero-argument constructor. 50 * 51 * @version 1.17, 06/28/04 52 */ 53 public interface CallbackHandler { 54 55 /** 56 * <p> Retrieve or display the information requested in the 57 * provided Callbacks. 58 * 59 * <p> The <code>handle</code> method implementation checks the 60 * instance(s) of the <code>Callback</code> object(s) passed in 61 * to retrieve or display the requested information. 62 * The following example is provided to help demonstrate what an 63 * <code>handle</code> method implementation might look like. 64 * This example code is for guidance only. Many details, 65 * including proper error handling, are left out for simplicity. 66 * 67 * <pre> 68 * public void handle(Callback[] callbacks) 69 * throws IOException, UnsupportedCallbackException { 70 * 71 * for (int i = 0; i < callbacks.length; i++) { 72 * if (callbacks[i] instanceof TextOutputCallback) { 73 * 74 * // display the message according to the specified type 75 * TextOutputCallback toc = (TextOutputCallback)callbacks[i]; 76 * switch (toc.getMessageType()) { 77 * case TextOutputCallback.INFORMATION: 78 * System.out.println(toc.getMessage()); 79 * break; 80 * case TextOutputCallback.ERROR: 81 * System.out.println("ERROR: " + toc.getMessage()); 82 * break; 83 * case TextOutputCallback.WARNING: 84 * System.out.println("WARNING: " + toc.getMessage()); 85 * break; 86 * default: 87 * throw new IOException("Unsupported message type: " + 88 * toc.getMessageType()); 89 * } 90 * 91 * } else if (callbacks[i] instanceof NameCallback) { 92 * 93 * // prompt the user for a username 94 * NameCallback nc = (NameCallback)callbacks[i]; 95 * 96 * // ignore the provided defaultName 97 * System.err.print(nc.getPrompt()); 98 * System.err.flush(); 99 * nc.setName((new BufferedReader 100 * (new InputStreamReader(System.in))).readLine()); 101 * 102 * } else if (callbacks[i] instanceof PasswordCallback) { 103 * 104 * // prompt the user for sensitive information 105 * PasswordCallback pc = (PasswordCallback)callbacks[i]; 106 * System.err.print(pc.getPrompt()); 107 * System.err.flush(); 108 * pc.setPassword(readPassword(System.in)); 109 * 110 * } else { 111 * throw new UnsupportedCallbackException 112 * (callbacks[i], "Unrecognized Callback"); 113 * } 114 * } 115 * } 116 * 117 * // Reads user password from given input stream. 118 * private char[] readPassword(InputStream in) throws IOException { 119 * // insert code to read a user password from the input stream 120 * } 121 * </pre> 122 * 123 * @param callbacks an array of <code>Callback</code> objects provided 124 * by an underlying security service which contains 125 * the information requested to be retrieved or displayed. 126 * 127 * @exception java.io.IOException if an input or output error occurs. <p> 128 * 129 * @exception UnsupportedCallbackException if the implementation of this 130 * method does not support one or more of the Callbacks 131 * specified in the <code>callbacks</code> parameter. 132 */ 133 void handle(Callback[] callbacks) 134 throws java.io.IOException, UnsupportedCallbackException; 135 } 136