1 /*
2  * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package javax.security.auth.callback;
27 
28 /**
29  * <p> An application implements a {@code CallbackHandler} and passes
30  * it to underlying security services so that they may interact with
31  * the application to retrieve specific authentication data,
32  * such as usernames and passwords, or to display certain information,
33  * such as error and warning messages.
34  *
35  * <p> CallbackHandlers are implemented in an application-dependent fashion.
36  * For example, implementations for an application with a graphical user
37  * interface (GUI) may pop up windows to prompt for requested information
38  * or to display error messages.  An implementation may also choose to obtain
39  * requested information from an alternate source without asking the end user.
40  *
41  * <p> Underlying security services make requests for different types
42  * of information by passing individual Callbacks to the
43  * {@code CallbackHandler}.  The {@code CallbackHandler}
44  * implementation decides how to retrieve and display information
45  * depending on the Callbacks passed to it.  For example,
46  * if the underlying service needs a username and password to
47  * authenticate a user, it uses a {@code NameCallback} and
48  * {@code PasswordCallback}.  The {@code CallbackHandler}
49  * can then choose to prompt for a username and password serially,
50  * or to prompt for both in a single window.
51  *
52  * <p> A default {@code CallbackHandler} class implementation
53  * may be specified by setting the value of the
54  * {@code auth.login.defaultCallbackHandler} security property.
55  *
56  * <p> If the security property is set to the fully qualified name of a
57  * {@code CallbackHandler} implementation class,
58  * then a {@code LoginContext} will load the specified
59  * {@code CallbackHandler} and pass it to the underlying LoginModules.
60  * The {@code LoginContext} only loads the default handler
61  * if it was not provided one.
62  *
63  * <p> All default handler implementations must provide a public
64  * zero-argument constructor.
65  *
66  * @see java.security.Security security properties
67  */
68 public interface CallbackHandler {
69 
70     /**
71      * <p> Retrieve or display the information requested in the
72      * provided Callbacks.
73      *
74      * <p> The {@code handle} method implementation checks the
75      * instance(s) of the {@code Callback} object(s) passed in
76      * to retrieve or display the requested information.
77      * The following example is provided to help demonstrate what an
78      * {@code handle} method implementation might look like.
79      * This example code is for guidance only.  Many details,
80      * including proper error handling, are left out for simplicity.
81      *
82      * <pre>{@code
83      * public void handle(Callback[] callbacks)
84      * throws IOException, UnsupportedCallbackException {
85      *
86      *   for (int i = 0; i < callbacks.length; i++) {
87      *      if (callbacks[i] instanceof TextOutputCallback) {
88      *
89      *          // display the message according to the specified type
90      *          TextOutputCallback toc = (TextOutputCallback)callbacks[i];
91      *          switch (toc.getMessageType()) {
92      *          case TextOutputCallback.INFORMATION:
93      *              System.out.println(toc.getMessage());
94      *              break;
95      *          case TextOutputCallback.ERROR:
96      *              System.out.println("ERROR: " + toc.getMessage());
97      *              break;
98      *          case TextOutputCallback.WARNING:
99      *              System.out.println("WARNING: " + toc.getMessage());
100      *              break;
101      *          default:
102      *              throw new IOException("Unsupported message type: " +
103      *                                  toc.getMessageType());
104      *          }
105      *
106      *      } else if (callbacks[i] instanceof NameCallback) {
107      *
108      *          // prompt the user for a username
109      *          NameCallback nc = (NameCallback)callbacks[i];
110      *
111      *          // ignore the provided defaultName
112      *          System.err.print(nc.getPrompt());
113      *          System.err.flush();
114      *          nc.setName((new BufferedReader
115      *                  (new InputStreamReader(System.in))).readLine());
116      *
117      *      } else if (callbacks[i] instanceof PasswordCallback) {
118      *
119      *          // prompt the user for sensitive information
120      *          PasswordCallback pc = (PasswordCallback)callbacks[i];
121      *          System.err.print(pc.getPrompt());
122      *          System.err.flush();
123      *          pc.setPassword(readPassword(System.in));
124      *
125      *      } else {
126      *          throw new UnsupportedCallbackException
127      *                  (callbacks[i], "Unrecognized Callback");
128      *      }
129      *   }
130      * }
131      *
132      * // Reads user password from given input stream.
133      * private char[] readPassword(InputStream in) throws IOException {
134      *    // insert code to read a user password from the input stream
135      * }
136      * }</pre>
137      *
138      * @param callbacks an array of {@code Callback} objects provided
139      *          by an underlying security service which contains
140      *          the information requested to be retrieved or displayed.
141      *
142      * @exception java.io.IOException if an input or output error occurs. <p>
143      *
144      * @exception UnsupportedCallbackException if the implementation of this
145      *          method does not support one or more of the Callbacks
146      *          specified in the {@code callbacks} parameter.
147      */
handle(Callback[] callbacks)148     void handle(Callback[] callbacks)
149     throws java.io.IOException, UnsupportedCallbackException;
150 }
151