Class: Qpid::Proton::SASL

Inherits:
Object
  • Object
show all
Extended by:
Util::Deprecation, Util::SWIGClassHelper
Includes:
Util::Deprecation
Defined in:
lib/core/sasl.rb

Overview

Note:

Do not instantiate directly, use Transport#sasl to create a SASL object.

The SASL layer is responsible for establishing an authenticated and/or encrypted tunnel over which AMQP frames are passed between peers.

The peer acting as the SASL client must provide authentication credentials.

The peer acting as the SASL server must provide authentication against the received credentials.

Constant Summary collapse

NONE =

Negotation has not completed.

Cproton::PN_SASL_NONE
OK =

Authentication succeeded.

Cproton::PN_SASL_OK
AUTH =

Authentication failed due to bad credentials.

Cproton::PN_SASL_AUTH

Constants included from Util::Deprecation

Util::Deprecation::DEPRECATE_FULL_TRACE, Util::Deprecation::MATCH_DIR

Constants included from Util::SWIGClassHelper

Util::SWIGClassHelper::RBCTX

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Util::Deprecation

deprecated, deprecated, included

Methods included from Util::SWIGClassHelper

fetch_instance, get_key, proton_caller, proton_forward, proton_get, proton_is, proton_set, proton_set_get, proton_set_is, store_instance

Constructor Details

#initialize(transport) ⇒ SASL

Note:

Do not instantiate directly, use Transport#sasl to create a SASL object.

Returns a new instance of SASL.



50
51
52
 
# File 'lib/core/sasl.rb', line 50

def initialize(transport)
  @impl = Cproton.pn_sasl(transport.impl)
end

Instance Attribute Details

#allow_insecure_mechsBool

Returns true if clear text authentication is allowed on insecure connections.

Returns:

  • (Bool)

    true if clear text authentication is allowed on insecure connections.



56
 
# File 'lib/core/sasl.rb', line 56

proton_set_get :allow_insecure_mechs

#userString (readonly)

Returns the authenticated user name.

Returns:

  • (String)

    the authenticated user name



60
 
# File 'lib/core/sasl.rb', line 60

proton_get :user

Class Method Details

.config_name=(name) ⇒ Object

Set the configuration file name, without extension

The name with an a “.conf” extension will be searched for in the configuration path. If not set, it defaults to “proton-server” or “proton-client” for a server (incoming) or client (outgoing) connection respectively.

Parameters:

  • name

    the configuration file name without extension



113
114
115
 
# File 'lib/core/sasl.rb', line 113

def config_name=(name)
  Cproton.pn_sasl_config_name(nil, name)
end

.config_path=(path) ⇒ Object

Set the sasl configuration path

This is used to tell SASL where to look for the configuration file. In the current implementation it can be a colon separated list of directories.

The environment variable PN_SASL_CONFIG_PATH can also be used to set this path, but if both methods are used then this pn_sasl_config_path() will take precedence.

If not set the underlying implementation default will be used.

Parameters:

  • path

    the configuration path



99
100
101
102
 
# File 'lib/core/sasl.rb', line 99

def config_path=(path)
  Cproton.pn_sasl_config_path(nil, path)
  path
end

.extended?Bool

True if extended SASL negotiation is supported

All implementations of Proton support ANONYMOUS and EXTERNAL on both client and server sides and PLAIN on the client side.

Extended SASL implememtations use an external library (Cyrus SASL) to support other mechanisms.

Returns:

  • (Bool)

    true if extended SASL negotiation is supported



80
81
82
 
# File 'lib/core/sasl.rb', line 80

def self.extended?()
  Cproton.pn_sasl_extended()
end

Instance Method Details

#allowed_mechs=(mechanisms) ⇒ Object

Set the mechanisms allowed for SASL negotation

Parameters:

  • mechanisms (String)

    space-delimited list of allowed mechanisms



64
65
66
 
# File 'lib/core/sasl.rb', line 64

def allowed_mechs=(mechanisms)
  Cproton.pn_sasl_allowed_mechs(@impl, mechanisms)
end