1 /*
   2  * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package javax.security.auth.callback;
  27 
  28 /**
  29  * <p> An application implements a {@code CallbackHandler} and passes
  30  * it to underlying security services so that they may interact with
  31  * the application to retrieve specific authentication data,
  32  * such as usernames and passwords, or to display certain information,
  33  * such as error and warning messages.
  34  *
  35  * <p> CallbackHandlers are implemented in an application-dependent fashion.
  36  * For example, implementations for an application with a graphical user
  37  * interface (GUI) may pop up windows to prompt for requested information
  38  * or to display error messages.  An implementation may also choose to obtain
  39  * requested information from an alternate source without asking the end user.
  40  *
  41  * <p> Underlying security services make requests for different types
  42  * of information by passing individual Callbacks to the
  43  * {@code CallbackHandler}.  The {@code CallbackHandler}
  44  * implementation decides how to retrieve and display information
  45  * depending on the Callbacks passed to it.  For example,
  46  * if the underlying service needs a username and password to
  47  * authenticate a user, it uses a {@code NameCallback} and
  48  * {@code PasswordCallback}.  The {@code CallbackHandler}
  49  * can then choose to prompt for a username and password serially,
  50  * or to prompt for both in a single window.
  51  *
  52  * <p> A default {@code CallbackHandler} class implementation
  53  * may be specified by setting the value of the
  54  * {@code auth.login.defaultCallbackHandler} security property.
  55  *
  56  * <p> If the security property is set to the fully qualified name of a
  57  * {@code CallbackHandler} implementation class,
  58  * then a {@code LoginContext} will load the specified
  59  * {@code CallbackHandler} and pass it to the underlying LoginModules.
  60  * The {@code LoginContext} only loads the default handler
  61  * if it was not provided one.
  62  *
  63  * <p> All default handler implementations must provide a public
  64  * zero-argument constructor.
  65  *
  66  * @since 1.4
  67  * @see java.security.Security security properties
  68  */
  69 public interface CallbackHandler {
  70 
  71     /**
  72      * <p> Retrieve or display the information requested in the
  73      * provided Callbacks.
  74      *
  75      * <p> The {@code handle} method implementation checks the
  76      * instance(s) of the {@code Callback} object(s) passed in
  77      * to retrieve or display the requested information.
  78      * The following example is provided to help demonstrate what an
  79      * {@code handle} method implementation might look like.
  80      * This example code is for guidance only.  Many details,
  81      * including proper error handling, are left out for simplicity.
  82      *
  83      * <pre>{@code
  84      * public void handle(Callback[] callbacks)
  85      * throws IOException, UnsupportedCallbackException {
  86      *
  87      *   for (int i = 0; i < callbacks.length; i++) {
  88      *      if (callbacks[i] instanceof TextOutputCallback) {
  89      *
  90      *          // display the message according to the specified type
  91      *          TextOutputCallback toc = (TextOutputCallback)callbacks[i];
  92      *          switch (toc.getMessageType()) {
  93      *          case TextOutputCallback.INFORMATION:
  94      *              System.out.println(toc.getMessage());
  95      *              break;
  96      *          case TextOutputCallback.ERROR:
  97      *              System.out.println("ERROR: " + toc.getMessage());
  98      *              break;
  99      *          case TextOutputCallback.WARNING:
 100      *              System.out.println("WARNING: " + toc.getMessage());
 101      *              break;
 102      *          default:
 103      *              throw new IOException("Unsupported message type: " +
 104      *                                  toc.getMessageType());
 105      *          }
 106      *
 107      *      } else if (callbacks[i] instanceof NameCallback) {
 108      *
 109      *          // prompt the user for a username
 110      *          NameCallback nc = (NameCallback)callbacks[i];
 111      *
 112      *          // ignore the provided defaultName
 113      *          System.err.print(nc.getPrompt());
 114      *          System.err.flush();
 115      *          nc.setName((new BufferedReader
 116      *                  (new InputStreamReader(System.in))).readLine());
 117      *
 118      *      } else if (callbacks[i] instanceof PasswordCallback) {
 119      *
 120      *          // prompt the user for sensitive information
 121      *          PasswordCallback pc = (PasswordCallback)callbacks[i];
 122      *          System.err.print(pc.getPrompt());
 123      *          System.err.flush();
 124      *          pc.setPassword(readPassword(System.in));
 125      *
 126      *      } else {
 127      *          throw new UnsupportedCallbackException
 128      *                  (callbacks[i], "Unrecognized Callback");
 129      *      }
 130      *   }
 131      * }
 132      *
 133      * // Reads user password from given input stream.
 134      * private char[] readPassword(InputStream in) throws IOException {
 135      *    // insert code to read a user password from the input stream
 136      * }
 137      * }</pre>
 138      *
 139      * @param callbacks an array of {@code Callback} objects provided
 140      *          by an underlying security service which contains
 141      *          the information requested to be retrieved or displayed.
 142      *
 143      * @exception java.io.IOException if an input or output error occurs.
 144      *
 145      * @exception UnsupportedCallbackException if the implementation of this
 146      *          method does not support one or more of the Callbacks
 147      *          specified in the {@code callbacks} parameter.
 148      */
 149     void handle(Callback[] callbacks)
 150     throws java.io.IOException, UnsupportedCallbackException;
 151 }