@Override
public OptionMap getOptionMap() {
List<String> mechanisms = new LinkedList<String>();
Set<Property> properties = new HashSet<Property>();
Builder builder = OptionMap.builder();
mechanisms.add(JBOSS_LOCAL_USER);
builder.set(SASL_POLICY_NOPLAINTEXT, false);
properties.add(Property.of(LOCAL_DEFAULT_USER, DOLLAR_LOCAL));
if (tokensDir != null) {
properties.add(Property.of(LOCAL_USER_CHALLENGE_PATH, tokensDir));
}
if (digestMd5Supported()) {
mechanisms.add(DIGEST_MD5);
properties.add(Property.of(REALM_PROPERTY, realm.getName()));
if (contains(DigestHashCallback.class, realm.getCallbackHandler().getSupportedCallbacks())) {
properties.add(Property.of(PRE_DIGESTED_PROPERTY, Boolean.TRUE.toString()));
}
} else if (plainSupported()) {
mechanisms.add(PLAIN);
} else if (realm == null) {
mechanisms.add(ANONYMOUS);
builder.set(SASL_POLICY_NOANONYMOUS, false);
} else {
throw new IllegalStateException("A security realm has been specified but no supported mechanism identified.");
}
SslMode sslMode = getSslMode();
switch (sslMode) {
case OFF:
builder.set(SSL_ENABLED, false);
break;
case TRANSPORT_ONLY:
builder.set(SSL_ENABLED, true);
builder.set(SSL_STARTTLS, true);
break;
case CLIENT_AUTH_REQUESTED:
builder.set(SSL_ENABLED, true);
builder.set(SSL_STARTTLS, true);
mechanisms.add(0, EXTERNAL);
builder.set(SSL_CLIENT_AUTH_MODE, REQUESTED);
break;
// We do not currently support the SSL_CLIENT_AUTH_MODE of REQUIRED as there is always
// the possibility that the local mechanism will still be needed.
}
builder.set(SASL_MECHANISMS, Sequence.of(mechanisms));
builder.set(SASL_PROPERTIES, Sequence.of(properties));
return builder.getMap();
}