quantranhong1999 commented on code in PR #3072:
URL: https://github.com/apache/james-project/pull/3072#discussion_r3489419159
##########
server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServerFactory.java:
##########
@@ -35,26 +37,73 @@
import org.apache.james.dnsservice.api.DNSService;
import org.apache.james.filesystem.api.FileSystem;
import org.apache.james.metrics.api.MetricFactory;
+import org.apache.james.protocols.api.sasl.SaslAuthenticator;
+import org.apache.james.protocols.api.sasl.SaslMechanism;
+import org.apache.james.protocols.api.sasl.SaslMechanismFactory;
import org.apache.james.protocols.lib.handler.ProtocolHandlerLoader;
import org.apache.james.protocols.lib.netty.AbstractConfigurableAsyncServer;
import org.apache.james.protocols.lib.netty.AbstractServerFactory;
import org.apache.james.protocols.netty.Encryption;
+import org.apache.james.protocols.sasl.BuiltInSaslMechanismFactories;
+import org.apache.james.protocols.sasl.OauthBearerSaslMechanismFactory;
+import org.apache.james.protocols.sasl.PlainSaslMechanismFactory;
+import org.apache.james.protocols.sasl.XOauth2SaslMechanismFactory;
+import
org.apache.james.smtpserver.netty.SMTPServer.AuthAnnouncementConfiguration;
+
+import com.github.fge.lambdas.Throwing;
+import com.google.common.collect.ImmutableList;
public class SMTPServerFactory extends AbstractServerFactory implements
Disconnector, ConnectionDescriptionSupplier {
+ @FunctionalInterface
+ public interface SmtpSaslMechanismLoader {
+ static SmtpSaslMechanismLoader defaultLoader() {
+ ImmutableList<SaslMechanismFactory> defaultFactories =
ImmutableList.of(
+ new
PlainSaslMechanismFactory(AuthAnnouncementConfiguration.REQUIRE_SSL_DEFAULT),
+ new OauthBearerSaslMechanismFactory(),
+ new XOauth2SaslMechanismFactory());
+ return configuration -> loadBuiltInMechanisms(defaultFactories,
configuration);
+ }
+
+ ImmutableList<SaslMechanism>
load(HierarchicalConfiguration<ImmutableNode> configuration) throws
ConfigurationException;
+ }
Review Comment:
SMTP has a legacy behavior documented in
`docs/modules/servers/partials/configure/smtp.adoc`: `auth.requireSSL=true`
only prevents advertising AUTH before STARTTLS. Even when AUTH is not
advertised, clients may still explicitly use `AUTH PLAIN` / `AUTH LOGIN`.
So for SMTP, `auth.requireSSL` controls EHLO capability announcement, not
command execution. For IMAP, the equivalent setting really disables clear-text
PLAIN authentication.
For example, the `SMIMECheckSignatureWithKeyStoreFileIntegrationTest` is
failing because I am applying strictly the same IMAP behavior
(`requireSSL=true` <=> no clear text PLAIN auth) for SMTP.
I may need to let SMTP use a slightly different default factory
configuration to preserve backward compatibility.
Or do you think we can drop that legacy behavior of SMTP, and just align
`requireSSL=true` <=> no authentication via clear text channel?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]