quantranhong1999 commented on code in PR #3072:
URL: https://github.com/apache/james-project/pull/3072#discussion_r3489419159


##########
server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServerFactory.java:
##########
@@ -35,26 +37,73 @@
 import org.apache.james.dnsservice.api.DNSService;
 import org.apache.james.filesystem.api.FileSystem;
 import org.apache.james.metrics.api.MetricFactory;
+import org.apache.james.protocols.api.sasl.SaslAuthenticator;
+import org.apache.james.protocols.api.sasl.SaslMechanism;
+import org.apache.james.protocols.api.sasl.SaslMechanismFactory;
 import org.apache.james.protocols.lib.handler.ProtocolHandlerLoader;
 import org.apache.james.protocols.lib.netty.AbstractConfigurableAsyncServer;
 import org.apache.james.protocols.lib.netty.AbstractServerFactory;
 import org.apache.james.protocols.netty.Encryption;
+import org.apache.james.protocols.sasl.BuiltInSaslMechanismFactories;
+import org.apache.james.protocols.sasl.OauthBearerSaslMechanismFactory;
+import org.apache.james.protocols.sasl.PlainSaslMechanismFactory;
+import org.apache.james.protocols.sasl.XOauth2SaslMechanismFactory;
+import 
org.apache.james.smtpserver.netty.SMTPServer.AuthAnnouncementConfiguration;
+
+import com.github.fge.lambdas.Throwing;
+import com.google.common.collect.ImmutableList;
 
 public class SMTPServerFactory extends AbstractServerFactory implements 
Disconnector, ConnectionDescriptionSupplier {
+    @FunctionalInterface
+    public interface SmtpSaslMechanismLoader {
+        static SmtpSaslMechanismLoader defaultLoader() {
+            ImmutableList<SaslMechanismFactory> defaultFactories = 
ImmutableList.of(
+                new 
PlainSaslMechanismFactory(AuthAnnouncementConfiguration.REQUIRE_SSL_DEFAULT),
+                new OauthBearerSaslMechanismFactory(),
+                new XOauth2SaslMechanismFactory());
+            return configuration -> loadBuiltInMechanisms(defaultFactories, 
configuration);
+        }
+
+        ImmutableList<SaslMechanism> 
load(HierarchicalConfiguration<ImmutableNode> configuration) throws 
ConfigurationException;
+    }

Review Comment:
   SMTP has a legacy behavior documented in 
`docs/modules/servers/partials/configure/smtp.adoc`: `auth.requireSSL=true` 
only prevents advertising AUTH before STARTTLS. Even when AUTH is not 
advertised, clients may still explicitly use `AUTH PLAIN` / `AUTH LOGIN`.
   
   So for SMTP, `auth.requireSSL` controls EHLO capability announcement, not 
command execution. For IMAP, the equivalent setting really disables clear-text 
PLAIN authentication.
   
   For example, the `SMIMECheckSignatureWithKeyStoreFileIntegrationTest` is 
failing because I am applying strictly the same IMAP behavior 
(`requireSSL=true` <=> no clear text PLAIN auth) for SMTP.
   
   I may need to let SMTP use a slightly different default factory 
configuration to preserve backward compatibility.
   
   Or do you think we can drop that legacy behavior of SMTP, and just align 
`requireSSL=true` <=> no authentication via clear text channel?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to