This is an automated email from the ASF dual-hosted git repository. chibenwa pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 25c19629fec22c397dcff008ddf90fedf03f3fb4 Author: Quan Tran <[email protected]> AuthorDate: Tue Jun 30 09:40:17 2026 +0700 JAMES-4210 Wire LOGIN into SMTP SASL defaults Register LOGIN as an SMTP default SASL mechanism before PLAIN in both Guice and non-Guice SMTP server creation paths, while preserving SMTP's legacy explicit PLAIN/LOGIN behavior when auth.requireSSL controls announcement. --- .../james/modules/protocols/SMTPServerModule.java | 6 ++++-- .../james/smtpserver/netty/SMTPServerFactory.java | 23 ++++++++++++---------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/server/container/guice/protocols/smtp/src/main/java/org/apache/james/modules/protocols/SMTPServerModule.java b/server/container/guice/protocols/smtp/src/main/java/org/apache/james/modules/protocols/SMTPServerModule.java index 242ba93e33..b6a1255992 100644 --- a/server/container/guice/protocols/smtp/src/main/java/org/apache/james/modules/protocols/SMTPServerModule.java +++ b/server/container/guice/protocols/smtp/src/main/java/org/apache/james/modules/protocols/SMTPServerModule.java @@ -44,6 +44,7 @@ import org.apache.james.protocols.sasl.JamesSaslAuthenticator; import org.apache.james.protocols.sasl.OauthBearerSaslMechanismFactory; import org.apache.james.protocols.sasl.PlainSaslMechanismFactory; import org.apache.james.protocols.sasl.XOauth2SaslMechanismFactory; +import org.apache.james.protocols.smtp.core.esmtp.LoginSaslMechanismFactory; import org.apache.james.server.core.configuration.ConfigurationProvider; import org.apache.james.smtpserver.SendMailHandler; import org.apache.james.smtpserver.netty.SMTPServer.AuthAnnouncementConfiguration; @@ -97,8 +98,9 @@ public class SMTPServerModule extends AbstractModule { XOauth2SaslMechanismFactory xoauth2) { // SMTP historically used auth.requireSSL for capability announcement only: PLAIN/LOGIN remain accepted // when sent explicitly by clients, even over clear-text test/configuration ports. - return ImmutableList.of(new PlainSaslMechanismFactory(AuthAnnouncementConfiguration.REQUIRE_SSL_DEFAULT, - PlainSaslMechanismFactory.IGNORE_REQUIRE_SSL_CONFIGURATION), oauthBearer, xoauth2); + PlainSaslMechanismFactory plain = new PlainSaslMechanismFactory(AuthAnnouncementConfiguration.REQUIRE_SSL_DEFAULT, + PlainSaslMechanismFactory.IGNORE_REQUIRE_SSL_CONFIGURATION); + return ImmutableList.of(new LoginSaslMechanismFactory(plain), plain, oauthBearer, xoauth2); } @Provides diff --git a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServerFactory.java b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServerFactory.java index 863da425b8..99d3fa564c 100644 --- a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServerFactory.java +++ b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServerFactory.java @@ -45,9 +45,10 @@ import org.apache.james.protocols.lib.netty.AbstractConfigurableAsyncServer; import org.apache.james.protocols.lib.netty.AbstractServerFactory; import org.apache.james.protocols.netty.Encryption; import org.apache.james.protocols.sasl.BuiltInSaslMechanismFactories; -import org.apache.james.protocols.sasl.OauthBearerSaslMechanismFactory; -import org.apache.james.protocols.sasl.PlainSaslMechanismFactory; -import org.apache.james.protocols.sasl.XOauth2SaslMechanismFactory; +import org.apache.james.protocols.sasl.OauthBearerSaslMechanismFactory; +import org.apache.james.protocols.sasl.PlainSaslMechanismFactory; +import org.apache.james.protocols.sasl.XOauth2SaslMechanismFactory; +import org.apache.james.protocols.smtp.core.esmtp.LoginSaslMechanismFactory; import org.apache.james.smtpserver.netty.SMTPServer.AuthAnnouncementConfiguration; import com.github.fge.lambdas.Throwing; @@ -57,11 +58,13 @@ public class SMTPServerFactory extends AbstractServerFactory implements Disconne @FunctionalInterface public interface SmtpSaslMechanismLoader { static SmtpSaslMechanismLoader defaultLoader() { + PlainSaslMechanismFactory plain = new PlainSaslMechanismFactory(AuthAnnouncementConfiguration.REQUIRE_SSL_DEFAULT, + PlainSaslMechanismFactory.IGNORE_REQUIRE_SSL_CONFIGURATION); ImmutableList<SaslMechanismFactory> defaultFactories = ImmutableList.of( // SMTP historically used auth.requireSSL for capability announcement only: PLAIN/LOGIN remain accepted // when sent explicitly by clients, even over clear-text test/configuration ports. - new PlainSaslMechanismFactory(AuthAnnouncementConfiguration.REQUIRE_SSL_DEFAULT, - PlainSaslMechanismFactory.IGNORE_REQUIRE_SSL_CONFIGURATION), + new LoginSaslMechanismFactory(plain), + plain, new OauthBearerSaslMechanismFactory(), new XOauth2SaslMechanismFactory()); return configuration -> loadBuiltInMechanisms(defaultFactories, configuration); @@ -73,11 +76,11 @@ public class SMTPServerFactory extends AbstractServerFactory implements Disconne private static ImmutableList<SaslMechanism> loadBuiltInMechanisms(ImmutableList<SaslMechanismFactory> defaultFactories, HierarchicalConfiguration<ImmutableNode> configuration) throws ConfigurationException { try { - return BuiltInSaslMechanismFactories.enabledForServer(defaultFactories, configuration) - .stream() - .map(Throwing.function(factory -> factory.create(configuration))) - .collect(ImmutableList.toImmutableList()); - } catch (RuntimeException e) { + return BuiltInSaslMechanismFactories.enabledForServer(defaultFactories, configuration) + .stream() + .map(Throwing.function(factory -> factory.create(configuration))) + .collect(ImmutableList.toImmutableList()); + } catch (RuntimeException e) { if (e.getCause() instanceof ConfigurationException configurationException) { throw configurationException; } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
