'getAuthorizationID()\' method from
'SaslServer' class should return bare JID authorized user. In case that the method returns only user name such as romeo for example, the server automatically appends domain name to generate a valid BareJID: email@example.com. In case the method returns a full, valid BareJID, the server does not change anything.
'handleLogin()\' method from
'SessionManagerHandler' will be called with user’s Bare JID provided by
getAuthorizationID() (or created later using stream domain name).
For each session authorization, the server creates a new and separate, empty handler. Factory which creates handler instance allows to inject different objects to the handler, depending on interfaces implemented by the handler class:
DomainAware- injects domain name within which the user attempts to authenticate
NonAuthUserRepository, although I have no idea what for…
JabberIqAuth used for non-SASL authentication mechanisms uses the same callback as the SASL mechanisms.
'Repository' interfaces will be deprecated. These interfaces will be treated as user details providers only. There will be new methods available which will allow for additional login operations on the database such as last successful login recording and so on…
JabberIqAuth is initialized separatelly, we strongly recommend to use more general prefix in
JabberIqAuth is disabled, then you don’t care about it.