Add API for SASL mechanism to check if they should be used for the concrete connection (e.g. disallow PLAIN over insecured connections per default)
which, for example, would return 'false' for PLAIN if the connection is not secured. But make that behavior configurable (via static SASL mechanism interface or via ConnectionConfiguration?).
Also add an explaination if authentication fails to the SmackSaslException that some mechanisms where not applicable for the connection at a given time. This probably means that isApplicableFor may returns a String explaining the reason why the mechanism is not applicable.