本文整理汇总了Java中sun.security.jgss.GSSUtil.GSS_SPNEGO_MECH_OID属性的典型用法代码示例。如果您正苦于以下问题:Java GSSUtil.GSS_SPNEGO_MECH_OID属性的具体用法?Java GSSUtil.GSS_SPNEGO_MECH_OID怎么用?Java GSSUtil.GSS_SPNEGO_MECH_OID使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类sun.security.jgss.GSSUtil的用法示例。
在下文中一共展示了GSSUtil.GSS_SPNEGO_MECH_OID属性的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: main
public static void main(String[] args) throws Exception {
Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
new OneKDC(null).writeJAASConf();
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, oid);
c.x().requestCredDeleg(true);
s.startAsServer(oid);
Context.handshake(c, s);
GSSCredential cred = s.delegated().cred();
cred.getRemainingInitLifetime(oid);
cred.getUsage(oid);
}
示例2: main
public static void main(String[] args) throws Exception {
Oid mech;
if (args[0].equals("spnego")) {
mech = GSSUtil.GSS_SPNEGO_MECH_OID;
} else if (args[0].contains("krb5")) {
mech = GSSUtil.GSS_KRB5_MECH_OID;
} else {
throw new Exception("Unknown mech");
}
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
new String[]{OneKDC.USER + "@" + OneKDC.REALM}));
Map<String,List<String>> map = new HashMap<>();
map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
Context c, s;
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
c = Context.fromThinAir();
s = Context.fromThinAir();
c = c.impersonate(OneKDC.USER2);
c.startAsClient(OneKDC.SERVER, mech);
s.startAsServer(mech);
Context.handshake(c, s);
String n1 = c.x().getSrcName().toString().split("@")[0];
String n2 = s.x().getSrcName().toString().split("@")[0];
if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) {
throw new Exception("Impersonate failed");
}
s.dispose();
c.dispose();
}
示例3: main
public static void main(String[] args) throws Exception {
Oid mech;
if (args[0].equals("spnego")) {
mech = GSSUtil.GSS_SPNEGO_MECH_OID;
} else if (args[0].contains("krb5")) {
mech = GSSUtil.GSS_KRB5_MECH_OID;
} else {
throw new Exception("Unknown mech");
}
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
Map<String,List<String>> map = new HashMap<>();
map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
Context s, b;
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
File f = new File(OneKDC.JAAS_CONF);
FileOutputStream fos = new FileOutputStream(f);
fos.write((
"com.sun.security.jgss.krb5.accept {\n" +
" com.sun.security.auth.module.Krb5LoginModule required\n" +
" principal=\"" + OneKDC.SERVER + "\"\n" +
" useKeyTab=true\n" +
" storeKey=true;\n};\n"
).getBytes());
fos.close();
Security.setProperty("auth.login.defaultCallbackHandler", "OneKDC$CallbackForClient");
s = Context.fromThinAir();
b = Context.fromThinAir();
s.startAsServer(mech);
Context p = s.impersonate(OneKDC.USER);
p.startAsClient(OneKDC.SERVER, mech);
b.startAsServer(mech);
Context.handshake(p, b);
String n1 = p.x().getSrcName().toString().split("@")[0];
String n2 = b.x().getSrcName().toString().split("@")[0];
if (!n1.equals(OneKDC.USER) || !n2.equals(OneKDC.USER)) {
throw new Exception("Delegation failed");
}
}
示例4: main
public static void main(String[] args) throws Exception {
Oid mech;
if (args[0].equals("spnego")) {
mech = GSSUtil.GSS_SPNEGO_MECH_OID;
} else if (args[0].contains("krb5")) {
mech = GSSUtil.GSS_KRB5_MECH_OID;
} else {
throw new Exception("Unknown mech");
}
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
Map<String,List<String>> map = new HashMap<>();
map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
Context s, b;
s = Context.fromJAAS("server");
b = Context.fromJAAS("backend");
s.startAsServer(null, mech, false);
Context p = s.impersonate(OneKDC.USER);
p.startAsClient(OneKDC.BACKEND, mech);
b.startAsServer(mech);
Context.handshake(p, b);
p.startAsClient(OneKDC.BACKEND, mech);
b.startAsServer(mech);
Context.handshake(p, b);
}
示例5: getMechanism
public Oid getMechanism() {
return GSSUtil.GSS_SPNEGO_MECH_OID;
}
示例6: init
/**
* Initialize the object, which includes:<ul>
* <li>Find out what GSS mechanism to use from the system property
* <code>http.negotiate.mechanism.oid</code>, defaults SPNEGO
* <li>Creating the GSSName for the target host, "HTTP/"+hostname
* <li>Creating GSSContext
* <li>A first call to initSecContext</ul>
*/
private void init(HttpCallerInfo hci) throws GSSException {
final Oid oid;
if (hci.scheme.equalsIgnoreCase("Kerberos")) {
// we can only use Kerberos mech when the scheme is kerberos
oid = GSSUtil.GSS_KRB5_MECH_OID;
} else {
String pref = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
return System.getProperty(
"http.auth.preference",
"spnego");
}
});
if (pref.equalsIgnoreCase("kerberos")) {
oid = GSSUtil.GSS_KRB5_MECH_OID;
} else {
// currently there is no 3rd mech we can use
oid = GSSUtil.GSS_SPNEGO_MECH_OID;
}
}
GSSManagerImpl manager = new GSSManagerImpl(
new HttpCaller(hci));
// RFC 4559 4.1 uses uppercase service name "HTTP".
// RFC 4120 6.2.1 demands the host be lowercase
String peerName = "[email protected]" + hci.host.toLowerCase();
GSSName serverName = manager.createName(peerName,
GSSName.NT_HOSTBASED_SERVICE);
context = manager.createContext(serverName,
oid,
null,
GSSContext.DEFAULT_LIFETIME);
// Always respect delegation policy in HTTP/SPNEGO.
if (context instanceof ExtendedGSSContext) {
((ExtendedGSSContext)context).requestDelegPolicy(true);
}
oneToken = context.initSecContext(new byte[0], 0, 0);
}
示例7: main
public static void main(String[] args) throws Exception {
Oid mech;
if (args[0].equals("spnego")) {
mech = GSSUtil.GSS_SPNEGO_MECH_OID;
} else if (args[0].contains("krb5")) {
mech = GSSUtil.GSS_KRB5_MECH_OID;
} else {
throw new Exception("Unknown mech");
}
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
Map<String,List<String>> map = new HashMap<>();
map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
Context c, s, b;
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
File f = new File(OneKDC.JAAS_CONF);
FileOutputStream fos = new FileOutputStream(f);
fos.write((
"com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule required;\n};\n" +
"com.sun.security.jgss.krb5.accept {\n" +
" com.sun.security.auth.module.Krb5LoginModule required\n" +
" principal=\"" + OneKDC.SERVER + "\"\n" +
" useKeyTab=true\n" +
" storeKey=true;\n};\n"
).getBytes());
fos.close();
Security.setProperty("auth.login.defaultCallbackHandler", "OneKDC$CallbackForClient");
c = Context.fromThinAir();
s = Context.fromThinAir();
b = Context.fromThinAir();
c.startAsClient(OneKDC.SERVER, mech);
c.x().requestCredDeleg(false);
s.startAsServer(mech);
Context.handshake(c, s);
Context p = s.delegated();
p.startAsClient(OneKDC.SERVER, mech);
b.startAsServer(mech);
Context.handshake(p, b);
String n1 = p.x().getSrcName().toString().split("@")[0];
String n2 = b.x().getSrcName().toString().split("@")[0];
if (!n1.equals(OneKDC.USER) || !n2.equals(OneKDC.USER)) {
throw new Exception("Delegation failed");
}
}
示例8: main
public static void main(String[] args) throws Exception {
Oid mech;
if (args[0].equals("spnego")) {
mech = GSSUtil.GSS_SPNEGO_MECH_OID;
} else if (args[0].contains("krb5")) {
mech = GSSUtil.GSS_KRB5_MECH_OID;
} else {
throw new Exception("Unknown mech");
}
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
Map<String,List<String>> map = new HashMap<>();
map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
Context c, s, b;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
b = Context.fromJAAS("backend");
c.startAsClient(OneKDC.SERVER, mech);
s.startAsServer(null, mech, false);
Context.handshake(c, s);
Context p = s.delegated();
p.startAsClient(OneKDC.BACKEND, mech);
// 8044215: requestCredDeleg is useless and harmless
p.x().requestCredDeleg(true);
b.startAsServer(mech);
Context.handshake(p, b);
p.startAsClient(OneKDC.BACKEND, mech);
b.startAsServer(mech);
Context.handshake(p, b);
}
示例9: go
void go(
boolean forwardable,
boolean requestDelegState,
boolean requestDelegPolicyState,
boolean delegState,
boolean delegPolicyState,
boolean delegated
) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.setOption(KDC.Option.OK_AS_DELEGATE,
System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc.writeJAASConf();
if (!forwardable) {
// The default OneKDC always includes "forwardable = true"
// in krb5.conf, override it.
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"default_keytab_name = " + OneKDC.KTAB);
Config.refresh();
}
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
if (System.getProperty("test.spnego") != null) {
mech = GSSUtil.GSS_SPNEGO_MECH_OID;
}
c.startAsClient(OneKDC.SERVER, mech);
ExtendedGSSContext cx = (ExtendedGSSContext)c.x();
cx.requestCredDeleg(requestDelegState);
cx.requestDelegPolicy(requestDelegPolicyState);
s.startAsServer(mech);
ExtendedGSSContext sx = (ExtendedGSSContext)s.x();
Context.handshake(c, s);
if (cx.getCredDelegState() != delegState) {
throw new Exception("Initiator cred state error");
}
if (sx.getCredDelegState() != delegState) {
throw new Exception("Acceptor cred state error");
}
if (cx.getDelegPolicyState() != delegPolicyState) {
throw new Exception("Initiator cred policy state error");
}
GSSCredential cred = null;
try {
cred = s.x().getDelegCred();
} catch (GSSException e) {
// leave cred as null
}
if (delegated != (cred != null)) {
throw new Exception("get cred error");
}
}
示例10: init
/**
* Initialize the object, which includes:<ul>
* <li>Find out what GSS mechanism to use from the system property
* <code>http.negotiate.mechanism.oid</code>, defaults SPNEGO
* <li>Creating the GSSName for the target host, "HTTP/"+hostname
* <li>Creating GSSContext
* <li>A first call to initSecContext</ul>
*/
private void init(HttpCallerInfo hci) throws GSSException {
final Oid oid;
if (hci.scheme.equalsIgnoreCase("Kerberos")) {
// we can only use Kerberos mech when the scheme is kerberos
oid = GSSUtil.GSS_KRB5_MECH_OID;
} else {
String pref = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
return System.getProperty(
"http.auth.preference",
"spnego");
}
});
if (pref.equalsIgnoreCase("kerberos")) {
oid = GSSUtil.GSS_KRB5_MECH_OID;
} else {
// currently there is no 3rd mech we can use
oid = GSSUtil.GSS_SPNEGO_MECH_OID;
}
}
GSSManagerImpl manager = new GSSManagerImpl(
new HttpCaller(hci));
// RFC 4559 4.1 uses uppercase service name "HTTP".
// RFC 4120 6.2.1 demands the host be lowercase
String peerName = "[email protected]" + hci.host.toLowerCase();
GSSName serverName = manager.createName(peerName,
GSSName.NT_HOSTBASED_SERVICE);
context = manager.createContext(serverName,
oid,
null,
GSSContext.DEFAULT_LIFETIME);
// Always respect delegation policy in HTTP/SPNEGO.
if (context instanceof GSSContextImpl) {
((GSSContextImpl)context).requestDelegPolicy(true);
}
oneToken = context.initSecContext(new byte[0], 0, 0);
}
示例11: go
void go(
boolean forwardable,
boolean requestDelegState,
boolean requestDelegPolicyState,
boolean delegState,
boolean delegPolicyState,
boolean delegated
) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.setOption(KDC.Option.OK_AS_DELEGATE,
System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc.writeJAASConf();
if (!forwardable) {
// The default OneKDC always includes "forwardable = true"
// in krb5.conf, override it.
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"default_keytab_name = " + OneKDC.KTAB);
Config.refresh();
}
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
if (System.getProperty("test.spnego") != null) {
mech = GSSUtil.GSS_SPNEGO_MECH_OID;
}
c.startAsClient(OneKDC.SERVER, mech);
ExtendedGSSContext cx = (ExtendedGSSContext)c.x();
cx.requestCredDeleg(requestDelegState);
cx.requestDelegPolicy(requestDelegPolicyState);
s.startAsServer(mech);
GSSContext sx = s.x();
Context.handshake(c, s);
if (cx.getCredDelegState() != delegState) {
throw new Exception("Initiator cred state error");
}
if (sx.getCredDelegState() != delegState) {
throw new Exception("Acceptor cred state error");
}
if (cx.getDelegPolicyState() != delegPolicyState) {
throw new Exception("Initiator cred policy state error");
}
GSSCredential cred = null;
try {
cred = s.x().getDelegCred();
} catch (GSSException e) {
// leave cred as null
}
if (delegated != (cred != null)) {
throw new Exception("get cred error");
}
}