本文整理汇总了Java中javax.security.auth.kerberos.KerberosPrincipal类的典型用法代码示例。如果您正苦于以下问题:Java KerberosPrincipal类的具体用法?Java KerberosPrincipal怎么用?Java KerberosPrincipal使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
KerberosPrincipal类属于javax.security.auth.kerberos包,在下文中一共展示了KerberosPrincipal类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: main
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
示例2: loginViaKerberos
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
private Subject loginViaKerberos(Builder b) {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(b.kerberosPrincipal));
Subject subject = new Subject(false, principals, new HashSet<Object>(),
new HashSet<Object>());
ServerKeytabJaasConf conf = new ServerKeytabJaasConf(b.kerberosPrincipal,
b.keytab.toString());
String confName = "NotUsed";
try {
LoginContext loginContext = new LoginContext(confName, subject, null, conf);
loginContext.login();
return loginContext.getSubject();
} catch (LoginException e) {
throw new RuntimeException(e);
}
}
示例3: getUGIFromSubject
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
/**
* Create a UserGroupInformation from a Subject with Kerberos principal.
*
* @param user The KerberosPrincipal to use in UGI
*
* @throws IOException if the kerberos login fails
*/
public static UserGroupInformation getUGIFromSubject(Subject subject)
throws IOException {
if (subject == null) {
throw new IOException("Subject must not be null");
}
if (subject.getPrincipals(KerberosPrincipal.class).isEmpty()) {
throw new IOException("Provided Subject must contain a KerberosPrincipal");
}
KerberosPrincipal principal =
subject.getPrincipals(KerberosPrincipal.class).iterator().next();
User ugiUser = new User(principal.getName(),
AuthenticationMethod.KERBEROS, null);
subject.getPrincipals().add(ugiUser);
UserGroupInformation ugi = new UserGroupInformation(subject);
ugi.setLogin(null);
ugi.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
return ugi;
}
示例4: credsToTicket
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
public static KerberosTicket credsToTicket(Credentials serviceCreds) {
EncryptionKey sessionKey = serviceCreds.getSessionKey();
return new KerberosTicket(
serviceCreds.getEncoded(),
new KerberosPrincipal(serviceCreds.getClient().getName()),
new KerberosPrincipal(serviceCreds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
sessionKey.getBytes(),
sessionKey.getEType(),
serviceCreds.getFlags(),
serviceCreds.getAuthTime(),
serviceCreds.getStartTime(),
serviceCreds.getEndTime(),
serviceCreds.getRenewTill(),
serviceCreds.getClientAddresses());
}
示例5: getEKeys
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
/**
* Gets EKeys for a principal.
* @param princ the target name initiator requests. Not null.
* @return keys for the princ, never null, might be empty
*/
public EncryptionKey[] getEKeys(PrincipalName princ) {
if (destroyed) {
throw new IllegalStateException("This object is destroyed");
}
KerberosKey[] kkeys = getKKeys(new KerberosPrincipal(princ.getName()));
if (kkeys.length == 0) {
// Fallback: old JDK does not perform real name checking. If the
// acceptor has host.sun.com but initiator requests for host,
// as long as their keys match (i.e. keys for one can decrypt
// the other's service ticket), the authentication is OK.
// There are real customers depending on this to use different
// names for a single service.
kkeys = getKKeys();
}
EncryptionKey[] ekeys = new EncryptionKey[kkeys.length];
for (int i=0; i<ekeys.length; i++) {
ekeys[i] = new EncryptionKey(
kkeys[i].getEncoded(), kkeys[i].getKeyType(),
new Integer(kkeys[i].getVersionNumber()));
}
return ekeys;
}
示例6: doAs
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
private <T> T doAs(String user, final PrivilegedExceptionAction<T> action)
throws Exception {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(user));
//client login
Subject subject = new Subject(false, principals,
new HashSet<Object>(), new HashSet<Object>());
LoginContext loginContext = new LoginContext("", subject, null,
KerberosConfiguration.createClientConfig(user, keytab));
try {
loginContext.login();
subject = loginContext.getSubject();
UserGroupInformation ugi =
UserGroupInformation.getUGIFromSubject(subject);
return ugi.doAs(action);
} finally {
loginContext.logout();
}
}
示例7: main
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
X500Principal duke = new X500Principal("CN=Duke");
// should not throw NullPointerException
testImplies(duke, (Subject)null, false);
Set<Principal> principals = new HashSet<>();
principals.add(duke);
testImplies(duke, principals, true);
X500Principal tux = new X500Principal("CN=Tux");
principals.add(tux);
testImplies(duke, principals, true);
principals.add(new KerberosPrincipal("[email protected]"));
testImplies(duke, principals, true);
principals.clear();
principals.add(tux);
testImplies(duke, principals, false);
System.out.println("test passed");
}
示例8: main
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
byte[] data = new byte[aes.length()/2];
KerberosPrincipal kp = new KerberosPrincipal("[email protected]");
// aes128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
aes.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("aes"), data);
if(KeyTab.getInstance(kp, new File("aes")).getKeys(kp).length == 0) {
throw new Exception("AES key not read");
}
// camellia128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
camellia.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("camellia"), data);
if(KeyTab.getInstance(kp, new File("camellia")).getKeys(kp).length != 0) {
throw new Exception("Unknown key read");
}
}
示例9: main
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
byte[] asn1Bytes = "asn1".getBytes();
KerberosPrincipal client = new KerberosPrincipal("client");
KerberosPrincipal server = new KerberosPrincipal("server");
byte[] keyBytes = "sessionKey".getBytes();
long originalTime = 12345678L;
Date inDate = new Date(originalTime);
boolean[] flags = new boolean[9];
flags[8] = true; // renewable
KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
inDate /*startTime*/, inDate /*endTime*/,
inDate /*renewTill*/, null /*clientAddresses*/);
inDate.setTime(0); // for testing the constructor
testDateImmutability(t, originalTime);
testS11nCompatibility(t); // S11n: Serialization
testDestroy(t);
}
示例10: getEKeys
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
/**
* Gets EKeys for a principal.
* @param princ the target name initiator requests. Not null.
* @return keys for the princ, never null, might be empty
*/
public EncryptionKey[] getEKeys(PrincipalName princ) {
if (destroyed) {
throw new IllegalStateException("This object is destroyed");
}
KerberosKey[] kkeys = getKKeys(new KerberosPrincipal(princ.getName()));
if (kkeys.length == 0) {
// Fallback: old JDK does not perform real name checking. If the
// acceptor has host.sun.com but initiator requests for host,
// as long as their keys match (i.e. keys for one can decrypt
// the other's service ticket), the authentication is OK.
// There are real customers depending on this to use different
// names for a single service.
kkeys = getKKeys();
}
EncryptionKey[] ekeys = new EncryptionKey[kkeys.length];
for (int i=0; i<ekeys.length; i++) {
ekeys[i] = new EncryptionKey(
kkeys[i].getEncoded(), kkeys[i].getKeyType(),
kkeys[i].getVersionNumber());
}
return ekeys;
}
示例11: main
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
byte[] asn1Bytes = "asn1".getBytes();
KerberosPrincipal client = new KerberosPrincipal("[email protected]");
KerberosPrincipal server = new KerberosPrincipal("[email protected]");
byte[] keyBytes = "sessionKey".getBytes();
long originalTime = 12345678L;
Date inDate = new Date(originalTime);
boolean[] flags = new boolean[9];
flags[8] = true; // renewable
KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
inDate /*startTime*/, inDate /*endTime*/,
inDate /*renewTill*/, null /*clientAddresses*/);
inDate.setTime(0); // for testing the constructor
testDateImmutability(t, originalTime);
testS11nCompatibility(t); // S11n: Serialization
testDestroy(t);
}
示例12: performKerberosLogin
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
/**
* Performs a Kerberos login given the {@code principal} and {@code keytab}.
*
* @return The {@code Subject} and {@code LoginContext} from the successful login.
* @throws RuntimeException if the login failed
*/
Entry<LoginContext, Subject> performKerberosLogin() {
// Loosely based on Apache Kerby's JaasKrbUtil class
// Synchronized by the caller
// Create a KerberosPrincipal given the principal.
final Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
final Subject subject = new Subject(false, principals, new HashSet<Object>(),
new HashSet<Object>());
try {
return login(null, jaasConf, subject);
} catch (Exception e) {
throw new RuntimeException("Failed to perform Kerberos login");
}
}
示例13: afterPropertiesSet
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
@Override
public void afterPropertiesSet() throws Exception {
Assert.notNull(this.servicePrincipal, "servicePrincipal must be specified");
Assert.notNull(this.keyTabLocation, "keyTab must be specified");
if (keyTabLocation instanceof ClassPathResource) {
LOG.warn("Your keytab is in the classpath. This file needs special protection and shouldn't be in the classpath. JAAS may also not be able to load this file from classpath.");
}
String keyTabLocationAsString = this.keyTabLocation.getURL().toExternalForm();
// We need to remove the file prefix (if there is one), as it is not supported in Java 7 anymore.
// As Java 6 accepts it with and without the prefix, we don't need to check for Java 7
if (keyTabLocationAsString.startsWith("file:"))
{
keyTabLocationAsString = keyTabLocationAsString.substring(5);
}
LoginConfig loginConfig = new LoginConfig(keyTabLocationAsString, this.servicePrincipal,
this.debug);
Set<Principal> princ = new HashSet<Principal>(1);
princ.add(new KerberosPrincipal(this.servicePrincipal));
Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>());
LoginContext lc = new LoginContext("", sub, null, loginConfig);
lc.login();
this.serviceSubject = lc.getSubject();
}
示例14: doAsKerberosUser
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
public static <T> T doAsKerberosUser(String principal, String keytab,
final Callable<T> callable) throws Exception {
LoginContext loginContext = null;
try {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals, new HashSet<Object>(),
new HashSet<Object>());
loginContext = new LoginContext("", subject, null,
new KerberosConfiguration(principal, keytab));
loginContext.login();
subject = loginContext.getSubject();
return Subject.doAs(subject, new PrivilegedExceptionAction<T>() {
@Override
public T run() throws Exception {
return callable.call();
}
});
} catch (PrivilegedActionException ex) {
throw ex.getException();
} finally {
if (loginContext != null) {
loginContext.logout();
}
}
}
示例15: doAs
import javax.security.auth.kerberos.KerberosPrincipal; //导入依赖的package包/类
public static <T> T doAs(String principal, final Callable<T> callable) throws Exception {
LoginContext loginContext = null;
try {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(KerberosTestUtils.getClientPrincipal()));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
loginContext = new LoginContext("", subject, null, new KerberosConfiguration(principal));
loginContext.login();
subject = loginContext.getSubject();
return Subject.doAs(subject, new PrivilegedExceptionAction<T>() {
@Override
public T run() throws Exception {
return callable.call();
}
});
} catch (PrivilegedActionException ex) {
throw ex.getException();
} finally {
if (loginContext != null) {
loginContext.logout();
}
}
}