本文整理汇总了Java中org.ietf.jgss.GSSContext类的典型用法代码示例。如果您正苦于以下问题:Java GSSContext类的具体用法?Java GSSContext怎么用?Java GSSContext使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
GSSContext类属于org.ietf.jgss包,在下文中一共展示了GSSContext类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: main
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
示例2: startAsClient
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsClient(final String target, final Oid mech) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = (ExtendedGSSContext)m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
cred,
GSSContext.DEFAULT_LIFETIME);
return null;
}
}, null);
}
示例3: validateServiceTicket
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
public static String validateServiceTicket(Subject subject, final byte[] serviceTicket)
throws GSSException, IllegalAccessException, NoSuchFieldException, ClassNotFoundException,
PrivilegedActionException {
// Kerberos version 5 OID
Oid krb5Oid = KerberosUtils.getOidInstance("GSS_KRB5_MECH_OID");
// Accept the context and return the client principal name.
return Subject.doAs(subject, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws Exception {
String clientName = null;
// Identify the server that communications are being made to.
GSSManager manager = GSSManager.getInstance();
GSSContext context = manager.createContext((GSSCredential) null);
context.acceptSecContext(serviceTicket, 0, serviceTicket.length);
clientName = context.getSrcName().toString();
return clientName;
}
});
}
示例4: xRealmAuth
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
示例5: main
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
示例6: executeAction
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* Sets up a <tt>GSSContext</tt> for communicating with the GSS-API protected ACI server and then sends the
* action. The <tt>serverDetails</tt> are copied and a <tt>GssEncryptionCodec</tt> set on the copy that has the
* <tt>GSSContext</tt> in it. Any excising <tt>EncryptionCodec</tt> will be removed as only the
* <tt>GssEncryptionCodec</tt> can be used when communicating with Kerberos protected ACI servers.
* @param serverDetails A <tt>GssAciServerDetails</tt> containing the service name and connection details.
* @param parameters The parameters to send with the ACI action.
* @return A <tt>AciResponseInputStream</tt> containing the ACI response.
* @throws java.io.IOException If an I/O (transport) error occurs. Some transport exceptions can be recovered from.
* @throws com.autonomy.aci.client.transport.AciHttpException If a protocol exception occurs. Usually protocol
* exceptions cannot be recovered from.
* @throws java.lang.IllegalArgumentException if <tt>serverDetails</tt> isn't an instance of
* <tt>GssAciServerDetails</tt> or there is no <tt>serviceName</tt> set in those details.
*/
@Override
public AciResponseInputStream executeAction(final AciServerDetails serverDetails, final Set<? extends ActionParameter<?>> parameters) throws IOException, AciHttpException {
LOGGER.trace("executeAction() called...");
// Validate that the server details are of the right type...
Validate.isTrue((serverDetails instanceof GssAciServerDetails), "The serverDetails must be an instance of GssAciServerDetails.");
Validate.isTrue(StringUtils.isNotBlank(((GssAciServerDetails) serverDetails).getServiceName()), "No serviceName set in serverDetails.");
// Create the GSSContext...
final GSSContext gssContext = getGSSContext((GssAciServerDetails) serverDetails);
LOGGER.debug("Copying ACI server details and adding a GssEncryptionCodec...");
// Copy the server details and add the GSSEncryptionCodec... We don't need the serviceName at this point...
final AciServerDetails copyServerDetails = new AciServerDetails(serverDetails);
copyServerDetails.setEncryptionCodec(new GssEncryptionCodec(gssContext));
LOGGER.debug("Letting the superclass execute the action...");
// Execute the action...
return super.executeAction(copyServerDetails, parameters);
}
示例7: closeSession
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* Closes the session. If any {@link GSSContext} is present in the session
* then it is closed.
*
* @param message the error message
*/
@Override
protected void closeSession(String message) {
GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
if (ctx != null) {
try {
ctx.dispose();
} catch (GSSException e) {
e.printStackTrace();
super.closeSession(message, e);
return;
}
}
super.closeSession(message);
}
示例8: authenticate
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* {@inheritDoc}
*/
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
if (gssContext.isEstablished()) {
String username = null;
GSSName name = null;
try {
name = gssContext.getSrcName();
} catch (GSSException e) {
log.warn(sm.getString("realmBase.gssNameFail"), e);
return null;
}
username = name.toString();
Principal authenticatedUser = super.authenticate(gssContext, storeCreds);
return filterLockedAccounts(username, authenticatedUser);
}
// Fail in all other cases
return null;
}
示例9: generateGSSToken
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
protected byte[] generateGSSToken(
final byte[] input,
final Oid oid ) throws GSSException {
byte[] token = input;
if (token == null) {
token = new byte[0];
}
GSSManager manager = getManager();
GSSName serverName = manager.createName(servicePrincipalName, servicePrincipalOid);
GSSContext gssContext = manager.createContext(serverName.canonicalize(oid),
oid,
null,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
// Get client to login if not already done
return gssClient.negotiate(gssContext, token);
}
示例10: negotiate
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* Called when SPNEGO client-service authentication is taking place.
*
* @param context
* @param negotiationToken
* @return
* @throws GSSException
*/
public byte[] negotiate( GSSContext context, byte[] negotiationToken ) throws GSSException {
if (subject == null) {
loginViaJAAS(); // throw GSSException if fail to login
}
// If we do not have the service ticket it will be retrieved
// from the TGS on a call to initSecContext().
NegotiateContextAction negotiationAction = new NegotiateContextAction(context, negotiationToken);
// Run the negotiation as the initiator
// The service ticket will then be cached in the Subject's
// private credentials, as the subject.
negotiationToken = (byte[]) Subject.doAs(subject, negotiationAction);
if (negotiationAction.getGSSException() != null) {
throw negotiationAction.getGSSException();
}
return negotiationToken;
}
示例11: startAsClient
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsClient(final String target, final Oid mech) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
cred,
GSSContext.DEFAULT_LIFETIME);
return null;
}
}, null);
}
示例12: authenticate
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* {@inheritDoc}
*/
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
if (gssContext.isEstablished()) {
String username = null;
GSSName name = null;
try {
name = gssContext.getSrcName();
} catch (GSSException e) {
log.warn(sm.getString("realmBase.gssNameFail"), e);
return null;
}
username = name.toString();
Principal authenticatedUser = super.authenticate(gssContext, storeCreds);
return filterLockedAccounts(username, authenticatedUser);
}
// Fail in all other cases
return null;
}
示例13: processToken
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* Process Kerberos token and get user name.
*
* @param gssToken GSS token
* @return username Username of the logged in user if GSSToken can be decrypted correctly else return null
* @throws GSSException
*/
public static String processToken(byte[] gssToken, GSSCredential gssCredentials) throws GSSException {
GSSContext context = gssManager.createContext(gssCredentials);
// Decrypt the kerberos ticket (GSS token)
context.acceptSecContext(gssToken, 0, gssToken.length);
// If we cannot decrypt the GSS Token properly we return the username as null.
if (!context.isEstablished()) {
log.error("Unable to decrypt the kerberos ticket as context was not established.");
return null;
}
String loggedInUserName = context.getSrcName().toString();
String target = context.getTargName().toString();
if (log.isDebugEnabled()) {
String msg = "Extracted details from GSS Token, LoggedIn User : " + loggedInUserName
+ " , Intended target : " + target;
log.debug(msg);
}
return loggedInUserName;
}
示例14: getGSSContext
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* Returns a GSSContextt for the given url with a default lifetime.
*
* @param url http address
* @return GSSContext for the given url
* @throws GSSException
* @throws PrivilegedActionException
*/
private GSSContext getGSSContext(final URL url) throws GSSException
, PrivilegedActionException {
if (null == this.credential) {
if (null == this.loginContext) {
throw new IllegalStateException(
"GSSCredential AND LoginContext NOT initialized");
} else {
this.credential = SpnegoProvider.getClientCredential(
this.loginContext.getSubject());
}
}
return SpnegoProvider.getGSSContext(this.credential, url);
}
示例15: generateGSSToken
import org.ietf.jgss.GSSContext; //导入依赖的package包/类
/**
* @since 4.4
*/
protected byte[] generateGSSToken(
final byte[] input, final Oid oid, final String authServer,
final Credentials credentials) throws GSSException {
byte[] inputBuff = input;
if (inputBuff == null) {
inputBuff = new byte[0];
}
final GSSManager manager = getManager();
final GSSName serverName = manager.createName(service + "@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
final GSSCredential gssCredential;
if (credentials instanceof KerberosCredentials) {
gssCredential = ((KerberosCredentials) credentials).getGSSCredential();
} else {
gssCredential = null;
}
final GSSContext gssContext = manager.createContext(
serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
}