本文整理汇总了Java中org.ietf.jgss.GSSCredential类的典型用法代码示例。如果您正苦于以下问题:Java GSSCredential类的具体用法?Java GSSCredential怎么用?Java GSSCredential使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
GSSCredential类属于org.ietf.jgss包,在下文中一共展示了GSSCredential类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: main
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
示例2: validateServiceTicket
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
public static String validateServiceTicket(Subject subject, final byte[] serviceTicket)
throws GSSException, IllegalAccessException, NoSuchFieldException, ClassNotFoundException,
PrivilegedActionException {
// Kerberos version 5 OID
Oid krb5Oid = KerberosUtils.getOidInstance("GSS_KRB5_MECH_OID");
// Accept the context and return the client principal name.
return Subject.doAs(subject, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws Exception {
String clientName = null;
// Identify the server that communications are being made to.
GSSManager manager = GSSManager.getInstance();
GSSContext context = manager.createContext((GSSCredential) null);
context.acceptSecContext(serviceTicket, 0, serviceTicket.length);
clientName = context.getSrcName().toString();
return clientName;
}
});
}
示例3: main
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
示例4: startAsServer
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
/**
* Starts as a server with the specified service name
* @param name the service name
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.cred = m.createCredential(
name == null ? null :
(name.indexOf('@') < 0 ?
m.createName(name, null) :
m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
GSSCredential.INDEFINITE_LIFETIME,
mech,
asInitiator?
GSSCredential.INITIATE_AND_ACCEPT:
GSSCredential.ACCEPT_ONLY);
me.x = (ExtendedGSSContext)m.createContext(me.cred);
return null;
}
}, null);
}
示例5: GenericPrincipal
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
/**
* Construct a new Principal, associated with the specified Realm, for the
* specified username and password, with the specified role names
* (as Strings).
*
* @param name The username of the user represented by this Principal
* @param password Credentials used to authenticate this user
* @param roles List of roles (must be Strings) possessed by this user
* @param userPrincipal - the principal to be returned from the request
* getUserPrincipal call if not null; if null, this will be returned
* @param loginContext - If provided, this will be used to log out the user
* at the appropriate time
* @param gssCredential - If provided, the user's delegated credentials
*/
public GenericPrincipal(String name, String password, List<String> roles,
Principal userPrincipal, LoginContext loginContext,
GSSCredential gssCredential) {
super();
this.name = name;
this.password = password;
this.userPrincipal = userPrincipal;
if (roles != null) {
this.roles = new String[roles.size()];
this.roles = roles.toArray(this.roles);
if (this.roles.length > 1)
Arrays.sort(this.roles);
}
this.loginContext = loginContext;
this.gssCredential = gssCredential;
}
示例6: main
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
new OneKDC(null).writeJAASConf();
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, oid);
c.x().requestCredDeleg(true);
s.startAsServer(oid);
Context.handshake(c, s);
GSSCredential cred = s.delegated().cred();
cred.getRemainingInitLifetime(oid);
cred.getUsage(oid);
}
示例7: main
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
GSSManager gm = GSSManager.getInstance();
GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
int time = cred.getRemainingLifetime();
int time2 = cred.getRemainingInitLifetime(null);
// The test KDC issues a TGT with a default lifetime of 11 hours
int elevenhrs = 11*3600;
if (time > elevenhrs+60 || time < elevenhrs-60) {
throw new Exception("getRemainingLifetime returns wrong value.");
}
if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
throw new Exception("getRemainingInitLifetime returns wrong value.");
}
}
示例8: main
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
GSSManager gm = GSSManager.getInstance();
GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
int time = cred.getRemainingLifetime();
int time2 = cred.getRemainingInitLifetime(null);
// The test KDC issues a TGT with a default lifetime of 11 hours
int elevenhrs = KDC.DEFAULT_LIFETIME;
if (time > elevenhrs+60 || time < elevenhrs-60) {
throw new Exception("getRemainingLifetime returns wrong value.");
}
if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
throw new Exception("getRemainingInitLifetime returns wrong value.");
}
}
示例9: startAsServer
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
/**
* Starts as a server with the specified service name
* @param name the service name
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.cred = m.createCredential(
name == null ? null :
(name.indexOf('@') < 0 ?
m.createName(name, null) :
m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
GSSCredential.INDEFINITE_LIFETIME,
mech,
asInitiator?
GSSCredential.INITIATE_AND_ACCEPT:
GSSCredential.ACCEPT_ONLY);
me.x = m.createContext(me.cred);
return null;
}
}, null);
}
示例10: processToken
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
/**
* Process Kerberos token and get user name.
*
* @param gssToken GSS token
* @return username Username of the logged in user if GSSToken can be decrypted correctly else return null
* @throws GSSException
*/
public static String processToken(byte[] gssToken, GSSCredential gssCredentials) throws GSSException {
GSSContext context = gssManager.createContext(gssCredentials);
// Decrypt the kerberos ticket (GSS token)
context.acceptSecContext(gssToken, 0, gssToken.length);
// If we cannot decrypt the GSS Token properly we return the username as null.
if (!context.isEstablished()) {
log.error("Unable to decrypt the kerberos ticket as context was not established.");
return null;
}
String loggedInUserName = context.getSrcName().toString();
String target = context.getTargName().toString();
if (log.isDebugEnabled()) {
String msg = "Extracted details from GSS Token, LoggedIn User : " + loggedInUserName
+ " , Intended target : " + target;
log.debug(msg);
}
return loggedInUserName;
}
示例11: createCredentialsForSubject
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
/**
* Create GSSCredential as Subject
*
* @param subject login context subject
* @return GSSCredential
* @throws PrivilegedActionException
*/
private static GSSCredential createCredentialsForSubject(final Subject subject) throws PrivilegedActionException {
final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() {
public GSSCredential run() throws GSSException {
return gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_SPNEGO_MECH_OID, GSSCredential.ACCEPT_ONLY);
}
};
if (log.isDebugEnabled()) {
Set<Principal> principals = subject.getPrincipals();
String principalName = null;
if (principals != null) {
principalName = principals.toString();
}
log.debug("Creating gss credentials as principal : " + principalName);
}
return Subject.doAs(subject, action);
}
示例12: getClientCredential
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
/**
* Returns the GSS-API interface for creating a security context.
*
* @param subject the person to be authenticated
* @return GSSCredential to be used for creating a security context.
* @throws PrivilegedActionException
*/
public static GSSCredential getClientCredential(final Subject subject)
throws PrivilegedActionException {
final PrivilegedExceptionAction<GSSCredential> action =
new PrivilegedExceptionAction<GSSCredential>() {
public GSSCredential run() throws GSSException {
return MANAGER.createCredential(
null
, GSSCredential.DEFAULT_LIFETIME
, SpnegoProvider.SPNEGO_OID
, GSSCredential.INITIATE_ONLY);
}
};
return Subject.doAs(subject, action);
}
示例13: getServerCredential
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
/**
* Returns the {@link GSSCredential} the server uses for pre-authentication.
*
* @param subject account server uses for pre-authentication
* @return credential that allows server to authenticate clients
* @throws PrivilegedActionException
*/
static GSSCredential getServerCredential(final Subject subject)
throws PrivilegedActionException {
final PrivilegedExceptionAction<GSSCredential> action =
new PrivilegedExceptionAction<GSSCredential>() {
public GSSCredential run() throws GSSException {
return MANAGER.createCredential(
null
, GSSCredential.INDEFINITE_LIFETIME
, SpnegoProvider.SPNEGO_OID
, GSSCredential.ACCEPT_ONLY);
}
};
return Subject.doAs(subject, action);
}
示例14: generateGSSToken
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
/**
* @since 4.4
*/
protected byte[] generateGSSToken(
final byte[] input, final Oid oid, final String authServer,
final Credentials credentials) throws GSSException {
byte[] inputBuff = input;
if (inputBuff == null) {
inputBuff = new byte[0];
}
final GSSManager manager = getManager();
final GSSName serverName = manager.createName(service + "@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
final GSSCredential gssCredential;
if (credentials instanceof KerberosCredentials) {
gssCredential = ((KerberosCredentials) credentials).getGSSCredential();
} else {
gssCredential = null;
}
final GSSContext gssContext = manager.createContext(
serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
}
示例15: acceptSecurityContext
import org.ietf.jgss.GSSCredential; //导入依赖的package包/类
private String acceptSecurityContext( final byte[] serviceTicket)
throws GSSException {
krb5Oid = new Oid( "1.2.840.113554.1.2.2");
// Accept the context and return the client principal name.
return Subject.doAs( subject, new PrivilegedAction<String>() {
public String run() {
try {
// Identify the server that communications are being made to.
GSSManager manager = GSSManager.getInstance();
GSSContext context = manager.createContext( (GSSCredential) null);
context.acceptSecContext( serviceTicket, 0, serviceTicket.length);
return context.getSrcName().toString();
}
catch ( Exception e) {
e.printStackTrace();
return null;
}
}
});
}