本文整理汇总了Java中org.springframework.security.kerberos.authentication.KerberosServiceRequestToken类的典型用法代码示例。如果您正苦于以下问题:Java KerberosServiceRequestToken类的具体用法?Java KerberosServiceRequestToken怎么用?Java KerberosServiceRequestToken使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
KerberosServiceRequestToken类属于org.springframework.security.kerberos.authentication包,在下文中一共展示了KerberosServiceRequestToken类的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: delegateCallToRemote
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken; //导入依赖的package包/类
@RequestMapping("/")
public String delegateCallToRemote(Model model) throws PrivilegedActionException {
KerberosServiceRequestToken authentication = (KerberosServiceRequestToken)
SecurityContextHolder.getContext().getAuthentication();
CollaredKerberosTicketValidation ticketValidation = (CollaredKerberosTicketValidation)
authentication.getTicketValidation();
byte[] token = CollaredKerberosTokenFactory.createToken(ticketValidation.getDelegationCredential(),
kerberisedTargetUrl);
String tokenString = Base64.getEncoder().encodeToString(token);
RestTemplate template = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.set("KERBEROS_TOKEN", tokenString);
HttpEntity entity = new HttpEntity(headers);
long start = System.nanoTime();
HttpEntity<String> response = template.exchange(hopTargetUrl, HttpMethod.GET, entity, String.class);
long end = System.nanoTime();
model.addAttribute("output", response.getBody());
model.addAttribute("outputMillis", (end - start) / 1000000);
return "home";
}
示例2: authenticate
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken; //导入依赖的package包/类
@Override
public AuthenticationResponse authenticate(AuthenticationRequest authenticationRequest) throws InvalidCredentialsException, IdentityAccessException {
if (authenticationRequest == null) {
logger.info("Cannot authenticate null authenticationRequest, returning null.");
return null;
}
final Object credentials = authenticationRequest.getCredentials();
byte[] kerberosTicket = credentials != null && credentials instanceof byte[] ? (byte[]) authenticationRequest.getCredentials() : null;
if (credentials == null) {
logger.info("Kerberos Ticket not found in authenticationRequest credentials, returning null.");
return null;
}
if (kerberosServiceAuthenticationProvider == null) {
throw new IdentityAccessException("The Kerberos authentication provider is not initialized.");
}
try {
KerberosServiceRequestToken kerberosServiceRequestToken = new KerberosServiceRequestToken(kerberosTicket);
kerberosServiceRequestToken.setDetails(authenticationRequest.getDetails());
Authentication authentication = kerberosServiceAuthenticationProvider.authenticate(kerberosServiceRequestToken);
if (authentication == null) {
throw new InvalidCredentialsException("Kerberos credentials could not be authenticated.");
}
final String kerberosPrincipal = authentication.getName();
return new AuthenticationResponse(kerberosPrincipal, kerberosPrincipal, expiration, issuer);
} catch (AuthenticationException e) {
String authFailedMessage = "Kerberos credentials could not be authenticated.";
/* Kerberos uses encryption with up to AES-256, specifically AES256-CTS-HMAC-SHA1-96.
* That is not available in every JRE, particularly if Unlimited Strength Encryption
* policies are not installed in the Java home lib dir. The Kerberos lib does not
* differentiate between failures due to decryption and those due to bad credentials
* without walking the causes of the exception, so this check puts something
* potentially useful in the logs for those troubleshooting Kerberos authentication. */
if (!Boolean.FALSE.equals(CryptoUtils.isCryptoRestricted())) {
authFailedMessage += " This Java Runtime does not support unlimited strength encryption. " +
"This could cause Kerberos authentication to fail as it can require AES-256.";
}
logger.info(authFailedMessage);
throw new InvalidCredentialsException(authFailedMessage, e);
}
}