本文整理汇总了Java中sun.security.jgss.GSSUtil类的典型用法代码示例。如果您正苦于以下问题:Java GSSUtil类的具体用法?Java GSSUtil怎么用?Java GSSUtil使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
GSSUtil类属于sun.security.jgss包,在下文中一共展示了GSSUtil类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getCredFromSubject
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
private static Krb5CredElement getCredFromSubject(GSSNameSpi name,
boolean initiate)
throws GSSException {
Vector<Krb5CredElement> creds =
GSSUtil.searchSubject(name, GSS_KRB5_MECH_OID, initiate,
(initiate ?
Krb5InitCredential.class :
Krb5AcceptCredential.class));
Krb5CredElement result = ((creds == null || creds.isEmpty()) ?
null : creds.firstElement());
// Force permission check before returning the cred to caller
if (result != null) {
if (initiate) {
checkInitCredPermission((Krb5NameElement) result.getName());
} else {
checkAcceptCredPermission
((Krb5NameElement) result.getName(), name);
}
}
return result;
}
示例2: getCredFromSubject
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
private GSSCredElement getCredFromSubject(GSSNameElement name,
boolean initiate)
throws GSSException {
Oid mech = cStub.getMech();
Vector<GSSCredElement> creds = GSSUtil.searchSubject
(name, mech, initiate, GSSCredElement.class);
// If Subject is present but no native creds available
if (creds != null && creds.isEmpty()) {
if (GSSUtil.useSubjectCredsOnly(caller)) {
throw new GSSException(GSSException.NO_CRED);
}
}
GSSCredElement result = ((creds == null || creds.isEmpty()) ?
null : creds.firstElement());
// Force permission check before returning the cred to caller
if (result != null) {
result.doServicePermCheck();
}
return result;
}
示例3: main
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
public static void main(String[] args)
throws Exception {
// Create and start the KDC
KDC kdc = new OneKDC(null);
if (System.getProperty("onlyonepreauth") != null) {
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"default_tgs_enctypes=des3-cbc-sha1");
Config.refresh();
kdc.setOption(KDC.Option.ONLY_ONE_PREAUTH, true);
}
if (System.getProperty("nopreauth") != null) {
kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
}
// Use a different case of name. KDC will return correct salt
Context c1 = Context.fromUserPass(OneKDC.USER.toUpperCase(Locale.US),
OneKDC.PASS, true);
Context c2 = Context.fromUserPass(OneKDC.USER2.toUpperCase(Locale.US),
OneKDC.PASS2, true);
c1.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
c2.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c1, c2);
}
示例4: go
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
void go() throws Exception {
Context c = Context.fromJAAS("client");
Context s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
c.x().requestMutualAuth(false);
s.startAsServer(GSSUtil.GSS_SPNEGO_MECH_OID);
Context.handshake(c, s);
Context.transmit("i say high --", c, s);
Context.transmit(" you say low", s, c);
c.dispose();
s.dispose();
}
示例5: doServicePermCheck
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
private void doServicePermCheck() throws GSSException {
if (System.getSecurityManager() != null) {
String action = (isInitiator? "initiate" : "accept");
// Need to check Service permission for accessing
// initiator cred for SPNEGO during context establishment
if (GSSUtil.isSpNegoMech(cStub.getMech()) && isInitiator
&& !isEstablished) {
if (srcName == null) {
// Check by creating default initiator KRB5 cred
GSSCredElement tempCred =
new GSSCredElement(null, lifetime,
GSSCredential.INITIATE_ONLY,
GSSLibStub.getInstance(GSSUtil.GSS_KRB5_MECH_OID));
tempCred.dispose();
} else {
String tgsName = Krb5Util.getTGSName(srcName);
Krb5Util.checkServicePermission(tgsName, action);
}
}
String targetStr = targetName.getKrbName();
Krb5Util.checkServicePermission(targetStr, action);
skipServicePermCheck = true;
}
}
示例6: NativeGSSContext
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
NativeGSSContext(GSSNameElement peer, GSSCredElement myCred,
int time, GSSLibStub stub) throws GSSException {
if (peer == null) {
throw new GSSException(GSSException.FAILURE, 1, "null peer");
}
cStub = stub;
cred = myCred;
targetName = peer;
isInitiator = true;
lifetime = time;
if (GSSUtil.isKerberosMech(cStub.getMech())) {
doServicePermCheck();
if (cred == null) {
cred = new GSSCredElement(null, lifetime,
GSSCredential.INITIATE_ONLY, cStub);
}
srcName = cred.getName();
}
}
示例7: main
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
kdc.setOption(KDC.Option.RESP_NT, PrincipalName.KRB_NT_PRINCIPAL);
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
Context.transmit("i say high --", c, s);
Context.transmit(" you say low", s, c);
s.dispose();
c.dispose();
}
示例8: getTicket
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
/**
* Retrieves the ticket corresponding to the client/server principal
* pair from the Subject in the specified AccessControlContext.
* If the ticket can not be found in the Subject, and if
* useSubjectCredsOnly is false, then obtain ticket from
* a LoginContext.
*/
static KerberosTicket getTicket(GSSCaller caller,
String clientPrincipal, String serverPrincipal,
AccessControlContext acc) throws LoginException {
// Try to get ticket from acc's Subject
Subject accSubj = Subject.getSubject(acc);
KerberosTicket ticket =
SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
KerberosTicket.class);
// Try to get ticket from Subject obtained from GSSUtil
if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {
Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
ticket = SubjectComber.find(subject,
serverPrincipal, clientPrincipal, KerberosTicket.class);
}
return ticket;
}
示例9: getServiceCreds
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
/**
* Retrieves the ServiceCreds for the specified server principal from
* the Subject in the specified AccessControlContext. If not found, and if
* useSubjectCredsOnly is false, then obtain from a LoginContext.
*
* NOTE: This method is also used by JSSE Kerberos Cipher Suites
*/
public static ServiceCreds getServiceCreds(GSSCaller caller,
String serverPrincipal, AccessControlContext acc)
throws LoginException {
Subject accSubj = Subject.getSubject(acc);
ServiceCreds sc = null;
if (accSubj != null) {
sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
}
if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
sc = ServiceCreds.getInstance(subject, serverPrincipal);
}
return sc;
}
示例10: main
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
示例11: main
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
new OneKDC(null).writeJAASConf();
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, oid);
c.x().requestCredDeleg(true);
s.startAsServer(oid);
Context.handshake(c, s);
GSSCredential cred = s.delegated().cred();
cred.getRemainingInitLifetime(oid);
cred.getUsage(oid);
}
示例12: xRealmAuth
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
示例13: main
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
Context c, s;
c = Context.fromThinAir();
s = Context.fromThinAir();
// This is the only setting needed for JGSS without JAAS. The default
// JAAS config entries are already created by OneKDC.
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
Context.transmit("i say high --", c, s);
Context.transmit(" you say low", s, c);
s.dispose();
c.dispose();
}
示例14: main
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
String expected = OneKDC.SERVER + "@" + OneKDC.REALM;
if (!c.s().getPrivateCredentials(KerberosTicket.class)
.stream()
.anyMatch(t -> t.getServer().toString().equals(expected))) {
c.status();
throw new Exception("no " + expected);
}
}
示例15: main
import sun.security.jgss.GSSUtil; //导入依赖的package包/类
public static void main(String[] args)
throws Exception {
// Create and start the KDC
KDC kdc = new OneKDC(null);
if (System.getProperty("onlyonepreauth") != null) {
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"default_tgs_enctypes=des3-cbc-sha1");
Config.refresh();
kdc.setOption(KDC.Option.ONLY_ONE_PREAUTH, true);
}
if (System.getProperty("nopreauth") != null) {
kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
}
// Use a different case of name. KDC will return correct salt
Context c1 = Context.fromUserPass(OneKDC.USER.toUpperCase(),
OneKDC.PASS, true);
Context c2 = Context.fromUserPass(OneKDC.USER2.toUpperCase(),
OneKDC.PASS2, true);
c1.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
c2.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c1, c2);
}