本文整理汇总了Java中javax.security.auth.Subject.getPrivateCredentials方法的典型用法代码示例。如果您正苦于以下问题:Java Subject.getPrivateCredentials方法的具体用法?Java Subject.getPrivateCredentials怎么用?Java Subject.getPrivateCredentials使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类javax.security.auth.Subject的用法示例。
在下文中一共展示了Subject.getPrivateCredentials方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: isRelated
import javax.security.auth.Subject; //导入方法依赖的package包/类
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
示例2: validateSubject
import javax.security.auth.Subject; //导入方法依赖的package包/类
private void validateSubject(Subject subject) {
Set<Object> set = subject.getPrivateCredentials();
boolean foundTGT = false;
if (set != null && set.size() > 0) {
for (Object obj : set) {
if (obj instanceof KerberosTicket) {
KerberosTicket kt = (KerberosTicket) obj;
String serverName = kt.getServer().getName();
if (serverName.startsWith(TGT_SERVER_NAME_PREFIX)) {
foundTGT = true;
}
}
}
}
if (!foundTGT) {
String errorMsg = null;
if (loadFromTicketCache) {
errorMsg = "Unable to load Kerberos TGT. Consider kinit.";
} else {
errorMsg = "Login failed for principal '" + userPrincipal + "' using keytab '" + keytabPath
+ "'. Specify correct keytab file path";
}
logger.error(errorMsg);
throw new AuthenticationFailedException(errorMsg);
}
}
示例3: main
import javax.security.auth.Subject; //导入方法依赖的package包/类
public static void main(String[] args) {
System.setSecurityManager(new SecurityManager());
Subject subject = new Subject();
final Set principals = subject.getPrincipals();
principals.add(new X500Principal("CN=Alice"));
final Set credentials = subject.getPrivateCredentials();
credentials.add("Dummy credential");
new Thread() {
{
start();
}
public void run() {
X500Principal p = new X500Principal("CN=Bob");
while (!finished) {
principals.add(p);
principals.remove(p);
}
}
};
for (int i = 0; i < 1000; i++) {
synchronized (credentials) {
for (Iterator it = credentials.iterator(); it.hasNext(); ) {
it.next();
}
}
}
finished = true;
}
示例4: test3
import javax.security.auth.Subject; //导入方法依赖的package包/类
@Test(dataProvider = "Provider2")
public void test3(Subject s) {
s.getPrivateCredentials(String.class);
}
示例5: isRelated
import javax.security.auth.Subject; //导入方法依赖的package包/类
@Override
public boolean isRelated(boolean isClient,
AccessControlContext acc, Principal p) {
if (p == null) return false;
try {
Subject subject = AccessController.doPrivileged(
(PrivilegedExceptionAction<Subject>)
() -> Krb5Util.getSubject(
isClient ? GSSCaller.CALLER_SSL_CLIENT
: GSSCaller.CALLER_SSL_SERVER,
acc));
if (subject == null) {
if (debug != null && Debug.isOn("session")) {
System.out.println("Kerberos credentials are" +
" not present in the current Subject;" +
" check if " +
" javax.security.auth.useSubjectAsCreds" +
" system property has been set to false");
}
return false;
}
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(p)) {
// bound to this principal
return true;
} else {
if (isClient) {
return false;
} else {
for (KeyTab pc : subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
}
} catch (PrivilegedActionException pae) {
if (debug != null && Debug.isOn("session")) {
System.out.println("Attempt to obtain" +
" subject failed! " + pae);
}
return false;
}
}
示例6: testAddAll
import javax.security.auth.Subject; //导入方法依赖的package包/类
private static void testAddAll() {
// Create a well formed subject and additional collections
Subject mtSubj = makeSubj(false, false, false);
Set<Principal> morePrincs = new HashSet<>(Arrays.asList(tmplAddPrincs));
Set<Object> morePubVals = new HashSet<>(Arrays.asList(tmplAddPubVals));
Set<Object> morePrvVals = new HashSet<>(Arrays.asList(tmplAddPrvVals));
// Run one success test for each Subject family to verify the
// overloaded method works as intended.
Set<Principal> setPrin = mtSubj.getPrincipals();
Set<Object> setPubCreds = mtSubj.getPublicCredentials();
Set<Object> setPrvCreds = mtSubj.getPrivateCredentials();
int prinOrigSize = setPrin.size();
int pubOrigSize = setPubCreds.size();
int prvOrigSize = setPrvCreds.size();
System.out.println("------ addAll() -----");
// Add the new members, then check the resulting size of the
// Subject attributes to verify they've increased by the proper
// amounts.
if ((validTestCollection(methAdd, setPrin, morePrincs) != true) ||
(setPrin.size() != prinOrigSize + morePrincs.size()))
{
throw new RuntimeException("Failed addAll() on principals");
}
if ((validTestCollection(methAdd, setPubCreds,
morePubVals) != true) ||
(setPubCreds.size() != pubOrigSize + morePubVals.size()))
{
throw new RuntimeException("Failed addAll() on public creds");
}
if ((validTestCollection(methAdd, setPrvCreds,
morePrvVals) != true) ||
(setPrvCreds.size() != prvOrigSize + morePrvVals.size()))
{
throw new RuntimeException("Failed addAll() on private creds");
}
System.out.println("Positive addAll() test passed");
// Now add null elements into each container, then retest
morePrincs.add(null);
morePubVals.add(null);
morePrvVals.add(null);
System.out.println("* Testing addAll w/ null values on Principals");
nullTestCollection(methAdd, mtSubj.getPrincipals(), null);
nullTestCollection(methAdd, mtSubj.getPrincipals(), morePrincs);
System.out.println("* Testing addAll w/ null values on Public Creds");
nullTestCollection(methAdd, mtSubj.getPublicCredentials(), null);
nullTestCollection(methAdd, mtSubj.getPublicCredentials(),
morePubVals);
System.out.println("* Testing addAll w/ null values on Private Creds");
nullTestCollection(methAdd, mtSubj.getPrivateCredentials(), null);
nullTestCollection(methAdd, mtSubj.getPrivateCredentials(),
morePrvVals);
}
示例7: testRemoveAll
import javax.security.auth.Subject; //导入方法依赖的package包/类
private static void testRemoveAll() {
// Create a well formed subject and additional collections
Subject mtSubj = makeSubj(false, false, false);
Set<Principal> remPrincs = new HashSet<>();
Set<Object> remPubVals = new HashSet<>();
Set<Object> remPrvVals = new HashSet<>();
remPrincs.add(new KerberosPrincipal("mtwain/[email protected]"));
remPubVals.add("mtwain");
remPrvVals.add("5Cl3M3nz");
// Run one success test for each Subject family to verify the
// overloaded method works as intended.
Set<Principal> setPrin = mtSubj.getPrincipals();
Set<Object> setPubCreds = mtSubj.getPublicCredentials();
Set<Object> setPrvCreds = mtSubj.getPrivateCredentials();
int prinOrigSize = setPrin.size();
int pubOrigSize = setPubCreds.size();
int prvOrigSize = setPrvCreds.size();
System.out.println("------ removeAll() -----");
// Remove the specified members, then check the resulting size of the
// Subject attributes to verify they've decreased by the proper
// amounts.
if ((validTestCollection(methRemove, setPrin, remPrincs) != true) ||
(setPrin.size() != prinOrigSize - remPrincs.size()))
{
throw new RuntimeException("Failed removeAll() on principals");
}
if ((validTestCollection(methRemove, setPubCreds,
remPubVals) != true) ||
(setPubCreds.size() != pubOrigSize - remPubVals.size()))
{
throw new RuntimeException("Failed removeAll() on public creds");
}
if ((validTestCollection(methRemove, setPrvCreds,
remPrvVals) != true) ||
(setPrvCreds.size() != prvOrigSize - remPrvVals.size()))
{
throw new RuntimeException("Failed removeAll() on private creds");
}
System.out.println("Positive removeAll() test passed");
// Now add null elements into each container, then retest
remPrincs.add(null);
remPubVals.add(null);
remPrvVals.add(null);
System.out.println("* Testing removeAll w/ null values on Principals");
nullTestCollection(methRemove, mtSubj.getPrincipals(), null);
nullTestCollection(methRemove, mtSubj.getPrincipals(), remPrincs);
System.out.println(
"* Testing removeAll w/ null values on Public Creds");
nullTestCollection(methRemove, mtSubj.getPublicCredentials(), null);
nullTestCollection(methRemove, mtSubj.getPublicCredentials(),
remPubVals);
System.out.println(
"* Testing removeAll w/ null values on Private Creds");
nullTestCollection(methRemove, mtSubj.getPrivateCredentials(), null);
nullTestCollection(methRemove, mtSubj.getPrivateCredentials(),
remPrvVals);
}
示例8: testRetainAll
import javax.security.auth.Subject; //导入方法依赖的package包/类
private static void testRetainAll() {
// Create a well formed subject and additional collections
Subject mtSubj = makeSubj(false, false, false);
Set<Principal> remPrincs = new HashSet<>(Arrays.asList(tmplAddPrincs));
Set<Object> remPubVals = new HashSet<>(Arrays.asList(tmplAddPubVals));
Set<Object> remPrvVals = new HashSet<>(Arrays.asList(tmplAddPrvVals));
// Add in values that exist within the Subject
remPrincs.add(princVals[2]);
remPubVals.add(pubVals[2]);
remPrvVals.add(privVals[2]);
// Run one success test for each Subject family to verify the
// overloaded method works as intended.
Set<Principal> setPrin = mtSubj.getPrincipals();
Set<Object> setPubCreds = mtSubj.getPublicCredentials();
Set<Object> setPrvCreds = mtSubj.getPrivateCredentials();
int prinOrigSize = setPrin.size();
int pubOrigSize = setPubCreds.size();
int prvOrigSize = setPrvCreds.size();
System.out.println("------ retainAll() -----");
// Retain the specified members (those that exist in the Subject)
// and validate the results.
if (validTestCollection(methRetain, setPrin, remPrincs) == false ||
setPrin.size() != 1 || setPrin.contains(princVals[2]) == false)
{
throw new RuntimeException("Failed retainAll() on principals");
}
if (validTestCollection(methRetain, setPubCreds,
remPubVals) == false ||
setPubCreds.size() != 1 ||
setPubCreds.contains(pubVals[2]) == false)
{
throw new RuntimeException("Failed retainAll() on public creds");
}
if (validTestCollection(methRetain, setPrvCreds,
remPrvVals) == false ||
setPrvCreds.size() != 1 ||
setPrvCreds.contains(privVals[2]) == false)
{
throw new RuntimeException("Failed retainAll() on private creds");
}
System.out.println("Positive retainAll() test passed");
// Now add null elements into each container, then retest
remPrincs.add(null);
remPubVals.add(null);
remPrvVals.add(null);
System.out.println("* Testing retainAll w/ null values on Principals");
nullTestCollection(methRetain, mtSubj.getPrincipals(), null);
nullTestCollection(methRetain, mtSubj.getPrincipals(), remPrincs);
System.out.println(
"* Testing retainAll w/ null values on Public Creds");
nullTestCollection(methRetain, mtSubj.getPublicCredentials(), null);
nullTestCollection(methRetain, mtSubj.getPublicCredentials(),
remPubVals);
System.out.println(
"* Testing retainAll w/ null values on Private Creds");
nullTestCollection(methRetain, mtSubj.getPrivateCredentials(), null);
nullTestCollection(methRetain, mtSubj.getPrivateCredentials(),
remPrvVals);
}
示例9: testAuthenticatedClientsAllowed
import javax.security.auth.Subject; //导入方法依赖的package包/类
@Test public void testAuthenticatedClientsAllowed() throws Exception {
// Create the subject for the client
final Subject clientSubject = AvaticaJaasKrbUtil.loginUsingKeytab(
SpnegoTestUtil.CLIENT_PRINCIPAL, clientKeytab);
final Set<Principal> clientPrincipals = clientSubject.getPrincipals();
// Make sure the subject has a principal
assertFalse(clientPrincipals.isEmpty());
// Get a TGT for the subject (might have many, different encryption types). The first should
// be the default encryption type.
Set<KerberosTicket> privateCredentials =
clientSubject.getPrivateCredentials(KerberosTicket.class);
assertFalse(privateCredentials.isEmpty());
KerberosTicket tgt = privateCredentials.iterator().next();
assertNotNull(tgt);
LOG.info("Using TGT with etype: {}", tgt.getSessionKey().getAlgorithm());
// The name of the principal
final String principalName = clientPrincipals.iterator().next().getName();
// Run this code, logged in as the subject (the client)
byte[] response = Subject.doAs(clientSubject, new PrivilegedExceptionAction<byte[]>() {
@Override public byte[] run() throws Exception {
// Logs in with Kerberos via GSS
GSSManager gssManager = GSSManager.getInstance();
Oid oid = new Oid(SpnegoTestUtil.JGSS_KERBEROS_TICKET_OID);
GSSName gssClient = gssManager.createName(principalName, GSSName.NT_USER_NAME);
GSSCredential credential = gssManager.createCredential(gssClient,
GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
// Passes the GSSCredential into the HTTP client implementation
final AvaticaCommonsHttpClientSpnegoImpl httpClient =
new AvaticaCommonsHttpClientSpnegoImpl(httpServerUrl, credential);
return httpClient.send(new byte[0]);
}
});
// We should get a response which is "OK" with our client's name
assertNotNull(response);
assertEquals("OK " + SpnegoTestUtil.CLIENT_PRINCIPAL,
new String(response, StandardCharsets.UTF_8));
}
示例10: testAuthenticatedClientsAllowed
import javax.security.auth.Subject; //导入方法依赖的package包/类
@Test public void testAuthenticatedClientsAllowed() throws Exception {
Assume.assumeThat("Test disabled on Windows", File.separatorChar, is('/'));
// Create the subject for the client
final Subject clientSubject = AvaticaJaasKrbUtil.loginUsingKeytab(
SpnegoTestUtil.CLIENT_PRINCIPAL, clientKeytab);
final Set<Principal> clientPrincipals = clientSubject.getPrincipals();
// Make sure the subject has a principal
assertFalse(clientPrincipals.isEmpty());
// Get a TGT for the subject (might have many, different encryption types). The first should
// be the default encryption type.
Set<KerberosTicket> privateCredentials =
clientSubject.getPrivateCredentials(KerberosTicket.class);
assertFalse(privateCredentials.isEmpty());
KerberosTicket tgt = privateCredentials.iterator().next();
assertNotNull(tgt);
LOG.info("Using TGT with etype: {}", tgt.getSessionKey().getAlgorithm());
// The name of the principal
final String principalName = clientPrincipals.iterator().next().getName();
// Run this code, logged in as the subject (the client)
byte[] response = Subject.doAs(clientSubject, new PrivilegedExceptionAction<byte[]>() {
@Override public byte[] run() throws Exception {
// Logs in with Kerberos via GSS
GSSManager gssManager = GSSManager.getInstance();
Oid oid = new Oid(SpnegoTestUtil.JGSS_KERBEROS_TICKET_OID);
GSSName gssClient = gssManager.createName(principalName, GSSName.NT_USER_NAME);
GSSCredential credential = gssManager.createCredential(gssClient,
GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
// Passes the GSSCredential into the HTTP client implementation
final AvaticaCommonsHttpClientSpnegoImpl httpClient =
new AvaticaCommonsHttpClientSpnegoImpl(httpServerUrl, credential);
return httpClient.send(new byte[0]);
}
});
// We should get a response which is "OK" with our client's name
assertNotNull(response);
assertEquals("OK " + SpnegoTestUtil.CLIENT_PRINCIPAL,
new String(response, StandardCharsets.UTF_8));
}
示例11: test1
import javax.security.auth.Subject; //导入方法依赖的package包/类
/**
* Policy file grants access to the private Credential,belonging to a
* Subject with at least two associated Principals:"com.sun.security.auth
* .NTUserPrincipal", with the name,"NTUserPrincipal-1", and
* "com.sun.security.auth.UnixPrincipal", with the name, "UnixPrincipals-1".
*
* For test1 and test2, subjects are associated with none or only one of
* principals mentioned above, SecurityException is expected.
* For test 3 and test 4, subjects are associated with two or more
* Principals (above principals are included), no exception is expected.
*
*/
@Test(dataProvider = "Provider1", expectedExceptions = SecurityException.class)
public void test1(Subject s) {
s.getPrivateCredentials(String.class);
}