当前位置: 首页>>代码示例>>Java>>正文


Java GSSContext.acceptSecContext方法代码示例

本文整理汇总了Java中org.ietf.jgss.GSSContext.acceptSecContext方法的典型用法代码示例。如果您正苦于以下问题:Java GSSContext.acceptSecContext方法的具体用法?Java GSSContext.acceptSecContext怎么用?Java GSSContext.acceptSecContext使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.ietf.jgss.GSSContext的用法示例。


在下文中一共展示了GSSContext.acceptSecContext方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: main

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
 
开发者ID:AdoptOpenJDK,项目名称:openjdk-jdk10,代码行数:18,代码来源:MechTokenMissing.java

示例2: processToken

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
/**
 * Process Kerberos token and get user name.
 *
 * @param gssToken GSS token
 * @return username Username of the logged in user if GSSToken can be decrypted correctly else return null
 * @throws GSSException
 */
public static String processToken(byte[] gssToken, GSSCredential gssCredentials) throws GSSException {
    GSSContext context = gssManager.createContext(gssCredentials);
    // Decrypt the kerberos ticket (GSS token)
    context.acceptSecContext(gssToken, 0, gssToken.length);

    // If we cannot decrypt the GSS Token properly we return the username as null.
    if (!context.isEstablished()) {
        log.error("Unable to decrypt the kerberos ticket as context was not established.");
        return null;
    }

    String loggedInUserName = context.getSrcName().toString();
    String target = context.getTargName().toString();

    if (log.isDebugEnabled()) {
        String msg = "Extracted details from GSS Token, LoggedIn User : " + loggedInUserName
                + " , Intended target : " + target;
        log.debug(msg);
    }

    return loggedInUserName;
}
 
开发者ID:wso2-extensions,项目名称:identity-local-auth-iwa-kerberos,代码行数:30,代码来源:IWAAuthenticationUtil.java

示例3: run

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
public AuthenticationMechanismOutcome run() throws GSSException {
    NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY);
    if (negContext == null) {
        negContext = new NegotiationContext();
        exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
        // Also cache it on the connection for future calls.
        exchange.getConnection().putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
    }

    GSSContext gssContext = negContext.getGssContext();
    if (gssContext == null) {
        GSSManager manager = GSSManager.getInstance();
        gssContext = manager.createContext((GSSCredential) null);

        negContext.setGssContext(gssContext);
    }

    byte[] respToken = gssContext.acceptSecContext(challenge.array(), challenge.arrayOffset(), challenge.limit());
    negContext.setResponseToken(respToken);

    if (negContext.isEstablished()) {

        if (respToken != null) {
            // There will be no further challenge but we do have a token so set it here.
            exchange.getResponseHeaders().add(WWW_AUTHENTICATE,
                    NEGOTIATE_PREFIX + FlexBase64.encodeString(respToken, false));
        }
        IdentityManager identityManager = securityContext.getIdentityManager();
        final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext()));
        if (account != null) {
            securityContext.authenticationComplete(account, name, false);
            return AuthenticationMechanismOutcome.AUTHENTICATED;
        } else {
            return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
    } else {
        // This isn't a failure but as the context is not established another round trip with the client is needed.
        return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:41,代码来源:GSSAPIAuthenticationMechanism.java

示例4: main

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {

        // msoid.txt is a NegTokenInit packet sent from Internet Explorer to
        // IIS server on a test machine. No sensitive info included.
        byte[] header = Files.readAllBytes(
                Paths.get(System.getProperty("test.src"), "msoid.txt"));
        byte[] token = Base64.getMimeDecoder().decode(
                Arrays.copyOfRange(header, 10, header.length));

        GSSCredential cred = null;
        GSSContext ctx = GSSManager.getInstance().createContext(cred);

        try {
            ctx.acceptSecContext(token, 0, token.length);
            // Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
            // and acceptor chooses another mech and goes on
            throw new Exception("Should fail");
        } catch (GSSException gsse) {
            // After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
            // cannot be accepted because we don't have any krb5 credential.
            gsse.printStackTrace();
            if (gsse.getMajor() != GSSException.NO_CRED) {
                throw gsse;
            }
            for (StackTraceElement st: gsse.getStackTrace()) {
                if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
                    // Good, it is already in krb5 mech's hand.
                    return;
                }
            }
            throw gsse;
        }
    }
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:34,代码来源:MSOID.java

示例5: GSSAuthentication

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
public GSSAuthentication(byte[] token) throws GSSException {
	GSSManager gssManager = GSSManager.getInstance();
	GSSCredential gssCreds = gssManager.createCredential(
			(GSSName) null, GSSCredential.INDEFINITE_LIFETIME,
			(Oid) null, GSSCredential.ACCEPT_ONLY);
	GSSContext gssContext = gssManager.createContext(gssCreds);

	responseToken = gssContext
			.acceptSecContext(token, 0, token.length);

	if (gssContext.isEstablished()) {
		GSSName name = gssContext.getSrcName();
		username = name.toString();
	}
}
 
开发者ID:cbsit,项目名称:JaasLounge,代码行数:16,代码来源:GSSAuthentication.java

示例6: run

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
@Override
public String run() throws Exception {
    GSSContext context = GSSManager.getInstance().createContext((GSSCredential) null);
    context.acceptSecContext(kerberosTicket, 0, kerberosTicket.length);
    String user = context.getSrcName().toString();
    context.dispose();
    return user;
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:9,代码来源:KerberosToken.java

示例7: login

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
@Override public UserIdentity login(String username, Object credentials) {
  String encodedAuthToken = (String) credentials;
  byte[] authToken = B64Code.decode(encodedAuthToken);

  GSSManager manager = GSSManager.getInstance();
  try {
    // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
    Oid spnegoOid = new Oid("1.3.6.1.5.5.2");
    Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
    GSSName gssName = manager.createName(serverPrincipal, null);
    // CALCITE-1922 Providing both OIDs is the bug in Jetty we're working around. By specifying
    // only one, we're requiring that clients *must* provide us the SPNEGO OID to authenticate
    // via Kerberos which is wrong. Best as I can tell, the SPNEGO OID is meant as another
    // layer of indirection (essentially is equivalent to setting the Kerberos OID).
    GSSCredential serverCreds = manager.createCredential(gssName,
        GSSCredential.INDEFINITE_LIFETIME, new Oid[] {krb5Oid, spnegoOid},
        GSSCredential.ACCEPT_ONLY);
    GSSContext gContext = manager.createContext(serverCreds);

    if (gContext == null) {
      LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
    } else {
      while (!gContext.isEstablished()) {
        authToken = gContext.acceptSecContext(authToken, 0, authToken.length);
      }
      if (gContext.isEstablished()) {
        String clientName = gContext.getSrcName().toString();
        String role = clientName.substring(clientName.indexOf('@') + 1);

        LOG.debug("SpnegoUserRealm: established a security context");
        LOG.debug("Client Principal is: {}", gContext.getSrcName());
        LOG.debug("Server Principal is: {}", gContext.getTargName());
        LOG.debug("Client Default Role: {}", role);

        SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName, authToken);

        Subject subject = new Subject();
        subject.getPrincipals().add(user);

        return _identityService.newUserIdentity(subject, user, new String[]{role});
      }
    }
  } catch (GSSException gsse) {
    LOG.warn("Caught GSSException trying to authenticate the client", gsse);
  }

  return null;
}
 
开发者ID:apache,项目名称:calcite-avatica,代码行数:49,代码来源:PropertyBasedSpnegoLoginService.java

示例8: doSpnegoAuth

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
/**
 * Performs authentication using the SPNEGO mechanism.
 *
 * <p>
 * Returns null if authentication failed or if the provided 
 * the auth scheme did not contain the SPNEGO/GSS token.
 * </p>
 * 
 * @return SpnegoPrincipal for the given auth scheme.
 */
private SpnegoPrincipal doSpnegoAuth(
    final SpnegoAuthScheme scheme, final SpnegoHttpServletResponse resp) 
    throws GSSException, IOException {

    final String principal;
    final byte[] gss = scheme.getToken();

    if (0 == gss.length) {
        LOGGER.finer("GSS data was NULL.");
        return null;
    }

    GSSContext context = null;
    GSSCredential delegCred = null;
    
    try {
        byte[] token = null;
        
        SpnegoAuthenticator.LOCK.lock();
        try {
            context = SpnegoAuthenticator.MANAGER.createContext(this.serverCredentials);
            token = context.acceptSecContext(gss, 0, gss.length);
        } finally {
            SpnegoAuthenticator.LOCK.unlock();
        }

        if (null == token) {
            LOGGER.finer("Token was NULL.");
            return null;
        }

        resp.setHeader(Constants.AUTHN_HEADER, Constants.NEGOTIATE_HEADER 
                + ' ' + Base64.encode(token));

        if (!context.isEstablished()) {
            LOGGER.fine("context not established");
            resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED, true);
            return null;
        }

        principal = context.getSrcName().toString();
        
        if (this.allowDelegation && context.getCredDelegState()) {
            delegCred = context.getDelegCred();
        }

    } finally {
        if (null != context) {
            SpnegoAuthenticator.LOCK.lock();
            try {
                context.dispose();
            } finally {
                SpnegoAuthenticator.LOCK.unlock();
            }
        }
    }

    return new SpnegoPrincipal(principal, KerberosPrincipal.KRB_NT_PRINCIPAL, delegCred);
}
 
开发者ID:codelibs,项目名称:spnego,代码行数:70,代码来源:SpnegoAuthenticator.java

示例9: spnegoLogin

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private UserIdentity spnegoLogin(Object credentials) {

    String encodedAuthToken = (String) credentials;
    byte[] authToken = B64Code.decode(encodedAuthToken);
    GSSManager manager = GSSManager.getInstance();

    try {
      // Providing both OID's is required here. If we provide only one,
      // we're requiring that clients provide us the SPNEGO OID to authenticate via Kerberos.
      Oid[] knownOids = new Oid[2];
      knownOids[0] = new Oid("1.3.6.1.5.5.2"); // spnego
      knownOids[1] = new Oid("1.2.840.113554.1.2.2"); // kerberos

      GSSName gssName = manager.createName(spnegoConfig.getSpnegoPrincipal(), null);
      GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME,
          knownOids, GSSCredential.ACCEPT_ONLY);
      GSSContext gContext = manager.createContext(serverCreds);

      if (gContext == null) {
        logger.debug("SPNEGOUserRealm: failed to establish GSSContext");
      } else {
        while (!gContext.isEstablished()) {
          authToken = gContext.acceptSecContext(authToken, 0, authToken.length);
        }

        if (gContext.isEstablished()) {
          String clientName = gContext.getSrcName().toString();
          String role = clientName.substring(clientName.indexOf(64) + 1);

          final SystemOptionManager sysOptions = drillContext.getOptionManager();
          final boolean isAdmin = ImpersonationUtil.hasAdminPrivileges(role,
              ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(sysOptions),
              ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(sysOptions));

          final Principal user = new DrillUserPrincipal(clientName, isAdmin);
          final Subject subject = new Subject();
          subject.getPrincipals().add(user);

          if (isAdmin) {
            return this._identityService.newUserIdentity(subject, user, DrillUserPrincipal.ADMIN_USER_ROLES);
          } else {
            return this._identityService.newUserIdentity(subject, user, DrillUserPrincipal.NON_ADMIN_USER_ROLES);
          }
        }
      }
    } catch (GSSException gsse) {
      logger.warn("Caught GSSException trying to authenticate the client", gsse);
    }
    return null;
  }
 
开发者ID:axbaretto,项目名称:drill,代码行数:51,代码来源:DrillSpnegoLoginService.java

示例10: runWithPrincipal

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private AuthenticationToken runWithPrincipal(String serverPrincipal,
    byte[] clientToken, Base64 base64, HttpServletResponse response) throws
    IOException, AuthenticationException, ClassNotFoundException,
    GSSException, IllegalAccessException, NoSuchFieldException {
  GSSContext gssContext = null;
  GSSCredential gssCreds = null;
  AuthenticationToken token = null;
  try {
    LOG.trace("SPNEGO initiated with server principal [{}]", serverPrincipal);
    gssCreds = this.gssManager.createCredential(
        this.gssManager.createName(serverPrincipal,
            KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL")),
        GSSCredential.INDEFINITE_LIFETIME,
        new Oid[]{
            KerberosUtil.getOidInstance("GSS_SPNEGO_MECH_OID"),
            KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID")},
        GSSCredential.ACCEPT_ONLY);
    gssContext = this.gssManager.createContext(gssCreds);
    byte[] serverToken = gssContext.acceptSecContext(clientToken, 0,
        clientToken.length);
    if (serverToken != null && serverToken.length > 0) {
      String authenticate = base64.encodeToString(serverToken);
      response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE,
                         KerberosAuthenticator.NEGOTIATE + " " +
                         authenticate);
    }
    if (!gssContext.isEstablished()) {
      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
      LOG.trace("SPNEGO in progress");
    } else {
      String clientPrincipal = gssContext.getSrcName().toString();
      KerberosName kerberosName = new KerberosName(clientPrincipal);
      String userName = kerberosName.getShortName();
      token = new AuthenticationToken(userName, clientPrincipal, getType());
      response.setStatus(HttpServletResponse.SC_OK);
      LOG.trace("SPNEGO completed for client principal [{}]",
          clientPrincipal);
    }
  } finally {
    if (gssContext != null) {
      gssContext.dispose();
    }
    if (gssCreds != null) {
      gssCreds.dispose();
    }
  }
  return token;
}
 
开发者ID:hopshadoop,项目名称:hops,代码行数:49,代码来源:KerberosAuthenticationHandler.java


注:本文中的org.ietf.jgss.GSSContext.acceptSecContext方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。