本文整理汇总了Java中org.ietf.jgss.GSSContext.initSecContext方法的典型用法代码示例。如果您正苦于以下问题:Java GSSContext.initSecContext方法的具体用法?Java GSSContext.initSecContext怎么用?Java GSSContext.initSecContext使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.ietf.jgss.GSSContext
的用法示例。
在下文中一共展示了GSSContext.initSecContext方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateGSSToken
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
/**
* @since 4.4
*/
protected byte[] generateGSSToken(
final byte[] input, final Oid oid, final String authServer,
final Credentials credentials) throws GSSException {
byte[] inputBuff = input;
if (inputBuff == null) {
inputBuff = new byte[0];
}
final GSSManager manager = getManager();
final GSSName serverName = manager.createName(service + "@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
final GSSCredential gssCredential;
if (credentials instanceof KerberosCredentials) {
gssCredential = ((KerberosCredentials) credentials).getGSSCredential();
} else {
gssCredential = null;
}
final GSSContext gssContext = manager.createContext(
serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
}
示例2: run
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
public byte[] run() {
try {
GSSManager gssManager = GSSManager.getInstance();
Oid kerberos5Oid = new Oid(KERBEROS_OID);
GSSCredential credentials = this.delegatedCredential;
GSSName gssService = gssManager.createName(this.serviceName, GSSName.NT_HOSTBASED_SERVICE);
GSSContext secContext = gssManager.createContext(gssService, kerberos5Oid, credentials,
GSSContext.DEFAULT_LIFETIME);
secContext.requestMutualAuth(false);
byte[] token = new byte[0];
byte[] returnedToken = secContext.initSecContext(token, 0, token.length);
secContext.dispose();
return returnedToken;
} catch (GSSException e) {
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_WS, MessageLevel.DETAIL)) {
LogManager.logDetail(LogConstants.CTX_WS, "Error in obtaining a Kerberos token"); //$NON-NLS-1$
}
}
return null;
}
示例3: generateGSSToken
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
protected byte[] generateGSSToken(
final byte[] input, final Oid oid, final String authServer) throws GSSException {
byte[] token = input;
if (token == null) {
token = new byte[0];
}
GSSManager manager = getManager();
GSSName serverName = manager.createName("[email protected]" + authServer, GSSName.NT_HOSTBASED_SERVICE);
GSSContext gssContext = manager.createContext(
serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
return gssContext.initSecContext(token, 0, token.length);
}
示例4: generateTicket
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private String generateTicket() throws GSSException {
final GSSManager manager = GSSManager.getInstance();
// Oid for kerberos principal name
Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1");
Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2");
final GSSName clientName = manager.createName(principal,
krb5PrincipalOid);
final GSSCredential clientCred = manager.createCredential(clientName,
8 * 3600,
KERB_V5_OID,
GSSCredential.INITIATE_ONLY);
final GSSName serverName = manager.createName(principal, krb5PrincipalOid);
final GSSContext context = manager.createContext(serverName,
KERB_V5_OID,
clientCred,
GSSContext.DEFAULT_LIFETIME);
context.requestMutualAuth(true);
context.requestConf(false);
context.requestInteg(true);
final byte[] outToken = context.initSecContext(new byte[0], 0, 0);
StringBuffer outputBuffer = new StringBuffer();
outputBuffer.append("Negotiate ");
outputBuffer.append(Base64.encodeBytes(outToken).replace("\n", ""));
System.out.print("Ticket is: " + outputBuffer);
return outputBuffer.toString();
}
示例5: generateGSSToken
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
protected byte[] generateGSSToken(
final byte[] input, final Oid oid, final String authServer) throws GSSException {
byte[] token = input;
if (token == null) {
token = new byte[0];
}
final GSSManager manager = getManager();
final GSSName serverName = manager.createName("[email protected]" + authServer, GSSName.NT_HOSTBASED_SERVICE);
final GSSContext gssContext = manager.createContext(
serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
return gssContext.initSecContext(token, 0, token.length);
}
示例6: generateGSSToken
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
@Override
protected byte[] generateGSSToken(final byte[] input, final Oid oid,
final String authServer, final Credentials credentials)
throws GSSException {
byte[] inputBuff = input;
if (inputBuff == null) {
inputBuff = new byte[0];
}
final GSSManager manager = getManager();
final GSSName serverName = manager.createName("[email protected]" + authServer,
GSSName.NT_HOSTBASED_SERVICE);
final GSSCredential gssCredential;
if (credentials instanceof KerberosCredentials) {
gssCredential = ((KerberosCredentials) credentials)
.getGSSCredential();
} else {
gssCredential = null;
}
final GSSContext gssContext = manager.createContext(
serverName.canonicalize(oid), oid, gssCredential,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
}
示例7: generateTicket
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private String generateTicket() throws GSSException {
final GSSManager manager = GSSManager.getInstance();
// Oid for kerberos principal name
Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1");
Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2");
final GSSName clientName = manager.createName("hbase/[email protected]",
krb5PrincipalOid);
final GSSCredential clientCred = manager.createCredential(clientName,
8 * 3600,
KERB_V5_OID,
GSSCredential.INITIATE_ONLY);
final GSSName serverName = manager.createName("hbase/[email protected]", krb5PrincipalOid);
final GSSContext context = manager.createContext(serverName,
KERB_V5_OID,
clientCred,
GSSContext.DEFAULT_LIFETIME);
context.requestMutualAuth(true);
context.requestConf(false);
context.requestInteg(true);
final byte[] outToken = context.initSecContext(new byte[0], 0, 0);
StringBuffer outputBuffer = new StringBuffer();
outputBuffer.append("Negotiate ");
outputBuffer.append(new BASE64Encoder().encode(outToken).replace("\n", ""));
System.out.print("Ticket is: " + outputBuffer);
return outputBuffer.toString();
}
示例8: getKerberosUser
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private String getKerberosUser()
{
log.debug("Obtaining userID from kerberos");
String service = conSettings.getSaslProtocol() + "@" + conSettings.getSaslServerName();
GSSManager manager = GSSManager.getInstance();
try
{
GSSName acceptorName = manager.createName(service,
GSSName.NT_HOSTBASED_SERVICE, KRB5_OID);
GSSContext secCtx = manager.createContext(acceptorName,
KRB5_OID,
null,
GSSContext.INDEFINITE_LIFETIME);
secCtx.initSecContext(new byte[0], 0, 1);
if (secCtx.getSrcName() != null)
{
return secCtx.getSrcName().toString();
}
}
catch (GSSException e)
{
log.warn("Unable to retrieve userID from Kerberos due to error",e);
}
return null;
}
示例9: encodeGSSAPIAuthenticationPacket
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
/**
* Encodes the authentication packet for supported authentication methods.
*
* @param request the socks proxy request data
* @return the encoded buffer
* @throws GSSException when something fails while using GSSAPI
*/
private IoBuffer encodeGSSAPIAuthenticationPacket(final SocksProxyRequest request) throws GSSException {
GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
if (ctx == null) {
// first step in the authentication process
GSSManager manager = GSSManager.getInstance();
GSSName serverName = manager.createName(request.getServiceKerberosName(), null);
Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Available mechs:");
for (Oid o : manager.getMechs()) {
if (o.equals(krb5OID)) {
LOGGER.debug("Found Kerberos V OID available");
}
LOGGER.debug("{} with oid = {}", manager.getNamesForMech(o), o);
}
}
ctx = manager.createContext(serverName, krb5OID, null, GSSContext.DEFAULT_LIFETIME);
ctx.requestMutualAuth(true); // Mutual authentication
ctx.requestConf(false);
ctx.requestInteg(false);
getSession().setAttribute(GSS_CONTEXT, ctx);
}
byte[] token = (byte[]) getSession().getAttribute(GSS_TOKEN);
if (token != null) {
LOGGER.debug(" Received Token[{}] = {}", token.length, ByteUtilities.asHex(token));
}
IoBuffer buf = null;
if (!ctx.isEstablished()) {
// token is ignored on the first call
if (token == null) {
token = new byte[32];
}
token = ctx.initSecContext(token, 0, token.length);
// Send a token to the server if one was generated by
// initSecContext
if (token != null) {
LOGGER.debug(" Sending Token[{}] = {}", token.length, ByteUtilities.asHex(token));
getSession().setAttribute(GSS_TOKEN, token);
buf = IoBuffer.allocate(4 + token.length);
buf.put(new byte[] { SocksProxyConstants.GSSAPI_AUTH_SUBNEGOTIATION_VERSION,
SocksProxyConstants.GSSAPI_MSG_TYPE });
buf.put(ByteUtilities.intToNetworkByteOrder(token.length, 2));
buf.put(token);
}
}
return buf;
}
示例10: main
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
public static void main(String[] args)
throws Exception {
Oid oldOid = new Oid("1.3.6.1.5.6.2");
new OneKDC(null).writeJAASConf();
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
GSSManager m = GSSManager.getInstance();
boolean found = false;
// Test 1: the getMechsForName() method accepts it.
for (Oid tmp: m.getMechsForName(oldOid)) {
if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
found = true;
break;
}
}
if (!found) {
throw new Exception("Cannot found krb5 mech for old name type");
}
// Test 2: the createName() method accepts it.
GSSName name = m.createName("[email protected]", oldOid);
// Test 3: its getStringNameType() output is correct
if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) {
throw new Exception("GSSName not correct name type");
}
// Test 4: everything still works.
GSSContext c1 = m.createContext(
name,
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME);
byte[] token = c1.initSecContext(new byte[0], 0, 0);
Context s;
s = Context.fromJAAS("server");
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
s.x().acceptSecContext(token, 0, token.length);
}
示例11: getGSSContext
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private GSSContext getGSSContext(final GssAciServerDetails serverDetails) throws AciHttpException, IOException {
LOGGER.trace("getGSSContext() called...");
try {
LOGGER.debug("Setting up to try and create a GSSContext...");
// Krb5 Oids, see RFC 1964...
final Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
final Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
// Prepare stuff for setting up the context...
final GSSManager manager = GSSManager.getInstance();
final GSSName serverName = manager.createName(serverDetails.getServiceName(), krb5PrincipalNameType);
// Set up the context...
final GSSContext context = manager.createContext(serverName, krb5Mechanism, null, GSSContext.DEFAULT_LIFETIME);
context.requestConf(true);
context.requestMutualAuth(true);
context.requestReplayDet(true);
context.requestSequenceDet(true);
// Do the context establishment loop...
byte[] token = EMPTY_BYTE_ARRAY;
while (!context.isEstablished()) {
// token is ignored on the first call
token = context.initSecContext(token, 0, token.length);
if (token != null) {
LOGGER.debug("Sending GSS action to the ACI server for context token...");
// Build the parameter set...
final ActionParameters parameters = new ActionParameters();
parameters.add(AciConstants.PARAM_ACTION, "GSS");
parameters.add("gssServiceName", new String(Base64.encodeBase64(token), "UTF-8"));
// Execute the action and process the response...
final AciResponseInputStream response = super.executeAction(serverDetails, parameters);
token = new GssContextTokenProcessor().process(response);
// Ensure that we close the stream to release the connection, otherwise another will be used and the
// subsequent action will fail as it wasn't made on the same connection as this token exchange...
IOUtils.getInstance().closeQuietly(response);
}
}
// display context information
LOGGER.debug("Successfully established a GSSContext...");
LOGGER.debug("Remaining lifetime in seconds = {}", context.getLifetime());
LOGGER.debug("Context mechanism = {}", context.getMech());
LOGGER.debug("Initiator = {}", context.getSrcName());
LOGGER.debug("Acceptor = {}", context.getTargName());
// Return the context...
return context;
} catch (final GSSException gsse) {
throw new AciHttpException("Unable to establish a GSSContext.", gsse);
} catch (final UnsupportedEncodingException uee) {
throw new AciHttpException("Unable to establish a GSSContext due to an unsupported encoding.", uee);
} catch (final ProcessorException pe) {
throw new AciHttpException("Unable to parse the context response.", pe);
} catch (final AciErrorException aee) {
throw new AciHttpException("Unable to establish a GSSContext with the ACI Server.", aee);
}
}