本文整理汇总了Java中org.ietf.jgss.GSSContext.requestConf方法的典型用法代码示例。如果您正苦于以下问题:Java GSSContext.requestConf方法的具体用法?Java GSSContext.requestConf怎么用?Java GSSContext.requestConf使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.ietf.jgss.GSSContext
的用法示例。
在下文中一共展示了GSSContext.requestConf方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: initGSS
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
GSSContext initGSS() throws Exception {
final GSSManager MANAGER = GSSManager.getInstance();
final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws GSSException {
return MANAGER.createCredential(null, GSSCredential.DEFAULT_LIFETIME, KrbConstants.SPNEGO, GSSCredential.INITIATE_ONLY);
}
};
final GSSCredential clientcreds = Subject.doAs(initiatorSubject, action);
final GSSContext context = MANAGER.createContext(MANAGER.createName(acceptorPrincipal, GSSName.NT_USER_NAME, KrbConstants.SPNEGO),
KrbConstants.SPNEGO, clientcreds, GSSContext.DEFAULT_LIFETIME);
//TODO make configurable
context.requestMutualAuth(true);
context.requestConf(true);
context.requestInteg(true);
context.requestReplayDet(true);
context.requestSequenceDet(true);
context.requestCredDeleg(false);
return context;
}
示例2: generateTicket
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private String generateTicket() throws GSSException {
final GSSManager manager = GSSManager.getInstance();
// Oid for kerberos principal name
Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1");
Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2");
final GSSName clientName = manager.createName(principal,
krb5PrincipalOid);
final GSSCredential clientCred = manager.createCredential(clientName,
8 * 3600,
KERB_V5_OID,
GSSCredential.INITIATE_ONLY);
final GSSName serverName = manager.createName(principal, krb5PrincipalOid);
final GSSContext context = manager.createContext(serverName,
KERB_V5_OID,
clientCred,
GSSContext.DEFAULT_LIFETIME);
context.requestMutualAuth(true);
context.requestConf(false);
context.requestInteg(true);
final byte[] outToken = context.initSecContext(new byte[0], 0, 0);
StringBuffer outputBuffer = new StringBuffer();
outputBuffer.append("Negotiate ");
outputBuffer.append(Base64.encodeBytes(outToken).replace("\n", ""));
System.out.print("Ticket is: " + outputBuffer);
return outputBuffer.toString();
}
示例3: generateTicket
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private String generateTicket() throws GSSException {
final GSSManager manager = GSSManager.getInstance();
// Oid for kerberos principal name
Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1");
Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2");
final GSSName clientName = manager.createName("hbase/[email protected]",
krb5PrincipalOid);
final GSSCredential clientCred = manager.createCredential(clientName,
8 * 3600,
KERB_V5_OID,
GSSCredential.INITIATE_ONLY);
final GSSName serverName = manager.createName("hbase/[email protected]", krb5PrincipalOid);
final GSSContext context = manager.createContext(serverName,
KERB_V5_OID,
clientCred,
GSSContext.DEFAULT_LIFETIME);
context.requestMutualAuth(true);
context.requestConf(false);
context.requestInteg(true);
final byte[] outToken = context.initSecContext(new byte[0], 0, 0);
StringBuffer outputBuffer = new StringBuffer();
outputBuffer.append("Negotiate ");
outputBuffer.append(new BASE64Encoder().encode(outToken).replace("\n", ""));
System.out.print("Ticket is: " + outputBuffer);
return outputBuffer.toString();
}
示例4: encodeGSSAPIAuthenticationPacket
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
/**
* Encodes the authentication packet for supported authentication methods.
*
* @param request the socks proxy request data
* @return the encoded buffer
* @throws GSSException when something fails while using GSSAPI
*/
private IoBuffer encodeGSSAPIAuthenticationPacket(final SocksProxyRequest request) throws GSSException {
GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
if (ctx == null) {
// first step in the authentication process
GSSManager manager = GSSManager.getInstance();
GSSName serverName = manager.createName(request.getServiceKerberosName(), null);
Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Available mechs:");
for (Oid o : manager.getMechs()) {
if (o.equals(krb5OID)) {
LOGGER.debug("Found Kerberos V OID available");
}
LOGGER.debug("{} with oid = {}", manager.getNamesForMech(o), o);
}
}
ctx = manager.createContext(serverName, krb5OID, null, GSSContext.DEFAULT_LIFETIME);
ctx.requestMutualAuth(true); // Mutual authentication
ctx.requestConf(false);
ctx.requestInteg(false);
getSession().setAttribute(GSS_CONTEXT, ctx);
}
byte[] token = (byte[]) getSession().getAttribute(GSS_TOKEN);
if (token != null) {
LOGGER.debug(" Received Token[{}] = {}", token.length, ByteUtilities.asHex(token));
}
IoBuffer buf = null;
if (!ctx.isEstablished()) {
// token is ignored on the first call
if (token == null) {
token = new byte[32];
}
token = ctx.initSecContext(token, 0, token.length);
// Send a token to the server if one was generated by
// initSecContext
if (token != null) {
LOGGER.debug(" Sending Token[{}] = {}", token.length, ByteUtilities.asHex(token));
getSession().setAttribute(GSS_TOKEN, token);
buf = IoBuffer.allocate(4 + token.length);
buf.put(new byte[] { SocksProxyConstants.GSSAPI_AUTH_SUBNEGOTIATION_VERSION,
SocksProxyConstants.GSSAPI_MSG_TYPE });
buf.put(ByteUtilities.intToNetworkByteOrder(token.length, 2));
buf.put(token);
}
}
return buf;
}
示例5: getGSSContext
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private GSSContext getGSSContext(final GssAciServerDetails serverDetails) throws AciHttpException, IOException {
LOGGER.trace("getGSSContext() called...");
try {
LOGGER.debug("Setting up to try and create a GSSContext...");
// Krb5 Oids, see RFC 1964...
final Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
final Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
// Prepare stuff for setting up the context...
final GSSManager manager = GSSManager.getInstance();
final GSSName serverName = manager.createName(serverDetails.getServiceName(), krb5PrincipalNameType);
// Set up the context...
final GSSContext context = manager.createContext(serverName, krb5Mechanism, null, GSSContext.DEFAULT_LIFETIME);
context.requestConf(true);
context.requestMutualAuth(true);
context.requestReplayDet(true);
context.requestSequenceDet(true);
// Do the context establishment loop...
byte[] token = EMPTY_BYTE_ARRAY;
while (!context.isEstablished()) {
// token is ignored on the first call
token = context.initSecContext(token, 0, token.length);
if (token != null) {
LOGGER.debug("Sending GSS action to the ACI server for context token...");
// Build the parameter set...
final ActionParameters parameters = new ActionParameters();
parameters.add(AciConstants.PARAM_ACTION, "GSS");
parameters.add("gssServiceName", new String(Base64.encodeBase64(token), "UTF-8"));
// Execute the action and process the response...
final AciResponseInputStream response = super.executeAction(serverDetails, parameters);
token = new GssContextTokenProcessor().process(response);
// Ensure that we close the stream to release the connection, otherwise another will be used and the
// subsequent action will fail as it wasn't made on the same connection as this token exchange...
IOUtils.getInstance().closeQuietly(response);
}
}
// display context information
LOGGER.debug("Successfully established a GSSContext...");
LOGGER.debug("Remaining lifetime in seconds = {}", context.getLifetime());
LOGGER.debug("Context mechanism = {}", context.getMech());
LOGGER.debug("Initiator = {}", context.getSrcName());
LOGGER.debug("Acceptor = {}", context.getTargName());
// Return the context...
return context;
} catch (final GSSException gsse) {
throw new AciHttpException("Unable to establish a GSSContext.", gsse);
} catch (final UnsupportedEncodingException uee) {
throw new AciHttpException("Unable to establish a GSSContext due to an unsupported encoding.", uee);
} catch (final ProcessorException pe) {
throw new AciHttpException("Unable to parse the context response.", pe);
} catch (final AciErrorException aee) {
throw new AciHttpException("Unable to establish a GSSContext with the ACI Server.", aee);
}
}
示例6: authenticate
import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
/**
authenticate socket.
if protection on, return authenticated socket wrapped over the original simpleSocket,
else return original socket.
**/
public static Socket authenticate(
Socket simpleSocket,
boolean isClientSocket,
GSSCredential credential,
int protection,
DataChannelAuthentication dcau)
throws Exception {
GSSContext gssContext = null;
GSSManager manager = ExtendedGSSManager.getInstance();
if (isClientSocket) {
gssContext =
manager.createContext(
null,
GSSConstants.MECH_OID,
credential,
GSSContext.DEFAULT_LIFETIME);
} else {
gssContext = manager.createContext(credential);
}
if (protection != GridFTPSession.PROTECTION_CLEAR) {
((ExtendedGSSContext) gssContext).setOption(
GSSConstants.GSS_MODE,
GSIConstants.MODE_SSL);
}
gssContext.requestConf(protection == GridFTPSession.PROTECTION_PRIVATE);
//Wrap the simple socket with GSI
logger.debug("Creating secure socket");
GssSocketFactory factory = GssSocketFactory.getDefault();
GssSocket secureSocket =
(GssSocket) factory.createSocket(simpleSocket, null, 0, gssContext);
secureSocket.setUseClientMode(isClientSocket);
if (dcau == null) {
secureSocket.setAuthorization(null);
} else if (dcau == DataChannelAuthentication.SELF) {
secureSocket.setAuthorization(SelfAuthorization.getInstance());
} else if (dcau == DataChannelAuthentication.NONE) {
// this should never be
} else if (dcau instanceof DataChannelAuthentication) {
// dcau.toFtpCmdArgument() kinda hackish but it works
secureSocket.setAuthorization(
new IdentityAuthorization(dcau.toFtpCmdArgument()));
}
/* that will force handshake */
secureSocket.getOutputStream().flush();
if (protection == GridFTPSession.PROTECTION_SAFE ||
protection == GridFTPSession.PROTECTION_PRIVATE) {
logger.debug("Data channel protection: on");
return secureSocket;
} else { // PROTECTION_CLEAR
logger.debug("Data channel protection: off");
return simpleSocket;
}
}