当前位置: 首页>>代码示例>>Java>>正文


Java GSSContext.requestConf方法代码示例

本文整理汇总了Java中org.ietf.jgss.GSSContext.requestConf方法的典型用法代码示例。如果您正苦于以下问题:Java GSSContext.requestConf方法的具体用法?Java GSSContext.requestConf怎么用?Java GSSContext.requestConf使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.ietf.jgss.GSSContext的用法示例。


在下文中一共展示了GSSContext.requestConf方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: initGSS

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
GSSContext initGSS() throws Exception {
    final GSSManager MANAGER = GSSManager.getInstance();

    final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() {
        @Override
        public GSSCredential run() throws GSSException {
            return MANAGER.createCredential(null, GSSCredential.DEFAULT_LIFETIME, KrbConstants.SPNEGO, GSSCredential.INITIATE_ONLY);
        }
    };

    final GSSCredential clientcreds = Subject.doAs(initiatorSubject, action);

    final GSSContext context = MANAGER.createContext(MANAGER.createName(acceptorPrincipal, GSSName.NT_USER_NAME, KrbConstants.SPNEGO),
            KrbConstants.SPNEGO, clientcreds, GSSContext.DEFAULT_LIFETIME);

    //TODO make configurable
    context.requestMutualAuth(true);
    context.requestConf(true);
    context.requestInteg(true);
    context.requestReplayDet(true);
    context.requestSequenceDet(true);
    context.requestCredDeleg(false);

    return context;
}
 
开发者ID:codecentric,项目名称:elasticsearch-shield-kerberos-realm,代码行数:26,代码来源:KerberizedClient.java

示例2: generateTicket

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private String generateTicket() throws GSSException {
  final GSSManager manager = GSSManager.getInstance();
  // Oid for kerberos principal name
  Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1");
  Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2");
  final GSSName clientName = manager.createName(principal,
      krb5PrincipalOid);
  final GSSCredential clientCred = manager.createCredential(clientName,
      8 * 3600,
      KERB_V5_OID,
      GSSCredential.INITIATE_ONLY);

  final GSSName serverName = manager.createName(principal, krb5PrincipalOid);

  final GSSContext context = manager.createContext(serverName,
      KERB_V5_OID,
      clientCred,
      GSSContext.DEFAULT_LIFETIME);
  context.requestMutualAuth(true);
  context.requestConf(false);
  context.requestInteg(true);

  final byte[] outToken = context.initSecContext(new byte[0], 0, 0);
  StringBuffer outputBuffer = new StringBuffer();
  outputBuffer.append("Negotiate ");
  outputBuffer.append(Base64.encodeBytes(outToken).replace("\n", ""));
  System.out.print("Ticket is: " + outputBuffer);
  return outputBuffer.toString();
}
 
开发者ID:fengchen8086,项目名称:ditb,代码行数:30,代码来源:HttpDoAsClient.java

示例3: generateTicket

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private String generateTicket() throws GSSException {
  final GSSManager manager = GSSManager.getInstance();
  // Oid for kerberos principal name
  Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1");
  Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2");
  final GSSName clientName = manager.createName("hbase/[email protected]",
      krb5PrincipalOid);
  final GSSCredential clientCred = manager.createCredential(clientName,
      8 * 3600,
      KERB_V5_OID,
      GSSCredential.INITIATE_ONLY);

  final GSSName serverName = manager.createName("hbase/[email protected]", krb5PrincipalOid);

  final GSSContext context = manager.createContext(serverName,
      KERB_V5_OID,
      clientCred,
      GSSContext.DEFAULT_LIFETIME);
  context.requestMutualAuth(true);
  context.requestConf(false);
  context.requestInteg(true);

  final byte[] outToken = context.initSecContext(new byte[0], 0, 0);
  StringBuffer outputBuffer = new StringBuffer();
  outputBuffer.append("Negotiate ");
  outputBuffer.append(new BASE64Encoder().encode(outToken).replace("\n", ""));
  System.out.print("Ticket is: " + outputBuffer);
  return outputBuffer.toString();
}
 
开发者ID:grokcoder,项目名称:pbase,代码行数:30,代码来源:HttpDoAsClient.java

示例4: encodeGSSAPIAuthenticationPacket

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
/**
 * Encodes the authentication packet for supported authentication methods.
 * 
 * @param request the socks proxy request data
 * @return the encoded buffer
 * @throws GSSException when something fails while using GSSAPI
 */
private IoBuffer encodeGSSAPIAuthenticationPacket(final SocksProxyRequest request) throws GSSException {
    GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
    if (ctx == null) {
        // first step in the authentication process
        GSSManager manager = GSSManager.getInstance();
        GSSName serverName = manager.createName(request.getServiceKerberosName(), null);
        Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID);

        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Available mechs:");
            for (Oid o : manager.getMechs()) {
                if (o.equals(krb5OID)) {
                    LOGGER.debug("Found Kerberos V OID available");
                }
                LOGGER.debug("{} with oid = {}", manager.getNamesForMech(o), o);
            }
        }

        ctx = manager.createContext(serverName, krb5OID, null, GSSContext.DEFAULT_LIFETIME);

        ctx.requestMutualAuth(true); // Mutual authentication
        ctx.requestConf(false);
        ctx.requestInteg(false);

        getSession().setAttribute(GSS_CONTEXT, ctx);
    }

    byte[] token = (byte[]) getSession().getAttribute(GSS_TOKEN);
    if (token != null) {
        LOGGER.debug("  Received Token[{}] = {}", token.length, ByteUtilities.asHex(token));
    }
    IoBuffer buf = null;

    if (!ctx.isEstablished()) {
        // token is ignored on the first call
        if (token == null) {
            token = new byte[32];
        }

        token = ctx.initSecContext(token, 0, token.length);

        // Send a token to the server if one was generated by
        // initSecContext
        if (token != null) {
            LOGGER.debug("  Sending Token[{}] = {}", token.length, ByteUtilities.asHex(token));

            getSession().setAttribute(GSS_TOKEN, token);
            buf = IoBuffer.allocate(4 + token.length);
            buf.put(new byte[] { SocksProxyConstants.GSSAPI_AUTH_SUBNEGOTIATION_VERSION,
                    SocksProxyConstants.GSSAPI_MSG_TYPE });

            buf.put(ByteUtilities.intToNetworkByteOrder(token.length, 2));
            buf.put(token);
        }
    }

    return buf;
}
 
开发者ID:eclipse,项目名称:neoscada,代码行数:66,代码来源:Socks5LogicHandler.java

示例5: getGSSContext

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
private GSSContext getGSSContext(final GssAciServerDetails serverDetails) throws AciHttpException, IOException {
    LOGGER.trace("getGSSContext() called...");

    try {
        LOGGER.debug("Setting up to try and create a GSSContext...");

        // Krb5 Oids, see RFC 1964...
        final Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
        final Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");

        // Prepare stuff for setting up the context...
        final GSSManager manager = GSSManager.getInstance();
        final GSSName serverName = manager.createName(serverDetails.getServiceName(), krb5PrincipalNameType);

        // Set up the context...
        final GSSContext context = manager.createContext(serverName, krb5Mechanism, null, GSSContext.DEFAULT_LIFETIME);
        context.requestConf(true);
        context.requestMutualAuth(true);
        context.requestReplayDet(true);
        context.requestSequenceDet(true);

        // Do the context establishment loop...
        byte[] token = EMPTY_BYTE_ARRAY;

        while (!context.isEstablished()) {
            // token is ignored on the first call
            token = context.initSecContext(token, 0, token.length);

            if (token != null) {
                LOGGER.debug("Sending GSS action to the ACI server for context token...");

                // Build the parameter set...
                final ActionParameters parameters = new ActionParameters();
                parameters.add(AciConstants.PARAM_ACTION, "GSS");
                parameters.add("gssServiceName", new String(Base64.encodeBase64(token), "UTF-8"));

                // Execute the action and process the response...
                final AciResponseInputStream response = super.executeAction(serverDetails, parameters);
                token = new GssContextTokenProcessor().process(response);

                // Ensure that we close the stream to release the connection, otherwise another will be used and the
                // subsequent action will fail as it wasn't made on the same connection as this token exchange...
                IOUtils.getInstance().closeQuietly(response);
            }
        }

        // display context information
        LOGGER.debug("Successfully established a GSSContext...");
        LOGGER.debug("Remaining lifetime in seconds = {}", context.getLifetime());
        LOGGER.debug("Context mechanism             = {}", context.getMech());
        LOGGER.debug("Initiator                     = {}", context.getSrcName());
        LOGGER.debug("Acceptor                      = {}", context.getTargName());

        // Return the context...
        return context;
    } catch (final GSSException gsse) {
        throw new AciHttpException("Unable to establish a GSSContext.", gsse);
    } catch (final UnsupportedEncodingException uee) {
        throw new AciHttpException("Unable to establish a GSSContext due to an unsupported encoding.", uee);
    } catch (final ProcessorException pe) {
        throw new AciHttpException("Unable to parse the context response.", pe);
    } catch (final AciErrorException aee) {
        throw new AciHttpException("Unable to establish a GSSContext with the ACI Server.", aee);
    }
}
 
开发者ID:hpe-idol,项目名称:java-aci-api-ng,代码行数:66,代码来源:GssAciHttpClientImpl.java

示例6: authenticate

import org.ietf.jgss.GSSContext; //导入方法依赖的package包/类
/** 
    authenticate socket.
    if protection on, return authenticated socket wrapped over the original simpleSocket,
    else return original socket.
**/
public static Socket authenticate(
                                  Socket simpleSocket,
                                  boolean isClientSocket,
                                  GSSCredential credential,
                                  int protection,
                                  DataChannelAuthentication dcau)
    throws Exception {
    
    GSSContext gssContext = null;
    GSSManager manager = ExtendedGSSManager.getInstance();
    
    if (isClientSocket) {
        gssContext =
            manager.createContext(
                                  null,
                                  GSSConstants.MECH_OID,
                                  credential,
                                  GSSContext.DEFAULT_LIFETIME);
    } else {
        gssContext = manager.createContext(credential);
    }
    
    if (protection != GridFTPSession.PROTECTION_CLEAR) {
        ((ExtendedGSSContext) gssContext).setOption(
                                                    GSSConstants.GSS_MODE,
                                                    GSIConstants.MODE_SSL);
    }
    
    gssContext.requestConf(protection == GridFTPSession.PROTECTION_PRIVATE);
    
    //Wrap the simple socket with GSI
    logger.debug("Creating secure socket");
    
    GssSocketFactory factory = GssSocketFactory.getDefault();
    GssSocket secureSocket =
        (GssSocket) factory.createSocket(simpleSocket, null, 0, gssContext);
    
    secureSocket.setUseClientMode(isClientSocket);
    
    if (dcau == null) {
        secureSocket.setAuthorization(null);
    } else if (dcau == DataChannelAuthentication.SELF) {
        secureSocket.setAuthorization(SelfAuthorization.getInstance());
    } else if (dcau == DataChannelAuthentication.NONE) {
        // this should never be
    } else if (dcau instanceof DataChannelAuthentication) {
        // dcau.toFtpCmdArgument() kinda hackish but it works
        secureSocket.setAuthorization(
                                      new IdentityAuthorization(dcau.toFtpCmdArgument()));
    }
    
    /* that will force handshake */
    secureSocket.getOutputStream().flush();
    
    if (protection == GridFTPSession.PROTECTION_SAFE ||
        protection == GridFTPSession.PROTECTION_PRIVATE) {
        logger.debug("Data channel protection: on");
        return secureSocket;
    } else { // PROTECTION_CLEAR
        logger.debug("Data channel protection: off");
        return simpleSocket;
    }
}
 
开发者ID:NCIP,项目名称:cagrid-general,代码行数:69,代码来源:GridFTPServerFacade.java


注:本文中的org.ietf.jgss.GSSContext.requestConf方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。