本文整理汇总了Java中org.ietf.jgss.GSSManager.getInstance方法的典型用法代码示例。如果您正苦于以下问题:Java GSSManager.getInstance方法的具体用法?Java GSSManager.getInstance怎么用?Java GSSManager.getInstance使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.ietf.jgss.GSSManager
的用法示例。
在下文中一共展示了GSSManager.getInstance方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: xRealmAuth
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
示例2: main
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
GSSManager gm = GSSManager.getInstance();
GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
int time = cred.getRemainingLifetime();
int time2 = cred.getRemainingInitLifetime(null);
// The test KDC issues a TGT with a default lifetime of 11 hours
int elevenhrs = 11*3600;
if (time > elevenhrs+60 || time < elevenhrs-60) {
throw new Exception("getRemainingLifetime returns wrong value.");
}
if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
throw new Exception("getRemainingInitLifetime returns wrong value.");
}
}
示例3: main
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
GSSManager gm = GSSManager.getInstance();
GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
int time = cred.getRemainingLifetime();
int time2 = cred.getRemainingInitLifetime(null);
// The test KDC issues a TGT with a default lifetime of 11 hours
int elevenhrs = KDC.DEFAULT_LIFETIME;
if (time > elevenhrs+60 || time < elevenhrs-60) {
throw new Exception("getRemainingLifetime returns wrong value.");
}
if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
throw new Exception("getRemainingInitLifetime returns wrong value.");
}
}
示例4: initiateSecurityContext
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
private void initiateSecurityContext( String servicePrincipalName)
throws GSSException {
GSSManager manager = GSSManager.getInstance();
GSSName serverName = manager.createName( servicePrincipalName,
GSSName.NT_HOSTBASED_SERVICE);
final GSSContext context = manager.createContext( serverName, krb5Oid, null,
GSSContext.DEFAULT_LIFETIME);
// The GSS context initiation has to be performed as a privileged action.
this.serviceTicket = Subject.doAs( subject, new PrivilegedAction<byte[]>() {
public byte[] run() {
try {
byte[] token = new byte[0];
// This is a one pass context initialisation.
context.requestMutualAuth( false);
context.requestCredDeleg( false);
return context.initSecContext( token, 0, token.length);
}
catch ( GSSException e) {
e.printStackTrace();
return null;
}
}
});
}
示例5: initGSS
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
GSSContext initGSS() throws Exception {
final GSSManager MANAGER = GSSManager.getInstance();
final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws GSSException {
return MANAGER.createCredential(null, GSSCredential.DEFAULT_LIFETIME, KrbConstants.SPNEGO, GSSCredential.INITIATE_ONLY);
}
};
final GSSCredential clientcreds = Subject.doAs(initiatorSubject, action);
final GSSContext context = MANAGER.createContext(MANAGER.createName(acceptorPrincipal, GSSName.NT_USER_NAME, KrbConstants.SPNEGO),
KrbConstants.SPNEGO, clientcreds, GSSContext.DEFAULT_LIFETIME);
//TODO make configurable
context.requestMutualAuth(true);
context.requestConf(true);
context.requestInteg(true);
context.requestReplayDet(true);
context.requestSequenceDet(true);
context.requestCredDeleg(false);
return context;
}
示例6: run
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
public byte[] run() {
try {
GSSManager gssManager = GSSManager.getInstance();
Oid kerberos5Oid = new Oid(KERBEROS_OID);
GSSCredential credentials = this.delegatedCredential;
GSSName gssService = gssManager.createName(this.serviceName, GSSName.NT_HOSTBASED_SERVICE);
GSSContext secContext = gssManager.createContext(gssService, kerberos5Oid, credentials,
GSSContext.DEFAULT_LIFETIME);
secContext.requestMutualAuth(false);
byte[] token = new byte[0];
byte[] returnedToken = secContext.initSecContext(token, 0, token.length);
secContext.dispose();
return returnedToken;
} catch (GSSException e) {
if (LogManager.isMessageToBeRecorded(LogConstants.CTX_WS, MessageLevel.DETAIL)) {
LogManager.logDetail(LogConstants.CTX_WS, "Error in obtaining a Kerberos token"); //$NON-NLS-1$
}
}
return null;
}
示例7: getGSSKerberosCredential
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
private GSSKerberosCredential getGSSKerberosCredential(final String protocol, final String forHost)
throws GeneralSecurityException {
SubjectIdentity subjectIdentity = getSubjectIdentity(protocol, forHost);
if (subjectIdentity == null) {
throw ROOT_LOGGER.noSubjectIdentityForProtocolAndHost(protocol, forHost);
}
final GSSManager manager = GSSManager.getInstance();
try {
GSSCredential gssCredential = Subject.doAs(subjectIdentity.getSubject(),
(PrivilegedExceptionAction<GSSCredential>) () -> manager.createCredential(null,
GSSCredential.DEFAULT_LIFETIME, new Oid[] { KERBEROS_V5, SPNEGO }, GSSCredential.ACCEPT_ONLY));
return new GSSKerberosCredential(gssCredential);
} catch (PrivilegedActionException e) {
throw new GeneralSecurityException(e.getCause());
}
}
示例8: createGssToken
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
/**
* Initializes the GSS context and creates the initial token.
*/
private byte[] createGssToken()
throws GSSException, UnknownHostException
{
GSSManager manager = GSSManager.getInstance();
// Oids for Kerberos5
Oid mech = new Oid( "1.2.840.113554.1.2.2" );
Oid nameType = new Oid( "1.2.840.113554.1.2.2.1" );
// Canonicalize hostname to create SPN like MIT Kerberos does
String host = InetAddress.getByName( socket.getHost() ).getCanonicalHostName();
int port = socket.getPort();
GSSName serverName = manager.createName( "MSSQLSvc/" + host + ":" + port, nameType );
Logger.println( "GSS: Using SPN " + serverName );
_gssContext = manager.createContext( serverName, mech, null, GSSContext.DEFAULT_LIFETIME );
_gssContext.requestMutualAuth( true ); // FIXME: may fail, check via _gssContext.getMutualAuthState()
byte[] token = _gssContext.initSecContext( new byte[0], 0, 0 );
Logger.println( "GSS: Created GSS token (length: " + token.length + ")" );
return token;
}
示例9: xRealmAuth
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
new File("jaas-localkdc.conf").deleteOnExit();
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
示例10: initiateSecurityContext
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
private void initiateSecurityContext() throws GSSException {
GSSManager manager = GSSManager.getInstance();
GSSName gssSPN = manager.createName(spn, null);
final GSSContext context = manager.createContext(gssSPN, new Oid(SPNEGO_OID), null,
GSSContext.DEFAULT_LIFETIME);
// The GSS context initiation has to be performed as a privilegedv action.
this.serviceTicket = Subject.doAs(subject, new PrivilegedAction<byte[]>() {
public byte[] run() {
try {
byte[] token = new byte[0];
context.requestMutualAuth(true);
context.requestCredDeleg(true);
return context.initSecContext(token, 0, token.length);
} catch (GSSException e) {
String msg = e.getMessage();
if (StringUtils.isBlank(msg)) {
msg = "Authentication failed.";
}
log.error(msg, e);
throw new AuthenticationException(msg, e);
}
}
});
}
示例11: getGSSCredential
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
private static GSSCredential getGSSCredential(final String userName) throws SaslException {
try {
Oid krb5Mechanism = new Oid(GSSAPI_OID);
GSSManager manager = GSSManager.getInstance();
GSSName name = manager.createName(userName, GSSName.NT_USER_NAME);
return manager.createCredential(name, GSSCredential.INDEFINITE_LIFETIME, krb5Mechanism, GSSCredential.INITIATE_ONLY);
} catch (GSSException e) {
throw new SaslException("Unable to create GSSAPI credential", e);
}
}
示例12: run
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
public AuthenticationMechanismOutcome run() throws GSSException {
NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY);
if (negContext == null) {
negContext = new NegotiationContext();
exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
// Also cache it on the connection for future calls.
exchange.getConnection().putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
}
GSSContext gssContext = negContext.getGssContext();
if (gssContext == null) {
GSSManager manager = GSSManager.getInstance();
gssContext = manager.createContext((GSSCredential) null);
negContext.setGssContext(gssContext);
}
byte[] respToken = gssContext.acceptSecContext(challenge.array(), challenge.arrayOffset(), challenge.limit());
negContext.setResponseToken(respToken);
if (negContext.isEstablished()) {
if (respToken != null) {
// There will be no further challenge but we do have a token so set it here.
exchange.getResponseHeaders().add(WWW_AUTHENTICATE,
NEGOTIATE_PREFIX + FlexBase64.encodeString(respToken, false));
}
IdentityManager identityManager = securityContext.getIdentityManager();
final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext()));
if (account != null) {
securityContext.authenticationComplete(account, name, false);
return AuthenticationMechanismOutcome.AUTHENTICATED;
} else {
return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
}
} else {
// This isn't a failure but as the context is not established another round trip with the client is needed.
return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
}
}
示例13: main
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
public static void main(String[] argv) throws Exception {
GSSManager man = GSSManager.getInstance();
String s = "[email protected]";
GSSName name = man.createName(s, GSSName.NT_USER_NAME);
byte[] exported = name.export();
// Offset of the length of the mech name. Length in big endian
int lenOffset = exported.length - s.length() - 4;
// Make it huge
exported[lenOffset] = 0x7f;
try {
man.createName(exported, GSSName.NT_EXPORT_NAME);
} catch (GSSException gsse) {
System.out.println(gsse);
}
}
示例14: main
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
public static void main(String[] argv) throws Exception {
try {
GSSManager manager = GSSManager.getInstance();
GSSName name = manager.createName("anonymous", GSSName.NT_ANONYMOUS);
boolean anonymous = name.isAnonymous();
if (anonymous == false) {
throw new RuntimeException("GSSName.isAnonymous() returns false for GSSName.NT_ANONYMOUS");
}
} catch (GSSException e) {
System.out.println("Not supported, ignored!");
}
}
示例15: check
import org.ietf.jgss.GSSManager; //导入方法依赖的package包/类
/**
* Checks the correct bound
* @param a get a creds for this principal, null for default one
* @param b expected name, null for still unbound, "NOCRED" for no creds
* @param objs princs, keys and keytabs in the subject
*/
private static void check(final String a, String b, Object... objs)
throws Exception {
Subject subj = new Subject();
for (Object obj: objs) {
if (obj instanceof KerberosPrincipal) {
subj.getPrincipals().add((KerberosPrincipal)obj);
} else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
subj.getPrivateCredentials().add(obj);
}
}
final GSSManager man = GSSManager.getInstance();
try {
String result = Subject.doAs(
subj, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws GSSException {
GSSCredential cred = man.createCredential(
a == null ? null : man.createName(r(a), null),
GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID,
GSSCredential.ACCEPT_ONLY);
GSSName name = cred.getName();
return name == null ? null : name.toString();
}
});
if (!Objects.equals(result, r(b))) {
throw new Exception("Check failed: getInstance(" + a
+ ") has name " + result + ", not " + b);
}
} catch (PrivilegedActionException e) {
if (!"NOCRED".equals(b)) {
throw new Exception("Check failed: getInstance(" + a
+ ") is null " + ", but not one with name " + b);
}
}
}