Examples of net.jini.jeri.kerberos.KerberosEndpoint

• net.jini.jeri.kerberos.KerberosEndpoint
  etf.org/rfc/rfc1964.txt">RFC 1964, over socket connections between client and server endpoints.

  Note that, because Kerberos inherently requires client authentication, this transport provider does not support distributed garbage collection (DGC); if DGC is enabled using {@link net.jini.jeri.BasicJeriExporter}, all DGC remote calls through this provider will silently fail. @com.sun.jini.impl This Kerberos provider implementation uses the Java(TM) GSS-API to provide the underlying Kerberos network authentication protocol support.

  The implementation does not automatically renew any renewable TGTs in the Subject corresponding to any outbound request. The assumption is that an endpoint of this provider should merely be a consumer of the principals and credentials of the Subject, and never change its content. But if new TGTs are added into the Subject or old TGTs in the Subject are renewed by means outside this provider, the endpoint will pick up and use these new TGTs for new requests after the old ones have expired.

  This class uses the following {@link Logger} to log information atthe following logging levels:

  net.jini.jeri.kerberos.client

  Level	Description
  {@link java.util.logging.Level#WARNING WARNING}	failure to register with discovery provider
  {@link com.sun.jini.logging.Levels#FAILED FAILED}	problem to support constraint requirements, connect to server through socket, establish {@link org.ietf.jgss.GSSContext} to server over establishedconnections, or wrap/unwrap GSS tokens
  {@link com.sun.jini.logging.Levels#HANDLED HANDLED}	exceptions caught attempting to set TCP no delay or keep alive properties on sockets, connect a socket, or reuse a connection
  {@link java.util.logging.Level#FINE FINE}	endpoint creation, {@link net.jini.jeri.Endpoint#newRequest newRequest}invocation, request handle creation, connection configuration decesions, socket creation, connection open/close, connection reuse decesions, GSSContext establishment
  {@link java.util.logging.Level#FINEST FINEST}	data message encoding/decoding using GSSContext

  Instances of this class recognize the following system properties:

  • com.sun.jini.jeri.kerberos.KerberosEndpoint.minGssContextLifetime - Minimum number of seconds of remaining lifetime a {@link GSSContext} of an existing connection has to have before it canbe considered as a candidate connection to be chosen for a new request. The default is 30.
  • com.sun.jini.jeri.kerberos.KerberosEndpoint.maxGssContextRetries - RFC 1510 specifies that if a KDC or server receives two authenticators with the same client and server pair and timestamps of the same microsecond, the second will be considered a replay and will be rejected. This means if multiple session ticket requests of the same client and server principal pair and microsecond timestamps are received at a KDC, only the first one will succeed, and the rest will be considered replays and will be rejected by the KDC. For this reason, the Kerberos provider catches the "replay" exception and retries the corresponding GSSContext initialization handshake. This system property controls the maximum number of retries a KerberosEndpoint will conduct. The default is 3.

  @author Sun Microsystems, Inc. @see KerberosServerEndpoint @see KerberosTrustVerifier @since 2.0

        //Obtain an instance of KerberosTrustVerifier
        KerberosTrustVerifier verifier = new KerberosTrustVerifier();
        //Verify that instances of KerberosEndpoint with no socket
        //factory are trusted.
        int port = Integer.parseInt(getStringValue("listenPort"));
        KerberosEndpoint endpoint = KerberosEndpoint.getInstance(
            InetAddress.getLocalHost().getHostAddress(), port,
            new KerberosPrincipal("test@test"));
        TestTrustVerifierCtxSSL ctx = new TestTrustVerifierCtxSSL();
        if (!verifier.isTrustedObject(endpoint,ctx)){
            throw new TestException("KerberosEndpoint instance"

     * @return The test result
     */
    private void runTest(Subject subject) throws Exception {
        KerberosPrincipal principal = (KerberosPrincipal)subject
            .getPrincipals().iterator().next();
        KerberosEndpoint endpoint = KerberosEndpoint.getInstance(host,port,
            principal);
        log.finest("Obtained endpoint instance " + endpoint);
        //Verify the host and port parameters match values used at creation
        int portVal = endpoint.getPort();
        if (portVal!=port) {
            throw new TestException("The state of the instance"
                + " does not match the state passed in at creation time."
                + " The port values are different : " + port + " " +
                portVal);
        }
        String hostVal = endpoint.getHost();
        if (hostVal.compareTo(host)!=0) {
            throw new TestException("The state of the instance"
                + " does not match the state passed in at creation time."
                + " The host values are different : " + host + " " +
                hostVal);
        }
        SocketFactory sfVal = endpoint.getSocketFactory();
        if (sfVal!=null) {
            throw new TestException("The state of the instance"
                + " does not match the state passed in at creation time."
                + " The socket factory values are different : " + sf
                + " " + sfVal);
        }
        // Call getInstance passing in a host, port and socket factory.
        endpoint = KerberosEndpoint.getInstance(host,port,principal,sf);
        //verify that the socket factory passed in is maintained
        sfVal = endpoint.getSocketFactory();
        if (sfVal!=sf) {
            throw new TestException("The state of the instance"
                + " does not match the state passed in at creation time."
                + " The socket factory values are different : " + sf
                + " " + sfVal);

    private void runTest(Subject subject) throws Exception {
        KerberosPrincipal principal = (KerberosPrincipal)subject
            .getPrincipals().iterator().next();
        //Create an endpoint instance passing in a host and port.
        KerberosEndpoint kEndpoint = KerberosEndpoint
            .getInstance(host,port,principal);
        if (!(kEndpoint instanceof TrustEquivalence)) {
            throw new TestException(
                kEndpoint + " does not implement TrustEquivalence");
        }
        TrustEquivalence endpoint1 = (TrustEquivalence) kEndpoint;
        //Create a second endpoint instance passing in the same host and
        //port.
        KerberosEndpoint kEndpoint2 = KerberosEndpoint
            .getInstance(host,port,principal);
        if (!(kEndpoint2 instanceof TrustEquivalence)) {
            throw new TestException(
                kEndpoint2 + " does not implement TrustEquivalence");
        }
        TrustEquivalence endpoint2 = (TrustEquivalence) kEndpoint2;
        //Verify TrustEquivalence
        if (!endpoint1.checkTrustEquivalence(endpoint2) ||
            !endpoint2.checkTrustEquivalence(endpoint1)) {
            throw new TestException("TrustEquivalence not"
                + " established on equivalent endpoints.");
        }
        //Create an endpoint instance with the same host and a
        //different port
        KerberosEndpoint kEndpoint3 = KerberosEndpoint
            .getInstance(host,port2,principal);
        if (!(kEndpoint3 instanceof TrustEquivalence)) {
            throw new TestException(
                kEndpoint3 + " does not implement TrustEquivalence");
        }
        TrustEquivalence endpoint3 = (TrustEquivalence) kEndpoint3;
        //Verify TrustEquivalence
        if (endpoint1.checkTrustEquivalence(endpoint3) ||
            endpoint3.checkTrustEquivalence(endpoint1)) {
            throw new TestException("TrustEquivalence"
                + " established on non-equivalent endpoints.");
        }
        //Create an endpoint instance with the same port and a
        //different host
        KerberosEndpoint kEndpoint4 = KerberosEndpoint
            .getInstance(host2,port,principal);
        if (!(kEndpoint4 instanceof TrustEquivalence)) {
            throw new TestException(
                kEndpoint4 + " does not implement TrustEquivalence");
        }