Examples of org.ietf.jgss.GSSContext

org.ietf.jgss.GSSContext
te a context using default credentials // and the implementation specific default mechanism GSSManager manager ... GSSName targetName ... GSSContext context = manager.createContext(targetName, null, null, GSSContext.INDEFINITE_LIFETIME); // set desired context options prior to context establishment context.requestConf(true); context.requestMutualAuth(true); context.requestReplayDet(true); context.requestSequenceDet(true); // establish a context between peers byte []inToken = new byte[0]; // Loop while there still is a token to be processed while (!context.isEstablished()) { byte[] outToken = context.initSecContext(inToken, 0, inToken.length); // send the output token if generated if (outToken != null) sendToken(outToken); if (!context.isEstablished()) { inToken = readToken(); } // display context information System.out.println("Remaining lifetime in seconds = " + context.getLifetime()); System.out.println("Context mechanism = " + context.getMech()); System.out.println("Initiator = " + context.getSrcName()); System.out.println("Acceptor = " + context.getTargName()); if (context.getConfState()) System.out.println("Confidentiality (i.e., privacy) is available"); if (context.getIntegState()) System.out.println("Integrity is available"); // perform wrap on an application supplied message, appMsg, // using QOP = 0, and requesting privacy service byte [] appMsg ... MessageProp mProp = new MessageProp(0, true); byte []tok = context.wrap(appMsg, 0, appMsg.length, mProp); sendToken(tok); // release the local-end of the context context.dispose(); @author Mayank Upadhyay @version 1.10, 11/17/05 @since 1.4

        if (token == null) {
            token = new byte[0];
        }
        GSSManager manager = getManager();
        GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
        GSSContext gssContext = manager.createContext(
                serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(token, 0, token.length);
    }

View Full Code Here

        GSSName serverName = manager.createName(spn, null);


        GSSCredential delegatedCred = 
            (GSSCredential)message.getContextualProperty(GSSCredential.class.getName());
        
        GSSContext context = manager
                .createContext(serverName.canonicalize(oid), oid, delegatedCred, GSSContext.DEFAULT_LIFETIME);
        
        context.requestCredDeleg(isCredDelegationRequired(message));


        // If the delegated cred is not null then we only need the context to
        // immediately return a ticket based on this credential without attempting
        // to log on again 
        return getToken(delegatedCred == null ? authPolicy : null,

View Full Code Here

        byte[] serviceTicket = getServiceTicket(authPair[1]);
        
        try {
            Subject serviceSubject = loginAndGetSubject();
            
            GSSContext gssContext = createGSSContext();


            Subject.doAs(serviceSubject, new ValidateServiceTicketAction(gssContext, serviceTicket));
            
            GSSName srcName = gssContext.getSrcName();
            if (srcName == null) {
                throw new WebApplicationException(getFaultResponse());
            }
            
            String complexUserName = srcName.toString();
            
            String simpleUserName = complexUserName;
            int index = simpleUserName.lastIndexOf('@');
            if (index > 0) {
                simpleUserName = simpleUserName.substring(0, index);
            }
            if (!gssContext.getCredDelegState()) {
                gssContext.dispose();
                gssContext = null;
            }


            m.put(SecurityContext.class, 
                new KerberosSecurityContext(new KerberosPrincipal(simpleUserName,

View Full Code Here

            gssCredential = ((KerberosCredentials) credentials).getGSSCredential();
        } else {
            gssCredential = null;
        }


        final GSSContext gssContext = manager.createContext(
                serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME);
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
    }

View Full Code Here

            GSSCredential credentials = 
                gssManager.createCredential(
                    gssService, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.ACCEPT_ONLY
                );
            
            GSSContext secContext =
                gssManager.createContext(credentials);
            secContext.acceptSecContext(ticket, 0, ticket.length);
 
            GSSName clientName = secContext.getSrcName();
            secContext.dispose();
            return new KerberosPrincipal(clientName.toString());
        } catch (GSSException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error in validating a Kerberos token", e);
            }

View Full Code Here

        if (token == null) {
            token = new byte[0];
        }
        GSSManager manager = getManager();
        GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
        GSSContext gssContext = manager.createContext(
                serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(token, 0, token.length);
    }

View Full Code Here

        token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<AuthenticationToken>() {


          @Override
          public AuthenticationToken run() throws Exception {
            AuthenticationToken token = null;
            GSSContext gssContext = null;
            try {
              gssContext = gssManager.createContext((GSSCredential) null);
              byte[] serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length);
              if (serverToken != null && serverToken.length > 0) {
                String authenticate = base64.encodeToString(serverToken);
                response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE,
                                   KerberosAuthenticator.NEGOTIATE + " " + authenticate);
              }
              if (!gssContext.isEstablished()) {
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                LOG.trace("SPNEGO in progress");
              } else {
                String clientPrincipal = gssContext.getSrcName().toString();
                KerberosName kerberosName = new KerberosName(clientPrincipal);
                String userName = kerberosName.getShortName();
                token = new AuthenticationToken(userName, clientPrincipal, getType());
                response.setStatus(HttpServletResponse.SC_OK);
                LOG.trace("SPNEGO completed for principal [{}]", clientPrincipal);
              }
            } finally {
              if (gssContext != null) {
                gssContext.dispose();
              }
            }
            return token;
          }
        });

View Full Code Here

        try
        {
            Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
            GSSName gssName = manager.createName(_targetName,null);
            GSSCredential serverCreds = manager.createCredential(gssName,GSSCredential.INDEFINITE_LIFETIME,krb5Oid,GSSCredential.ACCEPT_ONLY);
            GSSContext gContext = manager.createContext(serverCreds);


            if (gContext == null)
            {
                LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
            }
            else
            {
                while (!gContext.isEstablished())
                {
                    authToken = gContext.acceptSecContext(authToken,0,authToken.length);
                }
                if (gContext.isEstablished())
                {
                    String clientName = gContext.getSrcName().toString();
                    String role = clientName.substring(clientName.indexOf('@') + 1);
                    
                    LOG.debug("SpnegoUserRealm: established a security context");
                    LOG.debug("Client Principal is: " + gContext.getSrcName());
                    LOG.debug("Server Principal is: " + gContext.getTargName());
                    LOG.debug("Client Default Role: " + role);


                    SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName,authToken);


                    Subject subject = new Subject();

View Full Code Here

        public KerberosValidateAction(byte[] kerberosTicket) {
            this.kerberosTicket = kerberosTicket;
        }


        public String run() throws Exception {
            GSSContext context = GSSManager.getInstance().createContext((GSSCredential) null);
            context.acceptSecContext(kerberosTicket, 0, kerberosTicket.length);
            String user = context.getSrcName().toString();
            context.dispose();
            return user;
        }

View Full Code Here

  public void testRequestWithAuthorization() throws Exception {
    String token = KerberosTestUtils.doAsClient(new Callable<String>() {
      @Override
      public String call() throws Exception {
        GSSManager gssManager = GSSManager.getInstance();
        GSSContext gssContext = null;
        try {
          String servicePrincipal = KerberosTestUtils.getServerPrincipal();
          Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
          GSSName serviceName = gssManager.createName(servicePrincipal,
              oid);
          oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
          gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
          gssContext.requestCredDeleg(true);
          gssContext.requestMutualAuth(true);


          byte[] inToken = new byte[0];
          byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
          Base64 base64 = new Base64(0);
          return base64.encodeToString(outToken);


        } finally {
          if (gssContext != null) {
            gssContext.dispose();
          }
        }
      }
    });

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.ietf.jgss.GSSContext

au.net.ocean.httpclient.auth.spnego.SPNegoAuthScheme

au.net.ocean.httpclient.auth.spnego.SPNegoHTTPClient

com.feth.play.module.pa.providers.wwwauth.negotiate.SpnegoAuthProvider

com.sun.xml.ws.security.impl.kerberos.KerberosLogin

com.sun.xml.ws.security.impl.kerberos.KerberosLogin$KerberosClientSetupAction

com.sun.xml.ws.security.impl.kerberos.KerberosLogin$KerberosServerSetupAction

com.xebialabs.overthere.cifs.winrm.WsmanKerberosScheme

com.xebialabs.overthere.cifs.winrm.WsmanSPNegoScheme

io.undertow.security.impl.GSSAPIAuthenticationMechanism$AcceptSecurityContext

io.undertow.server.security.SpnegoAuthenticationTestCase

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.