Examples of org.ietf.jgss.GSSManager

org.ietf.jgss.GSSManager
tify who the client wishes to be GSSName userName = manager.createName("duke", GSSName.NT_USER_NAME); // Identify the name of the server. This uses a Kerberos specific // name format. GSSName serverName = manager.createName("nfs/foo.sun.com", krb5PrincipalNameType); // Acquire credentials for the user GSSCredential userCreds = manager.createCredential(userName, GSSCredential.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.INITIATE_ONLY); // Instantiate and initialize a security context that will be // established with the server GSSContext context = manager.createContext(serverName, krb5Mechanism, userCreds, GSSContext.DEFAULT_LIFETIME);
The server side might use the following variation of this source:
```
 // Acquire credentials for the server GSSCredential serverCreds = manager.createCredential(serverName,  GSSCredential.DEFAULT_LIFETIME,  krb5Mechanism,  GSSCredential.ACCEPT_ONLY);  // Instantiate and initialize a security context that will // wait for an establishment request token from the client GSSContext context = manager.createContext(serverCreds); 
```
@author Mayank Upadhyay @version 1.10, 11/17/05 @see GSSName @see GSSCredential @see GSSContext @since 1.4

    /* (non-Javadoc)
     * @see java.security.PrivilegedExceptionAction#run()
     */
    public KerberosServiceContext run() throws GSSException, WSSecurityException {


        GSSManager gssManager = GSSManager.getInstance();


        Oid kerberos5Oid = new Oid(JGSS_KERBEROS_TICKET_OID);
        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
        GSSCredential credentials = 
            gssManager.createCredential(
                gssService, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.ACCEPT_ONLY
            );


        KerberosServiceContext krbServiceCtx = null;
        GSSContext secContext = null;


        try{
            secContext = gssManager.createContext(credentials);
            secContext.acceptSecContext(ticket, 0, ticket.length);


            krbServiceCtx = new KerberosServiceContext();            


            GSSName clientName = secContext.getSrcName();

View Full Code Here

                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                return false;
            }
            // Assume the GSSContext is stateless
            // TODO: Confirm this assumption
            final GSSManager manager = GSSManager.getInstance();
            final PrivilegedExceptionAction<GSSCredential> action =
                new PrivilegedExceptionAction<GSSCredential>() {
                    @Override
                    public GSSCredential run() throws GSSException {
                        return manager.createCredential(null,
                                GSSCredential.DEFAULT_LIFETIME,
                                new Oid("1.3.6.1.5.5.2"),
                                GSSCredential.ACCEPT_ONLY);
                    }
                };
            gssContext = manager.createContext(Subject.doAs(lc.getSubject(), action));


            outToken = gssContext.acceptSecContext(decoded, 0, decoded.length);


            if (outToken == null) {
                if (log.isDebugEnabled()) {

View Full Code Here


        @Override
        public Void run() throws Exception {
          GSSContext gssContext = null;
          try {
            GSSManager gssManager = GSSManager.getInstance();
            String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
            Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
            GSSName serviceName = gssManager.createName(servicePrincipal,
                                                        oid);
            oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
            gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
            gssContext.requestCredDeleg(true);
            gssContext.requestMutualAuth(true);


            byte[] inToken = new byte[0];

View Full Code Here

      this.connected = true;
    }


    this.port = (url.getPort() == -1) ? PORT : url.getPort();


    GSSManager manager = ExtendedGSSManager.getInstance();


    ExtendedGSSContext context = null;


    try {
      context = 
        (ExtendedGSSContext)manager.createContext(getExpectedName(),
            GSSConstants.MECH_OID,
            this.credentials,
            GSSContext.DEFAULT_LIFETIME);


      switch (this.delegationType) {

View Full Code Here

     * @throws GSSException
     */
    private static void doHandShake(int localPort) throws IOException,
            GSSException {
        ServerSocket ss = new ServerSocket(localPort);
        GSSManager manager = GSSManager.getInstance();


        /*
         * Create a GSSContext to receive the incoming request from the client. 
         * Use null for the server credentials passed in to tell the underlying 
         * mechanism to use whatever credentials it has available that can be 
         * used to accept this connection.
         */
        GSSCredential serverCreds = manager.createCredential(manager
                .createName(SERVICE_NAME, null),
                GSSCredential.DEFAULT_LIFETIME, new Oid(
                        SocksProxyConstants.KERBEROS_V5_OID),
                GSSCredential.ACCEPT_ONLY);


        while (true) {
            logger.debug("Waiting for incoming connection on port {} ...",
                    localPort);
            GSSContext context = manager.createContext(serverCreds);
            Socket socket = ss.accept();


            try {
                DataInputStream inStream = new DataInputStream(socket
                        .getInputStream());

View Full Code Here


        } else if (method == SocksProxyConstants.GSSAPI_AUTH) {
            GSSContext ctx = (GSSContext) getSession()
                    .getAttribute(GSS_CONTEXT);
            if (ctx == null) {
                GSSManager manager = GSSManager.getInstance();
                GSSName serverName = manager.createName(request
                        .getServiceKerberosName(), null);
                Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID);


                if (logger.isDebugEnabled()) {
                    logger.debug("Available mechs:");
                    for (Oid o : manager.getMechs()) {
                        if (o.equals(krb5OID)) {
                            logger.debug("Found Kerberos V OID available");
                        }
                        logger.debug("{} with oid = {}", manager
                                .getNamesForMech(o), o);
                    }
                }


                ctx = manager.createContext(serverName, krb5OID, null,
                        GSSContext.DEFAULT_LIFETIME);


                ctx.requestMutualAuth(true); // Mutual authentication
                ctx.requestConf(false);
                ctx.requestInteg(false);

View Full Code Here

    private byte[] getToken(AuthorizationPolicy authPolicy, 
                            String spn, 
                            Oid oid,
                            Message message) throws GSSException, 
        LoginException {
        GSSManager manager = GSSManager.getInstance();
        GSSName serverName = manager.createName(spn, null);


        GSSCredential delegatedCred = 
            (GSSCredential)message.getContextualProperty(GSSCredential.class.getName());
        
        GSSContext context = manager
                .createContext(serverName.canonicalize(oid), oid, delegatedCred, GSSContext.DEFAULT_LIFETIME);
        
        context.requestCredDeleg(isCredDelegationRequired(message));


        // If the delegated cred is not null then we only need the context to

View Full Code Here

     * @throws GSSException
     * @throws LoginException
     */
    private byte[] getToken(AuthorizationPolicy authPolicy, String spn, Oid oid) throws GSSException, 
        LoginException {
        GSSManager manager = GSSManager.getInstance();
        GSSName serverName = manager.createName(spn, null);


        GSSContext context = manager
                .createContext(serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
        // TODO Do we need mutual auth. Will the code we have really work with
        // mutual auth?
        context.requestMutualAuth(true);
        // TODO Credential delegation could be a security hole if it was not

View Full Code Here

        this.serviceName = serviceName;
        this.isUsernameServiceNameForm = isUsernameServiceNameForm;
    }


    public KerberosContext run() throws GSSException, WSSecurityException {
        GSSManager gssManager = GSSManager.getInstance();


        Oid kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
        GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
        GSSCredential credentials = 
            gssManager.createCredential(
                gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
            );


        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
        GSSContext secContext =
            gssManager.createContext(
                gssService, kerberos5Oid, credentials, GSSContext.DEFAULT_LIFETIME
            );


        secContext.requestMutualAuth(false);

View Full Code Here

    /* (non-Javadoc)
     * @see java.security.PrivilegedExceptionAction#run()
     */
    public KerberosServiceContext run() throws GSSException, WSSecurityException{


        GSSManager gssManager = GSSManager.getInstance();


        Oid kerberos5Oid = new Oid(JGSS_KERBEROS_TICKET_OID);
        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
        GSSCredential credentials = 
            gssManager.createCredential(
                gssService, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.ACCEPT_ONLY
            );


        KerberosServiceContext krbServiceCtx = null;
        GSSContext secContext = null;


        try{
            secContext = gssManager.createContext(credentials);
            secContext.acceptSecContext(ticket, 0, ticket.length);


            krbServiceCtx = new KerberosServiceContext();            


            GSSName clientName = secContext.getSrcName();

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.ietf.jgss.GSSManager

au.net.ocean.httpclient.auth.spnego.SPNegoCredentials$CreateGSSContextAction

au.net.ocean.security.auth.gss.AbstractGSSCredentials$CreateGSSContextAction

com.feth.play.module.pa.providers.wwwauth.negotiate.SpnegoAuthProvider

com.jcraft.jsch.jgss.GSSContextKrb5

com.massivecraft.mcore.xlib.mongodb.DBPort$GSSAPIAuthenticator

com.mongodb.DBPort$GSSAPIAuthenticator

com.ning.http.client.providers.netty.spnego.SpnegoEngine

com.sun.xml.ws.security.impl.kerberos.KerberosLogin$KerberosClientSetupAction

com.sun.xml.ws.security.impl.kerberos.KerberosLogin$KerberosServerSetupAction

com.xebialabs.overthere.cifs.winrm.WsmanKerberosScheme

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.