Examples of org.ietf.jgss.GSSName

• org.ietf.jgss.GSSName
  te a host based service name GSSName name = manager.createName("service@host", GSSName.NT_HOSTBASED_SERVICE); Oid krb5 = new Oid("1.2.840.113554.1.2.2"); GSSName mechName = name.canonicalize(krb5); // the above two steps are equivalent to the following GSSName mechName = manager.createName("service@host", GSSName.NT_HOSTBASED_SERVICE, krb5); // perform name comparison if (name.equals(mechName)) print("Names are equals."); // obtain textual representation of name and its printable // name type print(mechName.toString() + mechName.getStringNameType().toString()); // export and re-import the name byte [] exportName = mechName.export(); // create a new name object from the exported buffer GSSName newName = manager.createName(exportName, GSSName.NT_EXPORT_NAME); @see #export() @see #equals(GSSName) @see GSSManager#createName(String,Oid) @see GSSManager#createName(String,Oid,Oid) @see GSSManager#createName(byte[],Oid) @author Mayank Upadhyay @version 1.8, 11/17/05 @since 1.4

       * value will have to be acquired from the message
       * property of each token received.
       */
      doEncryption = gssContext.getConfState();
      doDelegation = gssContext.getCredDelegState();
      GSSName clientName = gssContext.getSrcName();
      clientPrincipal = new KerberosPrincipal(clientName.toString());
      if (gssContext.getCredDelegState())
    clientCred = gssContext.getDelegCred();
      clientSubject = GSSUtil.createSubject(clientName, clientCred);
      clientSubject.setReadOnly();

    {
  try {
      return (GSSCredential) Subject.doAs(
                subj, new PrivilegedExceptionAction() {
        public Object run() throws GSSException {
            GSSName name = manager.createName(principal.getName(),
                krb5NameType);
      return manager.createCredential(
                name, GSSCredential.INDEFINITE_LIFETIME,
          krb5MechOid, usage);
        }

    public byte[] run() {
        try {
            GSSManager gssManager = GSSManager.getInstance();
            Oid oid = new Oid("1.3.6.1.5.5.2");

            GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
            secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);

            secContext.requestMutualAuth(mutualAuth);
            secContext.requestCredDeleg(Boolean.FALSE);

    public byte[] run() {
        try {
            GSSManager gssManager = GSSManager.getInstance();
            Oid oid = new Oid("1.3.6.1.5.5.2");

            GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
            secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);

            return secContext.acceptSecContext(ticket, 0, ticket.length);
        } catch (GSSException e) {
            if (log.isDebugEnabled()) {

    public KerberosContext run() throws GSSException, WSSecurityException {
        GSSManager gssManager = GSSManager.getInstance();

        Oid kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
        GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
        GSSCredential credentials =
            gssManager.createCredential(
                gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
            );

        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
        GSSContext secContext =
            gssManager.createContext(
                gssService, kerberos5Oid, credentials, GSSContext.DEFAULT_LIFETIME
            );

    public KerberosServiceContext run() throws GSSException, WSSecurityException {

        GSSManager gssManager = GSSManager.getInstance();

        Oid kerberos5Oid = new Oid(JGSS_KERBEROS_TICKET_OID);
        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
        GSSCredential credentials =
            gssManager.createCredential(
                gssService, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.ACCEPT_ONLY
            );

        KerberosServiceContext krbServiceCtx = null;
        GSSContext secContext = null;

        try{
            secContext = gssManager.createContext(credentials);
            secContext.acceptSecContext(ticket, 0, ticket.length);

            krbServiceCtx = new KerberosServiceContext();

            GSSName clientName = secContext.getSrcName();
            krbServiceCtx.setPrincipal(new KerberosPrincipal(clientName.toString()));

            if (!isJava5Or6 && (isOracleJavaVendor || isIBMJavaVendor)) {
                try {
                    @SuppressWarnings("rawtypes")
                    Class inquireType = Class.forName(isOracleJavaVendor ? SUN_JGSS_INQUIRE_TYPE_CLASS : IBM_JGSS_INQUIRE_TYPE_CLASS);

          GSSContext gssContext = null;
          try {
            GSSManager gssManager = GSSManager.getInstance();
            String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
            Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
            GSSName serviceName = gssManager.createName(servicePrincipal,
                                                        oid);
            oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
            gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
            gssContext.requestCredDeleg(true);

     * {@inheritDoc}
     */
    @Override
    public Principal authenticate(GSSContext gssContext, boolean storeCred) {
        if (gssContext.isEstablished()) {
            GSSName gssName = null;
            try {
                gssName = gssContext.getSrcName();
            } catch (GSSException e) {
                log.warn(sm.getString("realmBase.gssNameFail"), e);
            }

            if (gssName!= null) {
                String name = gssName.toString();

                if (isStripRealmForGss()) {
                    int i = name.indexOf('@');
                    if (i > 0) {
                        // Zero so we don;t leave a zero length name

        } else if (method == SocksProxyConstants.GSSAPI_AUTH) {
            GSSContext ctx = (GSSContext) getSession()
                    .getAttribute(GSS_CONTEXT);
            if (ctx == null) {
                GSSManager manager = GSSManager.getInstance();
                GSSName serverName = manager.createName(request
                        .getServiceKerberosName(), null);
                Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID);

                if (logger.isDebugEnabled()) {
                    logger.debug("Available mechs:");

                            String spn,
                            Oid oid,
                            Message message) throws GSSException,
        LoginException {
        GSSManager manager = GSSManager.getInstance();
        GSSName serverName = manager.createName(spn, null);

        GSSCredential delegatedCred =
            (GSSCredential)message.getContextualProperty(GSSCredential.class.getName());

        GSSContext context = manager
                .createContext(serverName.canonicalize(oid), oid, delegatedCred, GSSContext.DEFAULT_LIFETIME);

        context.requestCredDeleg(isCredDelegationRequired(message));

        // If the delegated cred is not null then we only need the context to
        // immediately return a ticket based on this credential without attempting