use of org.ietf.jgss.GSSManager in project mongo-java-driver by mongodb.
the class GSSAPIAuthenticator method getGSSCredential.
private GSSCredential getGSSCredential(final String userName) throws GSSException {
Oid krb5Mechanism = new Oid(GSSAPI_OID);
GSSManager manager = GSSManager.getInstance();
GSSName name = manager.createName(userName, GSSName.NT_USER_NAME);
return manager.createCredential(name, GSSCredential.INDEFINITE_LIFETIME, krb5Mechanism, GSSCredential.INITIATE_ONLY);
}
use of org.ietf.jgss.GSSManager in project orientdb by orientechnologies.
the class OKerberosCredentialInterceptor method getServiceTicket.
private String getServiceTicket(final Subject subject, final String principal, final String servicePrincipalName) {
try {
GSSManager manager = GSSManager.getInstance();
GSSName serviceName = manager.createName(servicePrincipalName, GSSName.NT_USER_NAME);
Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
// Initiator.
final GSSContext context = manager.createContext(serviceName, krb5Oid, null, GSSContext.DEFAULT_LIFETIME);
if (context != null) {
// http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
// When performing operations as a particular Subject, e.g. Subject.doAs(...) or Subject.doAsPrivileged(...),
// the to-be-used GSSCredential should be added to Subject's private credential set. Otherwise,
// the GSS operations will fail since no credential is found.
boolean useNativeJgss = Boolean.getBoolean("sun.security.jgss.native");
if (useNativeJgss) {
OLogManager.instance().info(this, "getServiceTicket() Using Native JGSS");
try {
GSSName clientName = manager.createName(principal, GSSName.NT_USER_NAME);
// null: indicates using the default principal.
GSSCredential cred = manager.createCredential(clientName, GSSContext.DEFAULT_LIFETIME, krb5Oid, GSSCredential.INITIATE_ONLY);
subject.getPrivateCredentials().add(cred);
} catch (GSSException gssEx) {
OLogManager.instance().error(this, "getServiceTicket() Use Native JGSS GSSException", gssEx);
}
}
// The GSS context initiation has to be performed as a privileged action.
byte[] serviceTicket = Subject.doAs(subject, new PrivilegedAction<byte[]>() {
public byte[] run() {
try {
byte[] token = new byte[0];
// This is a one pass context initialisation.
context.requestMutualAuth(false);
context.requestCredDeleg(false);
return context.initSecContext(token, 0, token.length);
} catch (Exception inner) {
OLogManager.instance().debug(this, "getServiceTicket() doAs() Exception", inner);
}
return null;
}
});
if (serviceTicket != null)
return OBase64Utils.encodeBytes(serviceTicket);
context.dispose();
} else {
OLogManager.instance().debug(this, "getServiceTicket() GSSContext is null!");
}
} catch (Exception ex) {
OLogManager.instance().error(this, "getServiceTicket() Exception", ex);
}
return null;
}
use of org.ietf.jgss.GSSManager in project jdk8u_jdk by JetBrains.
the class CtorTests2 method main.
/* standalone interface */
public static void main(String[] argv) throws Exception {
try {
GSSManager manager = GSSManager.getInstance();
GSSName name = manager.createName("anonymous", GSSName.NT_ANONYMOUS);
boolean anonymous = name.isAnonymous();
if (anonymous == false) {
throw new RuntimeException("GSSName.isAnonymous() returns false for GSSName.NT_ANONYMOUS");
}
} catch (GSSException e) {
System.out.println("Not supported, ignored!");
}
}
use of org.ietf.jgss.GSSManager in project jdk8u_jdk by JetBrains.
the class Context method impersonate.
public Context impersonate(final String someone) throws Exception {
try {
GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws Exception {
GSSManager m = GSSManager.getInstance();
GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
if (Context.this.cred == null) {
Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
}
return ((ExtendedGSSCredential) Context.this.cred).impersonate(other);
}
});
Context out = new Context();
out.s = s;
out.cred = creds;
out.name = name + " as " + out.cred.getName().toString();
return out;
} catch (PrivilegedActionException pae) {
Exception e = pae.getException();
if (e instanceof InvocationTargetException) {
throw (Exception) ((InvocationTargetException) e).getTargetException();
} else {
throw e;
}
}
}
use of org.ietf.jgss.GSSManager in project jdk8u_jdk by JetBrains.
the class CrossRealm method xRealmAuth.
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" + " com.sun.security.auth.module.Krb5LoginModule\n" + " required\n" + " principal=dummy\n" + " doNotPrompt=false\n" + " useTicketCache=false\n" + " ;\n" + "};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(m.createName("host@www.snake.hole", GSSName.NT_HOSTBASED_SERVICE), GSSUtil.GSS_KRB5_MECH_OID, null, GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
Aggregations