Examples of org.ietf.jgss.GSSManager

org.ietf.jgss.GSSManager
tify who the client wishes to be GSSName userName = manager.createName("duke", GSSName.NT_USER_NAME); // Identify the name of the server. This uses a Kerberos specific // name format. GSSName serverName = manager.createName("nfs/foo.sun.com", krb5PrincipalNameType); // Acquire credentials for the user GSSCredential userCreds = manager.createCredential(userName, GSSCredential.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.INITIATE_ONLY); // Instantiate and initialize a security context that will be // established with the server GSSContext context = manager.createContext(serverName, krb5Mechanism, userCreds, GSSContext.DEFAULT_LIFETIME);
The server side might use the following variation of this source:
```
 // Acquire credentials for the server GSSCredential serverCreds = manager.createCredential(serverName,  GSSCredential.DEFAULT_LIFETIME,  krb5Mechanism,  GSSCredential.ACCEPT_ONLY);  // Instantiate and initialize a security context that will // wait for an establishment request token from the client GSSContext context = manager.createContext(serverCreds); 
```
@author Mayank Upadhyay @version 1.10, 11/17/05 @see GSSName @see GSSCredential @see GSSContext @since 1.4

        this.serviceName = serviceName;
    }


    public byte[] run() {
        try {
            GSSManager gssManager = GSSManager.getInstance();
        
            Oid kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
            GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
            GSSCredential credentials = 
                gssManager.createCredential(
                    gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
                );
            
            GSSName gssService = gssManager.createName(serviceName, GSSName.NT_HOSTBASED_SERVICE);
            GSSContext secContext =
                gssManager.createContext(
                    gssService, kerberos5Oid, credentials, GSSContext.DEFAULT_LIFETIME
                );
 
            secContext.requestMutualAuth(false);
            byte[] token = new byte[0];

View Full Code Here

        
        if (!auth.validateInitialUser(sess, user)) {
          return Boolean.FALSE;
        }


        GSSManager    mgr   = auth.getGSSManager();
        GSSCredential creds = auth.getGSSCredential(mgr);
        
        if (creds == null) {
          return Boolean.FALSE;
        }


        ctxt = mgr.createContext(creds);
        
        // Send the matching mechanism back to the client


        Buffer  b   = sess.createBuffer(SshConstants.Message.SSH_MSG_USERAUTH_INFO_REQUEST, 0);
        byte [] out = oid.getDER();

View Full Code Here


        @Override
        public Void run() throws Exception {
          GSSContext gssContext = null;
          try {
            GSSManager gssManager = GSSManager.getInstance();
            String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
                KerberosAuthenticator.this.url.getHost());
            Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
            GSSName serviceName = gssManager.createName(servicePrincipal,
                                                        oid);
            oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
            gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
            gssContext.requestCredDeleg(true);
            gssContext.requestMutualAuth(true);


            byte[] inToken = new byte[0];

View Full Code Here

        /** Try SPNEGO by default, fall back to Kerberos later if error */
        negotiationOid  = new Oid(SPNEGO_OID);
        
        boolean tryKerberos = false;
        try{
            GSSManager manager = GSSManager.getInstance();
            GSSName serverName = manager.createName("HTTP/"+server, null); 
            context = manager.createContext(
                    serverName.canonicalize(negotiationOid), negotiationOid, null,
                    GSSContext.DEFAULT_LIFETIME);
            context.requestMutualAuth(true); 
            context.requestCredDeleg(true);
        } catch (GSSException ex){
            // BAD MECH means we are likely to be using 1.5, fall back to Kerberos MECH.
            // Rethrow any other exception.
            if (ex.getMajor() == GSSException.BAD_MECH ){
                log.debug("GSSException BAD_MECH, retry with Kerberos MECH");
                tryKerberos = true;
            } else {
                throw ex;
            }
            
        }
        if (tryKerberos){
            /* Kerberos v5 GSS-API mechanism defined in RFC 1964.*/
            log.debug("Using Kerberos MECH " + KERBEROS_OID);
            negotiationOid  = new Oid(KERBEROS_OID);
            GSSManager manager = GSSManager.getInstance();
            GSSName serverName = manager.createName("HTTP/"+server, null); 
            context = manager.createContext(
                    serverName.canonicalize(negotiationOid), negotiationOid, null,
                    GSSContext.DEFAULT_LIFETIME);
            context.requestMutualAuth(true); 
            context.requestCredDeleg(true);
        }

View Full Code Here

     * @throws GSSException
     * @throws LoginException
     */
    private byte[] getToken(AuthorizationPolicy proxyAuthPolicy, String spn) throws GSSException, 
        LoginException {
        GSSManager manager = GSSManager.getInstance();
        GSSName serverName = manager.createName(spn, null);


        // TODO Is it correct to use kerberos oid instead of spnego here?
        Oid oid = new Oid(KERBEROS_OID);
        
        GSSContext context = manager
                .createContext(serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
        // TODO Do we need mutual auth. Will the code we have really work with
        // mutual auth?
        context.requestMutualAuth(true);
        // TODO Credential delegation could be a security hole if it was not

View Full Code Here

            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("init " + authServer);
            }
            final Oid negotiationOid = new Oid(SPNEGO_OID);


            final GSSManager manager = GSSManager.getInstance();
            final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
            final GSSContext gssContext = manager.createContext(serverName.canonicalize(negotiationOid), negotiationOid, null,
                    DEFAULT_LIFETIME);
            gssContext.requestMutualAuth(true);
            gssContext.requestCredDeleg(true);


            if (token == null) {

View Full Code Here

     * @author Josef Cacek
     */
    private class ServerAction implements PrivilegedAction<String> {


        public String run() {
            final GSSManager gssManager = GSSManager.getInstance();
            try {
                final ServerSocket serverSocket = new ServerSocket(GSSTestConstants.PORT);
                LOGGER.info("Server started on port " + GSSTestConstants.PORT);
                int command = GSSTestConstants.CMD_NOOP;


                serverStarted = true;


                do {
                    Socket socket = null;
                    GSSContext gssContext = null;
                    try {
                        LOGGER.debug("Waiting for client connection");
                        socket = serverSocket.accept();
                        LOGGER.debug("Client connected");
                        gssContext = gssManager.createContext((GSSCredential) null);
                        final DataInputStream dataInputStream = new DataInputStream(socket.getInputStream());
                        final DataOutputStream dataOutputStream = new DataOutputStream(socket.getOutputStream());


                        command = dataInputStream.readInt();
                        LOGGER.debug("Command code: " + command);

View Full Code Here

            DataInputStream dis = new DataInputStream(socket.getInputStream());
            LOGGER.debug("Sending NAME command.");
            dos.writeInt(GSSTestConstants.CMD_NAME);
            dos.flush();


            GSSManager manager = GSSManager.getInstance();
            gssContext = manager.createContext(manager.createName(spn, null), Constants.KERBEROS_V5, gssCredential,
                    GSSContext.DEFAULT_LIFETIME);


            //            gssContext.requestCredDeleg(true);
            gssContext.requestMutualAuth(true);
            gssContext.requestConf(true);

View Full Code Here

                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                return false;
            }
            // Assume the GSSContext is stateless
            // TODO: Confirm this assumption
            GSSManager manager = GSSManager.getInstance();
            gssContext = manager.createContext(manager.createCredential(null,
                    GSSCredential.DEFAULT_LIFETIME,
                    new Oid("1.3.6.1.5.5.2"),
                    GSSCredential.ACCEPT_ONLY));


            outToken = gssContext.acceptSecContext(decoded.getBytes(),

View Full Code Here


    private String getKerberosUser()
    {
        LOGGER.debug("Obtaining userID from kerberos");
        String service = _conSettings.getSaslProtocol() + "@" + _conSettings.getSaslServerName();
        GSSManager manager = GSSManager.getInstance();


        try
        {
            GSSName acceptorName = manager.createName(service,
                GSSName.NT_HOSTBASED_SERVICE, KRB5_OID);


            GSSContext secCtx = manager.createContext(acceptorName,
                                                      KRB5_OID,
                                                      null,
                                                      GSSContext.INDEFINITE_LIFETIME);


            secCtx.initSecContext(new byte[0], 0, 1);

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.ietf.jgss.GSSManager

au.net.ocean.httpclient.auth.spnego.SPNegoCredentials$CreateGSSContextAction

au.net.ocean.security.auth.gss.AbstractGSSCredentials$CreateGSSContextAction

com.feth.play.module.pa.providers.wwwauth.negotiate.SpnegoAuthProvider

com.jcraft.jsch.jgss.GSSContextKrb5

com.massivecraft.mcore.xlib.mongodb.DBPort$GSSAPIAuthenticator

com.mongodb.DBPort$GSSAPIAuthenticator

com.ning.http.client.providers.netty.spnego.SpnegoEngine

com.sun.xml.ws.security.impl.kerberos.KerberosLogin$KerberosClientSetupAction

com.sun.xml.ws.security.impl.kerberos.KerberosLogin$KerberosServerSetupAction

com.xebialabs.overthere.cifs.winrm.WsmanKerberosScheme

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.