Examples of org.ietf.jgss.GSSContext.requestCredDeleg()

org.ietf.jgss.GSSContext.requestCredDeleg()
Requests that the initiator's credentials be delegated to the acceptor during context establishment. This request can only be made on the context initiator's side and it has to be done prior to the first call to initSecContext. Not all mechanisms support credential delegation. Therefore, an application that desires delegation should check to see if the request was honored with the {@link #getCredDelegState() getCredDelegState} method. If the application indicates thatdelegation must not be used, then the mechanism will honor the request and delegation will not occur. This is an exception to the general rule that a mechanism may enable a service even if it is not requested.
@param state a boolean value indicating whether the credentialsshould be delegated or not. @see #getCredDelegState() @throws GSSException containing the following major error codes: {@link GSSException#FAILURE GSSException.FAILURE}

        GSSName canonicalizedName = serverName.canonicalize(oid);


        logger.debug("Creating SPNego GSS context for canonicalized SPN {}", canonicalizedName);
        GSSContext gssContext = manager.createContext(canonicalizedName, oid, null, JavaVendor.getSpnegoLifetime());
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(token, 0, token.length);
    }


    private static final Logger logger = LoggerFactory.getLogger(WsmanSPNegoScheme.class);

View Full Code Here

        GSSName canonicalizedName = serverName.canonicalize(oid);


        logger.debug("Creating Kerberos GSS context for canonicalized SPN {}", canonicalizedName);
        GSSContext gssContext = manager.createContext(canonicalizedName, oid, null, GSSContext.DEFAULT_LIFETIME);
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(token, 0, token.length);
    }


    private static final Logger logger = LoggerFactory.getLogger(WsmanKerberosScheme.class);

View Full Code Here

          GSSName serviceName = gssManager.createName(servicePrincipal,
              oid);
          oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
          gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
          gssContext.requestCredDeleg(true);
          gssContext.requestMutualAuth(true);


          byte[] inToken = new byte[0];
          byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
          Base64 base64 = new Base64(0);

View Full Code Here

        try {
          String servicePrincipal = KerberosTestUtils.getServerPrincipal();
          GSSName serviceName = gssManager.createName(servicePrincipal, GSSUtil.NT_GSS_KRB5_PRINCIPAL);
          gssContext = gssManager.createContext(serviceName, GSSUtil.GSS_KRB5_MECH_OID, null,
                                                GSSContext.DEFAULT_LIFETIME);
          gssContext.requestCredDeleg(true);
          gssContext.requestMutualAuth(true);


          byte[] inToken = new byte[0];
          byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
          Base64 base64 = new Base64(0);

View Full Code Here

            GSSName serviceName = gssManager.createName(servicePrincipal,
                                                        oid);
            oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
            gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
            gssContext.requestCredDeleg(true);
            gssContext.requestMutualAuth(true);


            byte[] inToken = new byte[0];
            byte[] outToken;
            boolean established = false;

View Full Code Here

            (GSSCredential)message.getContextualProperty(GSSCredential.class.getName());
        
        GSSContext context = manager
                .createContext(serverName.canonicalize(oid), oid, delegatedCred, GSSContext.DEFAULT_LIFETIME);
        
        context.requestCredDeleg(isCredDelegationRequired(message));


        // If the delegated cred is not null then we only need the context to
        // immediately return a ticket based on this credential without attempting
        // to log on again 
        return getToken(delegatedCred == null ? authPolicy : null,

View Full Code Here

        // TODO Do we need mutual auth. Will the code we have really work with
        // mutual auth?
        context.requestMutualAuth(true);
        // TODO Credential delegation could be a security hole if it was not
        // intended. Both settings should be configurable
        context.requestCredDeleg(true);


        return getToken(authPolicy, context);
    }


    private final class CreateServiceTicketAction implements PrivilegedExceptionAction<byte[]> {

View Full Code Here

          GSSName serverName = manager.createName(servicePrincipalName,
              krb5PrincipalNameType);
          final GSSContext context = manager.createContext(serverName, krb5Oid, null, 0);
          byte[] token = new byte[0];
          context.requestMutualAuth(false);
          context.requestCredDeleg(false);
          return context.initSecContext(token, 0, token.length);
        } catch (GSSException e) {
          e.printStackTrace();
          return null;
        }

View Full Code Here

        final GSSManager manager = getManager();
        final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
        final GSSContext gssContext = manager.createContext(
                serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(token, 0, token.length);
    }


    protected abstract byte[] generateToken(
            byte[] input, final String authServer) throws GSSException;

View Full Code Here

            GSSName serviceName = gssManager.createName(servicePrincipal,
                                                        oid);
            oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
            gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
            gssContext.requestCredDeleg(true);
            gssContext.requestMutualAuth(true);


            byte[] inToken = new byte[0];
            byte[] outToken;
            boolean established = false;

View Full Code Here

0 1 2 3 4

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.