Examples of org.ietf.jgss.GSSManager.createContext()

org.ietf.jgss.GSSManager.createContext()
Factory method for creating a context on the initiator's side. Some mechanism providers might require that the caller be granted permission to initiate a security context. A failed permission check might cause a {@link java.lang.SecurityException SecurityException}to be thrown from this method.
Non-default values for lifetime cannot always be honored by the underlying mechanism, thus applications should be prepared to call {@link GSSContext#getLifetime() getLifetime} on the returnedcontext.
@param peer the name of the target peer. @param mech the Oid of the desired mechanism. Use nullto request the default mechanism. @param myCred the credentials of the initiator. Usenull to act as the default initiator principal. @param lifetime the lifetime, in seconds, requested for thecontext. Use {@link GSSContext#INDEFINITE_LIFETIME GSSContext.INDEFINITE_LIFETIME} to request that the context have the maximum permitted lifetime. Use {@link GSSContext#DEFAULT_LIFETIME GSSContext.DEFAULT_LIFETIME} to request a default lifetime for thecontext. @return an unestablished GSSContext @see GSSContext @throws GSSException containing the following major error codes: {@link GSSException#NO_CRED GSSException.NO_CRED}{@link GSSException#CREDENTIALS_EXPIRED GSSException.CREDENTIALS_EXPIRED}{@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE}{@link GSSException#BAD_MECH GSSException.BAD_MECH}{@link GSSException#FAILURE GSSException.FAILURE}

                                GSSCredential.DEFAULT_LIFETIME,
                                new Oid("1.3.6.1.5.5.2"),
                                GSSCredential.ACCEPT_ONLY);
                    }
                };
            gssContext = manager.createContext(Subject.doAs(lc.getSubject(), action));


            outToken = gssContext.acceptSecContext(decoded, 0, decoded.length);


            if (outToken == null) {
                if (log.isDebugEnabled()) {

View Full Code Here

            String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
            Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
            GSSName serviceName = gssManager.createName(servicePrincipal,
                                                        oid);
            oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
            gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
            gssContext.requestCredDeleg(true);
            gssContext.requestMutualAuth(true);


            byte[] inToken = new byte[0];

View Full Code Here


    ExtendedGSSContext context = null;


    try {
      context = 
        (ExtendedGSSContext)manager.createContext(getExpectedName(),
            GSSConstants.MECH_OID,
            this.credentials,
            GSSContext.DEFAULT_LIFETIME);


      switch (this.delegationType) {

View Full Code Here

                GSSCredential.ACCEPT_ONLY);


        while (true) {
            logger.debug("Waiting for incoming connection on port {} ...",
                    localPort);
            GSSContext context = manager.createContext(serverCreds);
            Socket socket = ss.accept();


            try {
                DataInputStream inStream = new DataInputStream(socket
                        .getInputStream());

View Full Code Here

                        logger.debug("{} with oid = {}", manager
                                .getNamesForMech(o), o);
                    }
                }


                ctx = manager.createContext(serverName, krb5OID, null,
                        GSSContext.DEFAULT_LIFETIME);


                ctx.requestMutualAuth(true); // Mutual authentication
                ctx.requestConf(false);
                ctx.requestInteg(false);

View Full Code Here

        GSSName serverName = manager.createName(spn, null);


        GSSCredential delegatedCred = 
            (GSSCredential)message.getContextualProperty(GSSCredential.class.getName());
        
        GSSContext context = manager
                .createContext(serverName.canonicalize(oid), oid, delegatedCred, GSSContext.DEFAULT_LIFETIME);
        
        context.requestCredDeleg(isCredDelegationRequired(message));


        // If the delegated cred is not null then we only need the context to

View Full Code Here

    private byte[] getToken(AuthorizationPolicy authPolicy, String spn, Oid oid) throws GSSException, 
        LoginException {
        GSSManager manager = GSSManager.getInstance();
        GSSName serverName = manager.createName(spn, null);


        GSSContext context = manager
                .createContext(serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
        // TODO Do we need mutual auth. Will the code we have really work with
        // mutual auth?
        context.requestMutualAuth(true);
        // TODO Credential delegation could be a security hole if it was not

View Full Code Here

                gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
            );


        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
        GSSContext secContext =
            gssManager.createContext(
                gssService, kerberos5Oid, credentials, GSSContext.DEFAULT_LIFETIME
            );


        secContext.requestMutualAuth(false);

View Full Code Here


        KerberosServiceContext krbServiceCtx = null;
        GSSContext secContext = null;


        try{
            secContext = gssManager.createContext(credentials);
            secContext.acceptSecContext(ticket, 0, ticket.length);


            krbServiceCtx = new KerberosServiceContext();            


            GSSName clientName = secContext.getSrcName();

View Full Code Here

                                                               8 * 3600,
                                                               createKerberosOid(),
                                                               GSSCredential.INITIATE_ONLY );


                GSSName serverName = manager.createName( serviceName + "@" + hostName, GSSName.NT_HOSTBASED_SERVICE );
                GSSContext context = manager.createContext( serverName,
                                                      createKerberosOid(),
                                                      clientCred,
                                                      GSSContext.DEFAULT_LIFETIME );
                context.requestMutualAuth( true );
                context.requestConf( true );

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.