Platform SDK Java 8.5 API Reference

com.genesyslab.platform.commons.protocol.auth
Class KerberosTicketAcquirer

java.lang.Object
  extended by com.genesyslab.platform.commons.protocol.auth.KerberosTicketAcquirer
All Implemented Interfaces:
AuthTicketAcquirer

public class KerberosTicketAcquirer
extends java.lang.Object
implements AuthTicketAcquirer

Kerberos-specific implementation of AuthTicketAcquirer. Can be used by applications to get Kerberos tickets to other services.

Note: useGss by default set to true, to change its default value to false you should set system property com.genesys.protocol.auth.kerberos.nogss to any not empty value

Note: ticketCached by default set to true, to change its default value to false you should set system property com.genesys.protocol.auth.kerberos.nocache to any not empty value

Note: Java GSS requires a Kerberos configuration file. The default name and location of the Kerberos configuration file depends on the operating system being used. Java GSS uses the following order to search for the default configuration file:

  1. The file referenced by the Java property java.security.krb5.conf.
  2. ${java.home}/lib/security/krb5.conf.
  3. %windir%\krb5.ini on Microsoft Windows platforms.
  4. /etc/krb5/krb5.conf on Solaris platforms.
  5. /etc/krb5.conf on other UNIX platforms.


Constructor Summary
KerberosTicketAcquirer()
          Create KerberosTicketAcquirer class instance for acquiring current user authentication data.
KerberosTicketAcquirer(java.util.Map<java.lang.String,java.lang.String> kerberosOptions)
          Create KerberosTicketAcquirer class instance for acquiring current user authentication data with specified Kerberos options.
KerberosTicketAcquirer(java.lang.String userPrincipalName, javax.security.auth.callback.CallbackHandler callbackHandler)
          Create KerberosTicketAcquirer class instance for acquiring a user authentication data according to UPN(user principal name) and callbackhandler.
KerberosTicketAcquirer(java.lang.String userPrincipalName, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,java.lang.String> kerberosOptions)
          Create KerberosTicketAcquirer class instance for acquiring a user authentication data according to UPN(user principal name) and callback handler with specified Kerberos options.
 
Method Summary
 AuthTicket acquireTicket(java.lang.String servicePrincipalName)
          Acquires authentication ticket for a given SPN.
 java.util.Map<java.lang.String,java.lang.String> getKerberosOptions()
          Gets copy of Krb5LoginModule options used, never returns null.
 java.lang.String getUserPrincipalName()
          Gets user principal name.
 java.lang.String toString()
          
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

KerberosTicketAcquirer

public KerberosTicketAcquirer()
                       throws javax.security.auth.login.LoginException
Create KerberosTicketAcquirer class instance for acquiring current user authentication data.

Throws:
javax.security.auth.login.LoginException - if there was error setting up security context, ticket cache is not accessible or provided credentials are not accepted.

KerberosTicketAcquirer

public KerberosTicketAcquirer(java.lang.String userPrincipalName,
                              javax.security.auth.callback.CallbackHandler callbackHandler)
                       throws javax.security.auth.login.LoginException
Create KerberosTicketAcquirer class instance for acquiring a user authentication data according to UPN(user principal name) and callbackhandler.

Parameters:
userPrincipalName - User Principal Name of an entity requesting ticket, in a format user@REALM. Can be null, in this case user that is currently logged in is implied.
callbackHandler - Instance of a CallbackHandler implementation that would be used to get user login and password information in case Kerberos login module is not able to access ticket cache. Can be null, in this case if cache is not accessible, LoginException would be thrown.
Throws:
javax.security.auth.login.LoginException - if there was error setting up security context, ticket cache is not accessible or provided credentials are not accepted.
java.lang.IllegalArgumentException - if User Principal Name is null or callback handler is null.

KerberosTicketAcquirer

public KerberosTicketAcquirer(java.util.Map<java.lang.String,java.lang.String> kerberosOptions)
                       throws javax.security.auth.login.LoginException
Create KerberosTicketAcquirer class instance for acquiring current user authentication data with specified Kerberos options.

Throws:
javax.security.auth.login.LoginException - if there was error setting up security context, ticket cache is not accessible or provided credentials are not accepted.

KerberosTicketAcquirer

public KerberosTicketAcquirer(java.lang.String userPrincipalName,
                              javax.security.auth.callback.CallbackHandler callbackHandler,
                              java.util.Map<java.lang.String,java.lang.String> kerberosOptions)
                       throws javax.security.auth.login.LoginException
Create KerberosTicketAcquirer class instance for acquiring a user authentication data according to UPN(user principal name) and callback handler with specified Kerberos options.

Parameters:
userPrincipalName - User Principal Name of an entity requesting ticket, in a format user@REALM.
callbackHandler - Instance of a CallbackHandler implementation that would be used to get user login and password information in case Kerberos login module is not able to access ticket cache. Can be null, in this case if cache is not accessible, LoginException would be thrown.
kerberosOptions -
Throws:
javax.security.auth.login.LoginException - if there was error setting up security context, ticket cache is not accessible or provided credentials are not accepted.
Method Detail

getUserPrincipalName

public java.lang.String getUserPrincipalName()
Gets user principal name.

Returns:
user principal name or null if isn't assigned in constructor.

getKerberosOptions

public java.util.Map<java.lang.String,java.lang.String> getKerberosOptions()
Gets copy of Krb5LoginModule options used, never returns null.

Returns:
Copy of Krb5LoginModule options used, never returns null.

acquireTicket

public AuthTicket acquireTicket(java.lang.String servicePrincipalName)
                         throws AuthTicketAcquirerException
Description copied from interface: AuthTicketAcquirer
Acquires authentication ticket for a given SPN.

Specified by:
acquireTicket in interface AuthTicketAcquirer
Parameters:
servicePrincipalName - Principal name of the service for which to get a ticket. Must not be null or empty.
Returns:
Ticket data in case of success or null if ticket could not be acquired.
Throws:
AuthTicketAcquirerException - if ticket could not be acquired.

toString

public java.lang.String toString()

Overrides:
toString in class java.lang.Object

Platform SDK Java 8.5 API Reference

Send comments on this topicTechpubs.webadmin@genesys.com.
Document version: 8.5.302.00
Copyright © 2006–2017 Genesys Telecommunications Laboratories, Inc. All rights reserved.