public class SunJaasKerberosTicketValidator extends InitializableObject implements KerberosTicketValidator
KerberosTicketValidator
which uses the SUN JAAS
login module, which is included in the SUN JRE, it will not work with an IBM JRE.
The whole configuration is done in this class, no additional JAAS configuration
is needed.originally from spring-kerberos project
Modifier and Type | Field and Description |
---|---|
protected org.slf4j.Logger |
logger |
Constructor and Description |
---|
SunJaasKerberosTicketValidator() |
Modifier and Type | Method and Description |
---|---|
protected void |
internalInit()
Internal initialization of the object.
|
void |
setDebug(boolean debug)
Enables the debug mode of the JAAS Kerberos login module.
|
void |
setHoldOnToGSSContext(boolean holdOnToGSSContext)
Determines whether to hold on to the
GSS security context or
otherwise dispose of it immediately (the default behaviour). |
void |
setKeyTabLocation(org.springframework.core.io.Resource keyTabLocation)
The location of the keytab.
|
void |
setServicePrincipal(String servicePrincipal)
The service principal of the application.
|
KerberosTicketValidation |
validateTicket(byte[] token)
Validates a Kerberos/SPNEGO ticket.
|
init, reinit
public KerberosTicketValidation validateTicket(byte[] token) throws BadCredentialsException
KerberosTicketValidator
validateTicket
in interface KerberosTicketValidator
token
- Kerbeos/SPNEGO ticketBadCredentialsException
- if the ticket is not validprotected void internalInit()
InitializableObject
internalInit
in class InitializableObject
public void setServicePrincipal(String servicePrincipal)
HTTP/full-qualified-domain-name@DOMAIN
.
The keytab must contain the key for this principal.servicePrincipal
- service principal to usesetKeyTabLocation(Resource)
public void setKeyTabLocation(org.springframework.core.io.Resource keyTabLocation)
The location of the keytab. You can use the normal Resource
prefixes like file:
or classpath:
, but as the
file is later on read by JAAS, we cannot guarantee that classpath
works in every environment, esp. not in Java EE application servers. You
should use file:
there.
This file also needs special protection, which is another reason to
not include it in the classpath but rather use file:/etc/http.keytab
for example.
keyTabLocation
- The location where the keytab residespublic void setDebug(boolean debug)
debug
- default is falsepublic void setHoldOnToGSSContext(boolean holdOnToGSSContext)
GSS security context
or
otherwise dispose
of it immediately (the default behaviour).
Holding on to the GSS context allows decrypt and encrypt operations for subsequent interactions with the principal.
holdOnToGSSContext
- true if should hold on to contextCopyright © 2018. All rights reserved.