@Override public GSSCredential getGSSCredential(GSSManager mgr) throws GSSException { return manager.createCredential(GSSCredential.ACCEPT_ONLY); } }
Subject subject = loginContext.getSubject(); Principal clientPrincipal = subject.getPrincipals().iterator().next(); GSSCredential clientCredential = doAs(subject, () -> GSS_MANAGER.createCredential( GSS_MANAGER.createName(clientPrincipal.getName(), NT_USER_NAME), DEFAULT_LIFETIME,
Subject subject = loginContext.getSubject(); Principal clientPrincipal = subject.getPrincipals().iterator().next(); GSSCredential clientCredential = doAs(subject, () -> GSS_MANAGER.createCredential( GSS_MANAGER.createName(clientPrincipal.getName(), NT_USER_NAME), DEFAULT_LIFETIME,
loginContext.login(); serverCredential = doAs(loginContext.getSubject(), () -> gssManager.createCredential( gssManager.createName(config.getServiceName() + "@" + hostname, GSSName.NT_HOSTBASED_SERVICE), INDEFINITE_LIFETIME,
@Override public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException { if (credentialType != GSSKerberosCredential.class) { log.tracef("Unable to obtain credential of type %s from LocalKerberosCredentialSource", credentialType); return null; } try { GSSCredential gssCredential = AccessController.doPrivileged((PrivilegedExceptionAction<GSSCredential>) () -> { GSSManager manager = GSSManager.getInstance(); return manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, mechanismOids, GSSCredential.INITIATE_ONLY); }); log.tracef("Obtained local kerberos credential: %s", gssCredential); if (gssCredential == null) return null; return credentialType.cast(new GSSKerberosCredential(gssCredential)); } catch (PrivilegedActionException e) { try { throw e.getCause(); } catch (IOException | RuntimeException | Error e2) { throw e2; } catch (Throwable throwable) { throw new UndeclaredThrowableException(throwable); } } }
+ serviceHostname, GSSName.NT_HOSTBASED_SERVICE); GSSCredential cred = manager.createCredential( gssName, GSSContext.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.ACCEPT_ONLY);
private GSSCredential getGSSCredential(final String userName) throws GSSException { Oid krb5Mechanism = new Oid(GSSAPI_OID); GSSManager manager = GSSManager.getInstance(); GSSName name = manager.createName(userName, GSSName.NT_USER_NAME); return manager.createCredential(name, GSSCredential.INDEFINITE_LIFETIME, krb5Mechanism, GSSCredential.INITIATE_ONLY); }
GSSCredential cred = manager.createCredential(gssName, GSSContext.INDEFINITE_LIFETIME, krb5Mechanism, GSSCredential.ACCEPT_ONLY); subject.getPrivateCredentials().add(cred); } catch (GSSException ex) {
private String generateTicket() throws GSSException { final GSSManager manager = GSSManager.getInstance(); // Oid for kerberos principal name Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1"); Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2"); final GSSName clientName = manager.createName(principal, krb5PrincipalOid); final GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, KERB_V5_OID, GSSCredential.INITIATE_ONLY); final GSSName serverName = manager.createName(principal, krb5PrincipalOid); final GSSContext context = manager.createContext(serverName, KERB_V5_OID, clientCred, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestConf(false); context.requestInteg(true); final byte[] outToken = context.initSecContext(new byte[0], 0, 0); StringBuffer outputBuffer = new StringBuffer(); outputBuffer.append("Negotiate "); outputBuffer.append(Bytes.toString(Base64.getEncoder().encode(outToken))); System.out.print("Ticket is: " + outputBuffer); return outputBuffer.toString(); }
GSSManager manager = GSSManager.getInstance(); Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2"); GSSCredential cred = manager.createCredential(null, GSSContext.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.INITIATE_ONLY);
@Override public GSSContext run() throws GSSException { GSSName clientName = manager.createName(params.getUsername(), GSSName.NT_USER_NAME); GSSCredential clientCreds = manager.createCredential(clientName, GSSContext.DEFAULT_LIFETIME, selectedOid, GSSCredential.INITIATE_ONLY); GSSName peerName = manager.createName("host@" + params.getTransport().getRemoteHost(), GSSName.NT_HOSTBASED_SERVICE); GSSContext context = manager.createContext(peerName, selectedOid, clientCreds, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestInteg(true); return context; } }
GSSCredential serverCreds = manager.createCredential(serverName, GSSCredential.DEFAULT_LIFETIME, new Oid[]{kerberosMechOid, spnegoMechOid},
@Override public CloseableHttpClient run() throws Exception { // Logs in with Kerberos via GSS GSSManager gssManager = GSSManager.getInstance(); // jGSS Kerberos login constant Oid oid = new Oid("1.2.840.113554.1.2.2"); GSSName gssClient = gssManager.createName(clientPrincipalName, GSSName.NT_USER_NAME); GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY); Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create() .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)) .build(); BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential)); return HttpClients.custom() .setDefaultAuthSchemeRegistry(authRegistry) .setDefaultCredentialsProvider(credentialsProvider) .build(); } });
@Override public HttpResponse run() throws Exception { // Logs in with Kerberos via GSS GSSManager gssManager = GSSManager.getInstance(); // jGSS Kerberos login constant Oid oid = new Oid("1.2.840.113554.1.2.2"); GSSName gssClient = gssManager.createName(principalName, GSSName.NT_USER_NAME); GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY); HttpClientContext context = HttpClientContext.create(); Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create() .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)) .build(); HttpClient client = HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).build(); BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential)); URL url = new URL(getServerURL(server), "/echo?a=b"); context.setTargetHost(new HttpHost(url.getHost(), url.getPort())); context.setCredentialsProvider(credentialsProvider); context.setAuthSchemeRegistry(authRegistry); HttpGet get = new HttpGet(url.toURI()); return client.execute(get, context); } });
ourCredential = manager.createCredential(ourName, GSSContext.INDEFINITE_LIFETIME, KERBEROS_V5, GSSCredential.ACCEPT_ONLY);
loginContext.login(); final Oid negotiationOidFinal = negotiationOid; final PrivilegedExceptionAction<GSSCredential> action = () -> manager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, negotiationOidFinal, GSSCredential.INITIATE_AND_ACCEPT); myCred = Subject.doAs(loginContext.getSubject(), action);
GSSCredential gssCreds = null; try { gssCreds = gssManager.createCredential( gssManager.createName( KerberosUtil.getServicePrincipal("HTTP", serverName),
GSSCredential serverCreds = manager.createCredential(serverName, GSSCredential.DEFAULT_LIFETIME, new Oid[]{kerberosMechOid, spnegoMechOid},
GSSManager manager = GSSManager.getInstance(); GSSCredential credential = manager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, mechanisms, GSSCredential.ACCEPT_ONLY);
credential = gssManager.createCredential(ourName, GSSContext.INDEFINITE_LIFETIME, mechanism, GSSCredential.ACCEPT_ONLY);