@Override public GSSManager run() { return GSSManager.getInstance(); } });
/** * Construct a new instance with the default GSS manager. */ public Gs2SaslServerFactory() { this(GSSManager.getInstance()); }
/** * Construct a new instance with the default GSS manager. */ public Gs2SaslClientFactory() { this(GSSManager.getInstance()); }
public AuthGssApiWithMic(LoginContext loginContext, List<Oid> mechanismOids) { this(loginContext, mechanismOids, GSSManager.getInstance()); }
@Override public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException { if (credentialType != GSSKerberosCredential.class) { log.tracef("Unable to obtain credential of type %s from LocalKerberosCredentialSource", credentialType); return null; } try { GSSCredential gssCredential = AccessController.doPrivileged((PrivilegedExceptionAction<GSSCredential>) () -> { GSSManager manager = GSSManager.getInstance(); return manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, mechanismOids, GSSCredential.INITIATE_ONLY); }); log.tracef("Obtained local kerberos credential: %s", gssCredential); if (gssCredential == null) return null; return credentialType.cast(new GSSKerberosCredential(gssCredential)); } catch (PrivilegedActionException e) { try { throw e.getCause(); } catch (IOException | RuntimeException | Error e2) { throw e2; } catch (Throwable throwable) { throw new UndeclaredThrowableException(throwable); } } }
private GSSCredential getGSSCredential(final String userName) throws GSSException { Oid krb5Mechanism = new Oid(GSSAPI_OID); GSSManager manager = GSSManager.getInstance(); GSSName name = manager.createName(userName, GSSName.NT_USER_NAME); return manager.createCredential(name, GSSCredential.INDEFINITE_LIFETIME, krb5Mechanism, GSSCredential.INITIATE_ONLY); }
public static String validateSecurityContext(Subject subject, final byte[] serviceTicket) throws GSSException { // Accept the context and return the client principal name. return Subject.doAs(subject, (PrivilegedAction<String>)() -> { try { // Identify the server that communications are being made // to. GSSManager manager = GSSManager.getInstance(); GSSContext context = manager.createContext((GSSCredential) null); context.acceptSecContext(serviceTicket, 0, serviceTicket.length); return context.getSrcName().toString(); } catch (Exception e) { log.error(Util.getMessage("Krb5TokenKerberosContextProcessingException"),e); return null; } }); }
if (usingNativeJgss) { try { GSSManager manager = GSSManager.getInstance();
private String generateTicket() throws GSSException { final GSSManager manager = GSSManager.getInstance(); // Oid for kerberos principal name Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1"); Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2"); final GSSName clientName = manager.createName(principal, krb5PrincipalOid); final GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, KERB_V5_OID, GSSCredential.INITIATE_ONLY); final GSSName serverName = manager.createName(principal, krb5PrincipalOid); final GSSContext context = manager.createContext(serverName, KERB_V5_OID, clientCred, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestConf(false); context.requestInteg(true); final byte[] outToken = context.initSecContext(new byte[0], 0, 0); StringBuffer outputBuffer = new StringBuffer(); outputBuffer.append("Negotiate "); outputBuffer.append(Bytes.toString(Base64.getEncoder().encode(outToken))); System.out.print("Ticket is: " + outputBuffer); return outputBuffer.toString(); }
this.gssManager = properties.containsKey(CONFIG_GSS_MANAGER) ? (GSSManager) properties.get(CONFIG_GSS_MANAGER) : GSSManager.getInstance();
GSSManager manager = GSSManager.getInstance(); Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2"); GSSCredential cred = manager.createCredential(null,
public static byte[] initiateSecurityContext(Subject subject, String servicePrincipalName) throws GSSException { GSSManager manager = GSSManager.getInstance(); GSSName serverName = manager.createName(servicePrincipalName, GSSName.NT_HOSTBASED_SERVICE); final GSSContext context = manager.createContext(serverName, krb5Oid, null, GSSContext.DEFAULT_LIFETIME); // The GSS context initiation has to be performed as a privileged action. return Subject.doAs(subject, (PrivilegedAction<byte[]>)() -> { try { byte[] token = new byte[0]; // This is a one pass context initialization. context.requestMutualAuth(false); context.requestCredDeleg(false); return context.initSecContext(token, 0, token.length); } catch (GSSException e) { log.error(Util.getMessage("Krb5TokenKerberosContextProcessingException"),e); return null; } }); }
GSSManager manager = GSSManager.getInstance();
@Override public String run() throws Exception { // This Oid for Kerberos GSS-API mechanism. Oid mechOid = new Oid("1.2.840.113554.1.2.2"); // Oid for kerberos principal name Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1"); GSSManager manager = GSSManager.getInstance(); // GSS name for server GSSName serverName = manager.createName(serverPrincipal, krb5PrincipalOid); // Create a GSSContext for authentication with the service. // We're passing client credentials as null since we want them to be read from the Subject. GSSContext gssContext = manager.createContext(serverName, mechOid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestMutualAuth(false); // Establish context byte[] inToken = new byte[0]; byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length); gssContext.dispose(); // Base64 encoded and stringified token for server return new String(base64codec.encode(outToken)); } }
public byte[] run() throws UnknownHostException, ClassNotFoundException, GSSException, IllegalAccessException, NoSuchFieldException { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP", authServer); Oid serviceOid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, serviceOid); Oid mechOid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); GSSContext gssContext = gssManager.createContext(serviceName, mechOid, null, 0); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); return gssContext.initSecContext(input, 0, input.length); }
GSSManager manager = GSSManager.getInstance();
@Override public String run() throws HttpAuthenticationException { GSSManager manager = GSSManager.getInstance(); GSSContext gssContext = null; String serverPrincipal = SecurityUtil.getPrincipalWithoutRealm(httpUGI.getUserName());
@Override public CloseableHttpClient run() throws Exception { // Logs in with Kerberos via GSS GSSManager gssManager = GSSManager.getInstance(); // jGSS Kerberos login constant Oid oid = new Oid("1.2.840.113554.1.2.2"); GSSName gssClient = gssManager.createName(clientPrincipalName, GSSName.NT_USER_NAME); GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY); Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create() .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)) .build(); BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential)); return HttpClients.custom() .setDefaultAuthSchemeRegistry(authRegistry) .setDefaultCredentialsProvider(credentialsProvider) .build(); } });
@Override public HttpResponse run() throws Exception { // Logs in with Kerberos via GSS GSSManager gssManager = GSSManager.getInstance(); // jGSS Kerberos login constant Oid oid = new Oid("1.2.840.113554.1.2.2"); GSSName gssClient = gssManager.createName(principalName, GSSName.NT_USER_NAME); GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY); HttpClientContext context = HttpClientContext.create(); Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create() .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)) .build(); HttpClient client = HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).build(); BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential)); URL url = new URL(getServerURL(server), "/echo?a=b"); context.setTargetHost(new HttpHost(url.getHost(), url.getPort())); context.setCredentialsProvider(credentialsProvider); context.setAuthSchemeRegistry(authRegistry); HttpGet get = new HttpGet(url.toURI()); return client.execute(get, context); } });
GSSManager manager = GSSManager.getInstance();