public class SpnegoHelper
extends java.lang.Object
| Constructor and Description |
|---|
SpnegoHelper() |
| Modifier and Type | Method and Description |
|---|---|
static java.lang.String |
buildS4U2proxyAuthorization(java.lang.String spn,
javax.security.auth.Subject subject,
int lifetime,
boolean delegate)
Build a SPNEGO Authorization string using a Kerberos credential within the supplied Java Subject.
|
static java.lang.String |
buildS4U2ProxyAuthorizationUsingS4U2Self(java.lang.String upn,
java.lang.String targetServiceSpn,
int lifetime,
boolean delegate,
java.lang.String delegateServiceSpn,
java.lang.String jaasLoginContextEntry,
java.lang.String krb5Keytab)
Build a SPNEGO Authorization string using a Kerberos credential from the delegate service that impersonates the user (S4U2self).
|
public static java.lang.String buildS4U2ProxyAuthorizationUsingS4U2Self(java.lang.String upn,
java.lang.String targetServiceSpn,
int lifetime,
boolean delegate,
java.lang.String delegateServiceSpn,
java.lang.String jaasLoginContextEntry,
java.lang.String krb5Keytab)
throws org.ietf.jgss.GSSException,
java.security.PrivilegedActionException,
javax.security.auth.login.LoginException
upn - - UserPrincipalName of the user for which the SPNEGO token will be generated.targetServiceSpn - - ServicePrincipalName of system for which SPNEGO token will be targeted.lifetime - - Lifetime for the context, for example GSSCredential.INDEFINITE_LIFETIMEdelegate - - Whether the token includes delegatable GSSCredential credentials.delegateServiceSpn - - Delegate servicePrincipalName of system for which the user already authenticated.jaasLoginContextEntry - - JAAS login context entry to use.krb5Keytab - - Kerberos keytab that contained the firstServiceSpn and its keys.org.ietf.jgss.GSSException - - thrown when SPNEGO token generation fails, when delegate service's subject is null, when the delegate serivce's subject
does not contain Kerberos credentials, when firstServiceSpn or targetServiceSpn is invalid.java.security.PrivilegedActionException - - unexpected - thrown when Java 2 security is misconfigured.javax.security.auth.login.LoginException - - thrown when the Login fails with the delegate service SPNpublic static java.lang.String buildS4U2proxyAuthorization(java.lang.String spn,
javax.security.auth.Subject subject,
int lifetime,
boolean delegate)
throws org.ietf.jgss.GSSException,
java.security.PrivilegedActionException
spn - - ServicePrincipalName of system for which SPNEGO token will be targeted.subject - - Subject containing Kerberos credentialslifetime - - Lifetime for the context, for example GSSCredential.INDEFINITE_LIFETIMEdelegate - - Whether the token includes delegatable GSSCredentials.org.ietf.jgss.GSSException - - thrown when SPNEGO token generation fails, when Subject is null, when the Subject
does not contain Kerberos credentials, or when SPN is invalid.java.security.PrivilegedActionException - - unexpected - thrown when Java 2 security is misconfigured.javax.security.auth.login.LoginException - - thrown when the Login fails with the delegate service SPN