public class SpnegoHelper
extends java.lang.Object
Constructor and Description |
---|
SpnegoHelper() |
Modifier and Type | Method and Description |
---|---|
static java.lang.String |
buildS4U2proxyAuthorization(java.lang.String spn,
javax.security.auth.Subject subject,
int lifetime,
boolean delegate)
Build a SPNEGO Authorization string using a Kerberos credential within the supplied Java Subject.
|
static java.lang.String |
buildS4U2ProxyAuthorizationUsingS4U2Self(java.lang.String upn,
java.lang.String targetServiceSpn,
int lifetime,
boolean delegate,
java.lang.String delegateServiceSpn,
java.lang.String jaasLoginContextEntry,
java.lang.String krb5Keytab)
Build a SPNEGO Authorization string using a Kerberos credential from the delegate service that impersonates the user (S4U2self).
|
public static java.lang.String buildS4U2ProxyAuthorizationUsingS4U2Self(java.lang.String upn, java.lang.String targetServiceSpn, int lifetime, boolean delegate, java.lang.String delegateServiceSpn, java.lang.String jaasLoginContextEntry, java.lang.String krb5Keytab) throws org.ietf.jgss.GSSException, java.security.PrivilegedActionException, javax.security.auth.login.LoginException
upn
- - UserPrincipalName of the user for which the SPNEGO token will be generated.targetServiceSpn
- - ServicePrincipalName of system for which SPNEGO token will be targeted.lifetime
- - Lifetime for the context, for example GSSCredential.INDEFINITE_LIFETIMEdelegate
- - Whether the token includes delegatable GSSCredential credentials.delegateServiceSpn
- - Delegate servicePrincipalName of system for which the user already authenticated.jaasLoginContextEntry
- - JAAS login context entry to use.krb5Keytab
- - Kerberos keytab that contained the firstServiceSpn and its keys.org.ietf.jgss.GSSException
- - thrown when SPNEGO token generation fails, when delegate service's subject is null, when the delegate serivce's subject
does not contain Kerberos credentials, when firstServiceSpn or targetServiceSpn is invalid.java.security.PrivilegedActionException
- - unexpected - thrown when Java 2 security is misconfigured.javax.security.auth.login.LoginException
- - thrown when the Login fails with the delegate service SPNpublic static java.lang.String buildS4U2proxyAuthorization(java.lang.String spn, javax.security.auth.Subject subject, int lifetime, boolean delegate) throws org.ietf.jgss.GSSException, java.security.PrivilegedActionException
spn
- - ServicePrincipalName of system for which SPNEGO token will be targeted.subject
- - Subject containing Kerberos credentialslifetime
- - Lifetime for the context, for example GSSCredential.INDEFINITE_LIFETIMEdelegate
- - Whether the token includes delegatable GSSCredentials.org.ietf.jgss.GSSException
- - thrown when SPNEGO token generation fails, when Subject is null, when the Subject
does not contain Kerberos credentials, or when SPN is invalid.java.security.PrivilegedActionException
- - unexpected - thrown when Java 2 security is misconfigured.javax.security.auth.login.LoginException
- - thrown when the Login fails with the delegate service SPN