com.unboundid.ldap.sdk
Class GSSAPIBindRequestProperties

java.lang.Object
  com.unboundid.ldap.sdk.GSSAPIBindRequestProperties

All Implemented Interfaces:

java.io.Serializable

@Mutable
@ThreadSafety(level=NOT_THREADSAFE)
public final class GSSAPIBindRequestProperties
extends java.lang.Object
implements java.io.Serializable

This class provides a data structure that may be used to hold a number of properties that may be used during processing for a SASL GSSAPI bind operation.

See Also:

Serialized Form

Constructor Summary

GSSAPIBindRequestProperties(java.lang.String authenticationID, byte[] password)
Creates a new set of GSSAPI bind request properties with the provided information.

GSSAPIBindRequestProperties(java.lang.String authenticationID, java.lang.String password)
Creates a new set of GSSAPI bind request properties with the provided information.

Method Summary

boolean	enableGSSAPIDebugging() Indicates whether JVM-level debugging should be enabled for GSSAPI bind processing.
java.util.List<SASLQualityOfProtection>	getAllowedQoP() Retrieves the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
java.lang.String	getAuthenticationID() Retrieves the authentication ID for the GSSAPI bind request, if defined.
java.lang.String	getAuthorizationID() Retrieves the authorization ID for the GSSAPI bind request, if defined.
java.lang.String	getConfigFilePath() Retrieves the path to a JAAS configuration file that should be used when processing the GSSAPI bind request, if defined.
java.lang.String	getJAASClientName() Retrieves the name that will be used to identify this client in the JAAS framework.
java.lang.String	getKDCAddress() Retrieves the address to use for the Kerberos key distribution center, if defined.
java.lang.String	getKeyTabPath() Retrieves the path to the keytab file from which to obtain the user credentials.
ASN1OctetString	getPassword() Retrieves the password that should be used for the GSSAPI bind request, if defined.
java.lang.String	getRealm() Retrieves the realm to use for the GSSAPI bind request, if defined.
java.lang.String	getSASLClientServerName() Retrieves the server name that should be used when creating the Java SaslClient, if one is defined.
java.lang.String	getServicePrincipalProtocol() Retrieves the protocol specified in the service principal that the directory server uses for its communication with the KDC.
java.util.Set<java.lang.String>	getSuppressedSystemProperties() Retrieves a set of system properties that will not be altered by GSSAPI processing.
java.lang.String	getTicketCachePath() Retrieves the path to the Kerberos ticket cache file that should be used during authentication, if defined.
boolean	refreshKrb5Config() Indicates whether to refresh the configuration before the JAAS login method is called.
boolean	renewTGT() Indicates whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.
boolean	requireCachedCredentials() Indicates whether GSSAPI authentication should only occur using an existing Kerberos session.
void	setAllowedQoP(java.util.List<SASLQualityOfProtection> allowedQoP) Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
void	setAllowedQoP(SASLQualityOfProtection... allowedQoP) Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
void	setAuthenticationID(java.lang.String authenticationID) Sets the authentication ID for the GSSAPI bind request.
void	setAuthorizationID(java.lang.String authorizationID) Specifies the authorization ID for the GSSAPI bind request.
void	setConfigFilePath(java.lang.String configFilePath) Specifies the path to a JAAS configuration file that should be used when processing the GSSAPI bind request.
void	setEnableGSSAPIDebugging(boolean enableGSSAPIDebugging) Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing.
void	setJAASClientName(java.lang.String jaasClientName) Specifies the name that will be used to identify this client in the JAAS framework.
void	setKDCAddress(java.lang.String kdcAddress) Specifies the address to use for the Kerberos key distribution center.
void	setKeyTabPath(java.lang.String keyTabPath) Specifies the path to the keytab file from which to obtain the user credentials.
void	setPassword(ASN1OctetString password) Specifies the password that should be used for the GSSAPI bind request.
void	setPassword(byte[] password) Specifies the password that should be used for the GSSAPI bind request.
void	setPassword(java.lang.String password) Specifies the password that should be used for the GSSAPI bind request.
void	setRealm(java.lang.String realm) Specifies the realm to use for the GSSAPI bind request.
void	setRefreshKrb5Config(boolean refreshKrb5Config) Specifies whether to refresh the configuration before the JAAS login method is called.
void	setRenewTGT(boolean renewTGT) Specifies whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.
void	setRequireCachedCredentials(boolean requireCachedCredentials) Specifies whether an GSSAPI authentication should only occur using an existing Kerberos session.
void	setSASLClientServerName(java.lang.String saslClientServerName) Specifies the server name that should be used when creating the Java SaslClient.
void	setServicePrincipalProtocol(java.lang.String servicePrincipalProtocol) Specifies the protocol specified in the service principal that the directory server uses for its communication with the KDC.
void	setSuppressedSystemProperties(java.util.Collection<java.lang.String> suppressedSystemProperties) Specifies a set of system properties that will not be altered by GSSAPI processing.
void	setTicketCachePath(java.lang.String ticketCachePath) Specifies the path to the Kerberos ticket cache file that should be used during authentication.
void	setUseKeyTab(boolean useKeyTab) Specifies whether to use a keytab to obtain the user credentials.
void	setUseSubjectCredentialsOnly(boolean useSubjectCredentialsOnly) Specifies whether to allow the client to use credentials that are outside the current subject.
void	setUseTicketCache(boolean useTicketCache) Specifies whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.
java.lang.String	toString() Retrieves a string representation of the GSSAPI bind request properties.
void	toString(java.lang.StringBuilder buffer) Appends a string representation of the GSSAPI bind request properties to the provided buffer.
boolean	useKeyTab() Indicates whether to use a keytab to obtain the user credentials.
boolean	useSubjectCredentialsOnly() Indicates whether to allow the client to use credentials that are outside of the current subject, obtained via some system-specific mechanism.
boolean	useTicketCache() Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

GSSAPIBindRequestProperties

public GSSAPIBindRequestProperties(java.lang.String authenticationID,
                                   java.lang.String password)

Creates a new set of GSSAPI bind request properties with the provided information.

Parameters:

authenticationID - The authentication ID for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

password - The password for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

GSSAPIBindRequestProperties

public GSSAPIBindRequestProperties(java.lang.String authenticationID,
                                   byte[] password)

Creates a new set of GSSAPI bind request properties with the provided information.

Parameters:

authenticationID - The authentication ID for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

password - The password for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

Method Detail

getAuthenticationID

public java.lang.String getAuthenticationID()

Retrieves the authentication ID for the GSSAPI bind request, if defined.

Returns:

The authentication ID for the GSSAPI bind request, or null if an existing Kerberos session should be used.

setAuthenticationID

public void setAuthenticationID(java.lang.String authenticationID)

Sets the authentication ID for the GSSAPI bind request.

Parameters:

authenticationID - The authentication ID for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

getAuthorizationID

public java.lang.String getAuthorizationID()

Retrieves the authorization ID for the GSSAPI bind request, if defined.

Returns:

The authorizationID for the GSSAPI bind request, or null if the authorization ID should be the same as the authentication ID.

setAuthorizationID

public void setAuthorizationID(java.lang.String authorizationID)

Specifies the authorization ID for the GSSAPI bind request.

Parameters:

authorizationID - The authorization ID for the GSSAPI bind request. It may be null if the authorization ID should be the same as the authentication ID.

getPassword

public ASN1OctetString getPassword()

Retrieves the password that should be used for the GSSAPI bind request, if defined.

Returns:

The password that should be used for the GSSAPI bind request, or null if an existing Kerberos session should be used.

setPassword

public void setPassword(java.lang.String password)

Specifies the password that should be used for the GSSAPI bind request.

Parameters:

password - The password that should be used for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

setPassword

public void setPassword(byte[] password)

Specifies the password that should be used for the GSSAPI bind request.

Parameters:

password - The password that should be used for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

setPassword

public void setPassword(ASN1OctetString password)

Specifies the password that should be used for the GSSAPI bind request.

Parameters:

password - The password that should be used for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

getRealm

public java.lang.String getRealm()

Retrieves the realm to use for the GSSAPI bind request, if defined.

Returns:

The realm to use for the GSSAPI bind request, or null if the request should attempt to use the default realm from the system configuration.

setRealm

public void setRealm(java.lang.String realm)

Specifies the realm to use for the GSSAPI bind request.

Parameters:

realm - The realm to use for the GSSAPI bind request. It may be null if the request should attempt to use the default realm from the system configuration.

getAllowedQoP

public java.util.List<SASLQualityOfProtection> getAllowedQoP()

Retrieves the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.

Returns:

The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.

setAllowedQoP

public void setAllowedQoP(java.util.List<SASLQualityOfProtection> allowedQoP)

Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.

Parameters:

allowedQoP - The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred. If this is null or empty, then a list containing only the SASLQualityOfProtection.AUTH quality of protection value will be used.

setAllowedQoP

public void setAllowedQoP(SASLQualityOfProtection... allowedQoP)

Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.

Parameters:

allowedQoP - The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred. If this is null or empty, then a list containing only the SASLQualityOfProtection.AUTH quality of protection value will be used.

getKDCAddress

public java.lang.String getKDCAddress()

Retrieves the address to use for the Kerberos key distribution center, if defined.

Returns:

The address to use for the Kerberos key distribution center, or null if request should attempt to determine the KDC address from the system configuration.

setKDCAddress

public void setKDCAddress(java.lang.String kdcAddress)

Specifies the address to use for the Kerberos key distribution center.

Parameters:

kdcAddress - The address to use for the Kerberos key distribution center. It may be null if the request should attempt to determine the KDC address from the system configuration.

getJAASClientName

public java.lang.String getJAASClientName()

Retrieves the name that will be used to identify this client in the JAAS framework.

Returns:

The name that will be used to identify this client in the JAAS framework.

setJAASClientName

public void setJAASClientName(java.lang.String jaasClientName)

Specifies the name that will be used to identify this client in the JAAS framework.

Parameters:

jaasClientName - The name that will be used to identify this client in the JAAS framework. It must not be null or empty.

getConfigFilePath

public java.lang.String getConfigFilePath()

Retrieves the path to a JAAS configuration file that should be used when processing the GSSAPI bind request, if defined.

Returns:

The path to a JAAS configuration file that should be used when processing the GSSAPI bind request, or null if a JAAS configuration file should be automatically constructed for the bind request.

setConfigFilePath

public void setConfigFilePath(java.lang.String configFilePath)

Specifies the path to a JAAS configuration file that should be used when processing the GSSAPI bind request.

Parameters:

configFilePath - The path to a JAAS configuration file that should be used when processing the GSSAPI bind request. It may be null if a configuration file should be automatically constructed for the bind request.

getSASLClientServerName

public java.lang.String getSASLClientServerName()

Retrieves the server name that should be used when creating the Java SaslClient, if one is defined.

Returns:

The server name that should be used when creating the Java SaslClient, or null if none is defined and the SaslClient should use the address specified when establishing the connection.

setSASLClientServerName

public void setSASLClientServerName(java.lang.String saslClientServerName)

Specifies the server name that should be used when creating the Java SaslClient.

Parameters:

saslClientServerName - The server name that should be used when creating the Java SaslClient. It may be null to indicate that the SaslClient should use the address specified when establishing the connection.

getServicePrincipalProtocol

public java.lang.String getServicePrincipalProtocol()

Retrieves the protocol specified in the service principal that the directory server uses for its communication with the KDC. The service principal is usually something like "ldap/directory.example.com", where "ldap" is the protocol and "directory.example.com" is the fully-qualified address of the directory server system, but some servers may allow authentication with a service principal with a protocol other than "ldap".

Returns:

The protocol specified in the service principal that the directory server uses for its communication with the KDC.

setServicePrincipalProtocol

public void setServicePrincipalProtocol(java.lang.String servicePrincipalProtocol)

Specifies the protocol specified in the service principal that the directory server uses for its communication with the KDC. This should generally be "ldap", but some servers may allow a service principal with a protocol other than "ldap".

Parameters:

servicePrincipalProtocol - The protocol specified in the service principal that the directory server uses for its communication with the KDC.

refreshKrb5Config

public boolean refreshKrb5Config()

Indicates whether to refresh the configuration before the JAAS login method is called.

Returns:

true if the GSSAPI implementation should refresh the configuration before the JAAS login method is called, or false if not.

setRefreshKrb5Config

public void setRefreshKrb5Config(boolean refreshKrb5Config)

Specifies whether to refresh the configuration before the JAAS login method is called.

Parameters:

refreshKrb5Config - Indicates whether to refresh the configuration before the JAAS login method is called.

useSubjectCredentialsOnly

public boolean useSubjectCredentialsOnly()

Indicates whether to allow the client to use credentials that are outside of the current subject, obtained via some system-specific mechanism.

Returns:

true if the client will only be allowed to use credentials that are within the current subject, or false if the client will be allowed to use credentials outside the current subject.

setUseSubjectCredentialsOnly

public void setUseSubjectCredentialsOnly(boolean useSubjectCredentialsOnly)

Specifies whether to allow the client to use credentials that are outside the current subject. If this is false, then a system-specific mechanism may be used in an attempt to obtain credentials from an existing session.

Parameters:

useSubjectCredentialsOnly - Indicates whether to allow the client to use credentials that are outside of the current subject.

useKeyTab

public boolean useKeyTab()

Indicates whether to use a keytab to obtain the user credentials.

Returns:

true if the GSSAPI login attempt should use a keytab to obtain the user credentials, or false if not.

setUseKeyTab

public void setUseKeyTab(boolean useKeyTab)

Specifies whether to use a keytab to obtain the user credentials.

Parameters:

useKeyTab - Indicates whether to use a keytab to obtain the user credentials.

getKeyTabPath

public java.lang.String getKeyTabPath()

Retrieves the path to the keytab file from which to obtain the user credentials. This will only be used if useKeyTab returns true.

Returns:

The path to the keytab file from which to obtain the user credentials, or null if the default keytab location should be used.

setKeyTabPath

public void setKeyTabPath(java.lang.String keyTabPath)

Specifies the path to the keytab file from which to obtain the user credentials.

Parameters:

keyTabPath - The path to the keytab file from which to obtain the user credentials. It may be null if the default keytab location should be used.

useTicketCache

public boolean useTicketCache()

Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.

Returns:

true if a ticket cache may be used to take advantage of an existing Kerberos session, or false if Kerberos credentials should always be provided.

setUseTicketCache

public void setUseTicketCache(boolean useTicketCache)

Specifies whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.

Parameters:

useTicketCache - Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.

requireCachedCredentials

public boolean requireCachedCredentials()

Indicates whether GSSAPI authentication should only occur using an existing Kerberos session.

Returns:

true if GSSAPI authentication should only use an existing Kerberos session and should fail if the client does not have an existing session, or false if the client will be allowed to create a new session if one does not already exist.

setRequireCachedCredentials

public void setRequireCachedCredentials(boolean requireCachedCredentials)

Specifies whether an GSSAPI authentication should only occur using an existing Kerberos session.

Parameters:

requireCachedCredentials - Indicates whether an existing Kerberos session will be required for authentication. If true, then authentication will fail if the client does not already have an existing Kerberos session. This will be ignored if useTicketCache is false.

getTicketCachePath

public java.lang.String getTicketCachePath()

Retrieves the path to the Kerberos ticket cache file that should be used during authentication, if defined.

Returns:

The path to the Kerberos ticket cache file that should be used during authentication, or null if the default ticket cache file should be used.

setTicketCachePath

public void setTicketCachePath(java.lang.String ticketCachePath)

Specifies the path to the Kerberos ticket cache file that should be used during authentication.

Parameters:

ticketCachePath - The path to the Kerberos ticket cache file that should be used during authentication. It may be null if the default ticket cache file should be used.

renewTGT

public boolean renewTGT()

Indicates whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.

Returns:

true if the client should attempt to renew its ticket-granting ticket if the authentication is processed using an existing Kerberos session, or false if not.

setRenewTGT

public void setRenewTGT(boolean renewTGT)

Specifies whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.

Parameters:

renewTGT - Indicates whether to attempt to renew the client's ticket-granting ticket if an existing Kerberos session is used to authenticate.

getSuppressedSystemProperties

public java.util.Set<java.lang.String> getSuppressedSystemProperties()

Retrieves a set of system properties that will not be altered by GSSAPI processing.

Returns:

A set of system properties that will not be altered by GSSAPI processing.

setSuppressedSystemProperties

public void setSuppressedSystemProperties(java.util.Collection<java.lang.String> suppressedSystemProperties)

Specifies a set of system properties that will not be altered by GSSAPI processing. This should generally only be used in cases in which the specified system properties are known to already be set correctly for the desired authentication processing.

Parameters:

suppressedSystemProperties - A set of system properties that will not be altered by GSSAPI processing. It may be null or empty to indicate that no properties should be suppressed.

enableGSSAPIDebugging

public boolean enableGSSAPIDebugging()

Indicates whether JVM-level debugging should be enabled for GSSAPI bind processing. If this is enabled, then debug information may be written to standard error when performing GSSAPI processing that could be useful for debugging authentication problems.

Returns:

true if JVM-level debugging should be enabled for GSSAPI bind processing, or false if not.

setEnableGSSAPIDebugging

public void setEnableGSSAPIDebugging(boolean enableGSSAPIDebugging)

Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing. If this is enabled, then debug information may be written to standard error when performing GSSAPI processing that could be useful for debugging authentication problems.

Parameters:

enableGSSAPIDebugging - Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing.

toString

public java.lang.String toString()

Retrieves a string representation of the GSSAPI bind request properties.

Overrides:

toString in class java.lang.Object

Returns:

A string representation of the GSSAPI bind request properties.

toString

public void toString(java.lang.StringBuilder buffer)

Appends a string representation of the GSSAPI bind request properties to the provided buffer.

Parameters:

buffer - The buffer to which the information should be appended.