Package jcifs.smb
Class Kerb5Authenticator
- java.lang.Object
-
- jcifs.smb.NtlmPasswordAuthenticator
-
- jcifs.smb.Kerb5Authenticator
-
- All Implemented Interfaces:
Serializable,Cloneable,Principal,Credentials,CredentialsInternal
- Direct Known Subclasses:
JAASAuthenticator
public class Kerb5Authenticator extends NtlmPasswordAuthenticator
Base kerberos authenticator Uses a subject that contains kerberos credentials for use in GSSAPI context establishment. Be advised that short/NetBIOS name usage is not supported with this authenticator. Always specify full FQDNs. This can be a problem if using DFS in it's default configuration as they still return referrals in short form. See KB-244380 for compatible server configuration. SeeConfiguration.isDfsConvertToFQDN()for a workaround.- See Also:
- Serialized Form
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class jcifs.smb.NtlmPasswordAuthenticator
NtlmPasswordAuthenticator.AuthenticationType
-
-
Constructor Summary
Constructors Constructor Description Kerb5Authenticator(Subject subject)Construct aKerb5Authenticatorobject withSubjectwhich hold TGT retrieved from KDC.Kerb5Authenticator(Subject subject, String domain, String username, String password)Construct aKerb5Authenticatorobject withSubjectand potential NTLM fallback (if the server does not support kerberos).
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description Kerb5Authenticatorclone()static voidcloneInternal(Kerb5Authenticator to, Kerb5Authenticator from)Clone the contextSSPContextcreateContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning)booleanequals(Object other)Compares two NtlmPasswordAuthentication objects for equality.intgetLifeTime()Get lifetime of this context.StringgetRealm()StringgetService()Get the service name.SubjectgetSubject()Get theSubjectobject.StringgetUser()Get the user name which authenticate against to.StringgetUserDomain()Returns the domain.intgetUserLifeTime()Get lifetime of current user.inthashCode()Return the upcased username hash code.booleanisAnonymous()booleanisPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier mechanism)voidrefresh()voidsetForceFallback(boolean forceFallback)Testing only: force fallback to NTLMvoidsetLifeTime(int time)Set the lifetime for this context.voidsetRealm(String realm)voidsetService(String name)Set the service name which is used to setupGSSContext.protected voidsetSubject(Subject subject)voidsetUser(String name)Set the user name which is used to setupGSSContext.voidsetUserLifeTime(int time)Set lifetime of current user.StringtoString()Return the domain and username in the format: domain\\username.-
Methods inherited from class jcifs.smb.NtlmPasswordAuthenticator
cloneInternal, getAnsiHash, getName, getNTHash, getPassword, getSigningKey, getSpecifiedUserDomain, getUnicodeHash, getUsername, getUserSessionKey, getUserSessionKey, guessAuthenticationType, isGuest, unwrap
-
-
-
-
Constructor Detail
-
Kerb5Authenticator
public Kerb5Authenticator(Subject subject)
Construct aKerb5Authenticatorobject withSubjectwhich hold TGT retrieved from KDC. If multiple TGT are contained, the first one will be used to retrieve user principal.- Parameters:
subject- represents the user who perform Kerberos authentication. It contains tickets retrieve from KDC.
-
Kerb5Authenticator
public Kerb5Authenticator(Subject subject, String domain, String username, String password)
Construct aKerb5Authenticatorobject withSubjectand potential NTLM fallback (if the server does not support kerberos).- Parameters:
subject- represents the user who perform Kerberos authentication. Should at least contain a TGT for the user.domain- domain for NTLM fallbackusername- user for NTLM fallbackpassword- password for NTLM fallback
-
-
Method Detail
-
setForceFallback
public void setForceFallback(boolean forceFallback)
Testing only: force fallback to NTLM- Parameters:
forceFallback- the forceFallback to set
-
createContext
public SSPContext createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning) throws SmbException
- Specified by:
createContextin interfaceCredentialsInternal- Overrides:
createContextin classNtlmPasswordAuthenticator- Returns:
- a new context
- Throws:
SmbException- See Also:
NtlmPasswordAuthenticator.createContext(jcifs.CIFSContext, java.lang.String, java.lang.String, byte[], boolean)
-
setSubject
protected void setSubject(Subject subject)
- Parameters:
subject- the subject to set
-
refresh
public void refresh() throws CIFSException- Specified by:
refreshin interfaceCredentialsInternal- Overrides:
refreshin classNtlmPasswordAuthenticator- Throws:
CIFSException
-
clone
public Kerb5Authenticator clone()
- Specified by:
clonein interfaceCredentialsInternal- Overrides:
clonein classNtlmPasswordAuthenticator- Returns:
- a copy of the credentials
-
cloneInternal
public static void cloneInternal(Kerb5Authenticator to, Kerb5Authenticator from)
Clone the context- Parameters:
to-from-
-
setUser
public void setUser(String name)
Set the user name which is used to setupGSSContext. If null is set, the default user will be used which is retrieved from the first TGT found inSubject.- Parameters:
name- the user name used to setupGSSContext
-
setRealm
public void setRealm(String realm)
- Parameters:
realm- the realm to set
-
getRealm
public String getRealm()
- Returns:
- the kerberos realm
-
getSubject
public Subject getSubject()
Get theSubjectobject.- Specified by:
getSubjectin interfaceCredentialsInternal- Overrides:
getSubjectin classNtlmPasswordAuthenticator- Returns:
- Subject represents the user who perform Kerberos authentication. It contains the tickets retrieve from KDC.
-
getUser
public String getUser()
Get the user name which authenticate against to. If the default user is used, Null will be returned.- Returns:
- user name
-
setService
public void setService(String name)
Set the service name which is used to setupGSSContext. Program will use this name to require service ticket from KDC.- Parameters:
name- the service name used to require service ticket from KDC.
-
getService
public String getService()
Get the service name.- Returns:
- the service name used to require service ticket from KDC
-
getUserLifeTime
public int getUserLifeTime()
Get lifetime of current user.- Returns:
- the remaining lifetime in seconds. If the default lifetime is used, this value have no meaning.
-
setUserLifeTime
public void setUserLifeTime(int time)
Set lifetime of current user.- Parameters:
time- the lifetime in seconds
-
getLifeTime
public int getLifeTime()
Get lifetime of this context.- Returns:
- the remaining lifetime in seconds. If the default lifetime is used, this value have no meaning.
-
setLifeTime
public void setLifeTime(int time)
Set the lifetime for this context.- Parameters:
time- the lifetime in seconds
-
isAnonymous
public boolean isAnonymous()
- Specified by:
isAnonymousin interfaceCredentials- Overrides:
isAnonymousin classNtlmPasswordAuthenticator- Returns:
- whether these are anonymous credentials
- See Also:
Credentials.isAnonymous()
-
isPreferredMech
public boolean isPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier mechanism)
- Overrides:
isPreferredMechin classNtlmPasswordAuthenticator- Returns:
- whether the given mechanism is the preferred one for this credential
- See Also:
NtlmPasswordAuthenticator.isPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier)
-
toString
public String toString()
Return the domain and username in the format: domain\\username. This is equivalent to getName().- Specified by:
toStringin interfacePrincipal- Overrides:
toStringin classNtlmPasswordAuthenticator- See Also:
Object.toString()
-
equals
public boolean equals(Object other)
Compares two NtlmPasswordAuthentication objects for equality. Two NtlmPasswordAuthentication objects are equal if their caseless domain and username fields are equal- Specified by:
equalsin interfacePrincipal- Overrides:
equalsin classNtlmPasswordAuthenticator- See Also:
NtlmPasswordAuthenticator.equals(java.lang.Object)
-
hashCode
public int hashCode()
Return the upcased username hash code.- Specified by:
hashCodein interfacePrincipal- Overrides:
hashCodein classNtlmPasswordAuthenticator- See Also:
Object.hashCode()
-
getUserDomain
public String getUserDomain()
Description copied from class:NtlmPasswordAuthenticatorReturns the domain.- Specified by:
getUserDomainin interfaceCredentials- Overrides:
getUserDomainin classNtlmPasswordAuthenticator- Returns:
- the domain the user account is in
-
-