Package jcifs.smb
Class Kerb5Authenticator
- java.lang.Object
-
- jcifs.smb.NtlmPasswordAuthenticator
-
- jcifs.smb.Kerb5Authenticator
-
- All Implemented Interfaces:
Serializable
,Cloneable
,Principal
,Credentials
,CredentialsInternal
- Direct Known Subclasses:
JAASAuthenticator
public class Kerb5Authenticator extends NtlmPasswordAuthenticator
Base kerberos authenticator Uses a subject that contains kerberos credentials for use in GSSAPI context establishment. Be advised that short/NetBIOS name usage is not supported with this authenticator. Always specify full FQDNs. This can be a problem if using DFS in it's default configuration as they still return referrals in short form. See KB-244380 for compatible server configuration. SeeConfiguration.isDfsConvertToFQDN()
for a workaround.- See Also:
- Serialized Form
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class jcifs.smb.NtlmPasswordAuthenticator
NtlmPasswordAuthenticator.AuthenticationType
-
-
Constructor Summary
Constructors Constructor Description Kerb5Authenticator(Subject subject)
Construct aKerb5Authenticator
object withSubject
which hold TGT retrieved from KDC.Kerb5Authenticator(Subject subject, String domain, String username, String password)
Construct aKerb5Authenticator
object withSubject
and potential NTLM fallback (if the server does not support kerberos).
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description Kerb5Authenticator
clone()
static void
cloneInternal(Kerb5Authenticator to, Kerb5Authenticator from)
Clone the contextSSPContext
createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning)
boolean
equals(Object other)
Compares two NtlmPasswordAuthentication objects for equality.int
getLifeTime()
Get lifetime of this context.String
getRealm()
String
getService()
Get the service name.Subject
getSubject()
Get theSubject
object.String
getUser()
Get the user name which authenticate against to.String
getUserDomain()
Returns the domain.int
getUserLifeTime()
Get lifetime of current user.int
hashCode()
Return the upcased username hash code.boolean
isAnonymous()
boolean
isPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier mechanism)
void
refresh()
void
setForceFallback(boolean forceFallback)
Testing only: force fallback to NTLMvoid
setLifeTime(int time)
Set the lifetime for this context.void
setRealm(String realm)
void
setService(String name)
Set the service name which is used to setupGSSContext
.protected void
setSubject(Subject subject)
void
setUser(String name)
Set the user name which is used to setupGSSContext
.void
setUserLifeTime(int time)
Set lifetime of current user.String
toString()
Return the domain and username in the format: domain\\username.-
Methods inherited from class jcifs.smb.NtlmPasswordAuthenticator
cloneInternal, getAnsiHash, getName, getNTHash, getPassword, getSigningKey, getSpecifiedUserDomain, getUnicodeHash, getUsername, getUserSessionKey, getUserSessionKey, guessAuthenticationType, isGuest, unwrap
-
-
-
-
Constructor Detail
-
Kerb5Authenticator
public Kerb5Authenticator(Subject subject)
Construct aKerb5Authenticator
object withSubject
which hold TGT retrieved from KDC. If multiple TGT are contained, the first one will be used to retrieve user principal.- Parameters:
subject
- represents the user who perform Kerberos authentication. It contains tickets retrieve from KDC.
-
Kerb5Authenticator
public Kerb5Authenticator(Subject subject, String domain, String username, String password)
Construct aKerb5Authenticator
object withSubject
and potential NTLM fallback (if the server does not support kerberos).- Parameters:
subject
- represents the user who perform Kerberos authentication. Should at least contain a TGT for the user.domain
- domain for NTLM fallbackusername
- user for NTLM fallbackpassword
- password for NTLM fallback
-
-
Method Detail
-
setForceFallback
public void setForceFallback(boolean forceFallback)
Testing only: force fallback to NTLM- Parameters:
forceFallback
- the forceFallback to set
-
createContext
public SSPContext createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning) throws SmbException
- Specified by:
createContext
in interfaceCredentialsInternal
- Overrides:
createContext
in classNtlmPasswordAuthenticator
- Returns:
- a new context
- Throws:
SmbException
- See Also:
NtlmPasswordAuthenticator.createContext(jcifs.CIFSContext, java.lang.String, java.lang.String, byte[], boolean)
-
setSubject
protected void setSubject(Subject subject)
- Parameters:
subject
- the subject to set
-
refresh
public void refresh() throws CIFSException
- Specified by:
refresh
in interfaceCredentialsInternal
- Overrides:
refresh
in classNtlmPasswordAuthenticator
- Throws:
CIFSException
-
clone
public Kerb5Authenticator clone()
- Specified by:
clone
in interfaceCredentialsInternal
- Overrides:
clone
in classNtlmPasswordAuthenticator
- Returns:
- a copy of the credentials
-
cloneInternal
public static void cloneInternal(Kerb5Authenticator to, Kerb5Authenticator from)
Clone the context- Parameters:
to
-from
-
-
setUser
public void setUser(String name)
Set the user name which is used to setupGSSContext
. If null is set, the default user will be used which is retrieved from the first TGT found inSubject
.- Parameters:
name
- the user name used to setupGSSContext
-
setRealm
public void setRealm(String realm)
- Parameters:
realm
- the realm to set
-
getRealm
public String getRealm()
- Returns:
- the kerberos realm
-
getSubject
public Subject getSubject()
Get theSubject
object.- Specified by:
getSubject
in interfaceCredentialsInternal
- Overrides:
getSubject
in classNtlmPasswordAuthenticator
- Returns:
- Subject represents the user who perform Kerberos authentication. It contains the tickets retrieve from KDC.
-
getUser
public String getUser()
Get the user name which authenticate against to. If the default user is used, Null will be returned.- Returns:
- user name
-
setService
public void setService(String name)
Set the service name which is used to setupGSSContext
. Program will use this name to require service ticket from KDC.- Parameters:
name
- the service name used to require service ticket from KDC.
-
getService
public String getService()
Get the service name.- Returns:
- the service name used to require service ticket from KDC
-
getUserLifeTime
public int getUserLifeTime()
Get lifetime of current user.- Returns:
- the remaining lifetime in seconds. If the default lifetime is used, this value have no meaning.
-
setUserLifeTime
public void setUserLifeTime(int time)
Set lifetime of current user.- Parameters:
time
- the lifetime in seconds
-
getLifeTime
public int getLifeTime()
Get lifetime of this context.- Returns:
- the remaining lifetime in seconds. If the default lifetime is used, this value have no meaning.
-
setLifeTime
public void setLifeTime(int time)
Set the lifetime for this context.- Parameters:
time
- the lifetime in seconds
-
isAnonymous
public boolean isAnonymous()
- Specified by:
isAnonymous
in interfaceCredentials
- Overrides:
isAnonymous
in classNtlmPasswordAuthenticator
- Returns:
- whether these are anonymous credentials
- See Also:
Credentials.isAnonymous()
-
isPreferredMech
public boolean isPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier mechanism)
- Overrides:
isPreferredMech
in classNtlmPasswordAuthenticator
- Returns:
- whether the given mechanism is the preferred one for this credential
- See Also:
NtlmPasswordAuthenticator.isPreferredMech(org.bouncycastle.asn1.ASN1ObjectIdentifier)
-
toString
public String toString()
Return the domain and username in the format: domain\\username. This is equivalent to getName().- Specified by:
toString
in interfacePrincipal
- Overrides:
toString
in classNtlmPasswordAuthenticator
- See Also:
Object.toString()
-
equals
public boolean equals(Object other)
Compares two NtlmPasswordAuthentication objects for equality. Two NtlmPasswordAuthentication objects are equal if their caseless domain and username fields are equal- Specified by:
equals
in interfacePrincipal
- Overrides:
equals
in classNtlmPasswordAuthenticator
- See Also:
NtlmPasswordAuthenticator.equals(java.lang.Object)
-
hashCode
public int hashCode()
Return the upcased username hash code.- Specified by:
hashCode
in interfacePrincipal
- Overrides:
hashCode
in classNtlmPasswordAuthenticator
- See Also:
Object.hashCode()
-
getUserDomain
public String getUserDomain()
Description copied from class:NtlmPasswordAuthenticator
Returns the domain.- Specified by:
getUserDomain
in interfaceCredentials
- Overrides:
getUserDomain
in classNtlmPasswordAuthenticator
- Returns:
- the domain the user account is in
-
-