Package org.pac4j.kerberos.credentials.authenticator

Class SunJaasKerberosTicketValidator

java.lang.Object

org.pac4j.core.util.InitializableObject

org.pac4j.kerberos.credentials.authenticator.SunJaasKerberosTicketValidator

All Implemented Interfaces:

KerberosTicketValidator

public class SunJaasKerberosTicketValidator
extends org.pac4j.core.util.InitializableObject
implements KerberosTicketValidator

Implementation of KerberosTicketValidator which uses the SUN JAAS login module, which is included in the SUN JRE, it will not work with an IBM JRE. The whole configuration is done in this class, no additional JAAS configuration is needed.

Since:

2.1.0

originally from spring-kerberos project

Author:

Garry Boyce

Constructor Summary

Constructors

Constructor	Description
SunJaasKerberosTicketValidator()

Method Summary

Modifier and Type	Method	Description
protected void	internalInit(boolean forceReinit)
void	setDebug(boolean debug)	Enables the debug mode of the JAAS Kerberos login module.
void	setHoldOnToGSSContext(boolean holdOnToGSSContext)	Determines whether to hold on to the GSS security context or otherwise dispose of it immediately (the default behaviour).
void	setKeyTabLocation(org.springframework.core.io.Resource keyTabLocation)	The location of the keytab.
void	setServicePrincipal(String servicePrincipal)	The service principal of the application.
KerberosTicketValidation	validateTicket(byte[] token)	Validates a Kerberos/SPNEGO ticket.

Methods inherited from class org.pac4j.core.util.InitializableObject

afterInternalInit, beforeInternalInit, getInitialized, getLastAttempt, getMaxAttempts, getMinTimeIntervalBetweenAttemptsInMilliseconds, getNbAttempts, init, init, isInitialized, reinit, setMaxAttempts, setMinTimeIntervalBetweenAttemptsInMilliseconds, shouldInitialize, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

SunJaasKerberosTicketValidator

public SunJaasKerberosTicketValidator()

Method Details

validateTicket

public KerberosTicketValidation validateTicket(byte[] token)

Validates a Kerberos/SPNEGO ticket.

Specified by:

validateTicket in interface KerberosTicketValidator

Parameters:

token - Kerbeos/SPNEGO ticket

Returns:

authenticated kerberos principal

internalInit

protected void internalInit(boolean forceReinit)

Specified by:

internalInit in class org.pac4j.core.util.InitializableObject

setServicePrincipal

public void setServicePrincipal(String servicePrincipal)

The service principal of the application. For web apps this is HTTP/full-qualified-domain-name@DOMAIN. The keytab must contain the key for this principal.

Parameters:

servicePrincipal - service principal to use

See Also:

• setKeyTabLocation(Resource)

setKeyTabLocation

public void setKeyTabLocation(org.springframework.core.io.Resource keyTabLocation)

The location of the keytab. You can use the normal Resource prefixes like file: or classpath:, but as the file is later on read by JAAS, we cannot guarantee that classpath works in every environment, esp. not in Java EE application servers. You should use file: there.

This file also needs special protection, which is another reason to not include it in the classpath but rather use file:/etc/http.keytab for example.

Parameters:

keyTabLocation - The location where the keytab resides

setDebug

public void setDebug(boolean debug)

Enables the debug mode of the JAAS Kerberos login module.

Parameters:

debug - default is false

setHoldOnToGSSContext

public void setHoldOnToGSSContext(boolean holdOnToGSSContext)

Determines whether to hold on to the GSS security context or otherwise dispose of it immediately (the default behaviour).

Holding on to the GSS context allows decrypt and encrypt operations for subsequent interactions with the principal.

Parameters:

holdOnToGSSContext - true if should hold on to context