org.ietf.jgss.GSSContext Java Examples

The following examples show how to use org.ietf.jgss.GSSContext. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KrbCredSubKey.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 9 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #2
Source File: CrossRealm.java    From hottub with GNU General Public License v2.0 7 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #3
Source File: Context.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #4
Source File: CrossRealm.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #5
Source File: KrbCredSubKey.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #6
Source File: LockOutRealm.java    From tomcatsrc with Apache License 2.0 6 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
    if (gssContext.isEstablished()) {
        String username = null;
        GSSName name = null;
        try {
            name = gssContext.getSrcName();
        } catch (GSSException e) {
            log.warn(sm.getString("realmBase.gssNameFail"), e);
            return null;
        }
        
        username = name.toString();
        
        Principal authenticatedUser = super.authenticate(gssContext, storeCreds);
            
        return filterLockedAccounts(username, authenticatedUser);
    }
    
    // Fail in all other cases
    return null;
}
 
Example #7
Source File: CrossRealm.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #8
Source File: KrbCredSubKey.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #9
Source File: KrbCredSubKey.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #10
Source File: HTTPSpnegoAuthenticator.java    From deprecated-security-advanced-modules with Apache License 2.0 6 votes vote down vote up
private static String getUsernameFromGSSContext(final GSSContext gssContext, final boolean strip, final Logger logger) {
    if (gssContext.isEstablished()) {
        GSSName gssName = null;
        try {
            gssName = gssContext.getSrcName();
        } catch (final GSSException e) {
            logger.error("Unable to get src name from gss context", e);
        }

        if (gssName != null) {
            String name = gssName.toString();
            return stripRealmName(name, strip);
        } else {
            logger.error("GSS name is null");
        }
    } else {
        logger.error("GSS context not established");
    }

    return null;
}
 
Example #11
Source File: KerberosRealm.java    From elasticsearch-shield-kerberos-realm with Apache License 2.0 6 votes vote down vote up
private static String getUsernameFromGSSContext(final GSSContext gssContext, final boolean strip, final ESLogger logger) {
    if (gssContext.isEstablished()) {
        GSSName gssName = null;
        try {
            gssName = gssContext.getSrcName();
        } catch (final GSSException e) {
            logger.error("Unable to get src name from gss context", e);
        }

        if (gssName != null) {
            String name = gssName.toString();

            return stripRealmName(name, strip);

        }
    }

    return null;
}
 
Example #12
Source File: KrbCredSubKey.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #13
Source File: CrossRealm.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #14
Source File: Context.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #15
Source File: MechTokenMissing.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
 
Example #16
Source File: GssClient.java    From ats-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Called when SPNEGO client-service authentication is taking place.
 * 
 * @param context
 * @param negotiationToken
 * @return
 * @throws GSSException
 */
public byte[] negotiate( GSSContext context, byte[] negotiationToken ) throws GSSException {

    if (subject == null) {
        loginViaJAAS(); // throw GSSException if fail to login
    }
    // If we do not have the service ticket it will be retrieved
    // from the TGS on a call to initSecContext().
    NegotiateContextAction negotiationAction = new NegotiateContextAction(context, negotiationToken);
    // Run the negotiation as the initiator
    // The service ticket will then be cached in the Subject's
    // private credentials, as the subject.
    negotiationToken = (byte[]) Subject.doAs(subject, negotiationAction);
    if (negotiationAction.getGSSException() != null) {
        throw negotiationAction.getGSSException();
    }

    return negotiationToken;
}
 
Example #17
Source File: KrbCredSubKey.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #18
Source File: MechTokenMissing.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
 
Example #19
Source File: Context.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #20
Source File: CrossRealm.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #21
Source File: MechTokenMissing.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
 
Example #22
Source File: KrbCredSubKey.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #23
Source File: KrbCredSubKey.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #24
Source File: Context.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #25
Source File: CrossRealm.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #26
Source File: FallbackAuthorization.java    From swift-k with Apache License 2.0 6 votes vote down vote up
public void authorize(GSSContext context, String host) throws AuthorizationException {
	if (authz == null || authz.length == 0) {
		throw new AuthorizationException("No authorization");
	}
	else {
		String message = "";
		for (int i = 0; i < authz.length; i++) {
			try {
				authz[i].authorize(context, host);
				return;
			}
			catch (AuthorizationException e) {
				message = message + "\n" + e.getMessage();
			}
		}
		throw new AuthorizationException(message);
	}
}
 
Example #27
Source File: CrossRealm.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #28
Source File: CrossRealm.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #29
Source File: TdsCore.java    From jTDS with GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * Initializes the GSS context and creates the initial token.
 */
private byte[] createGssToken()
   throws GSSException, UnknownHostException
{
   GSSManager manager = GSSManager.getInstance();

   // Oids for Kerberos5
   Oid mech = new Oid( "1.2.840.113554.1.2.2" );
   Oid nameType = new Oid( "1.2.840.113554.1.2.2.1" );

   // Canonicalize hostname to create SPN like MIT Kerberos does
   String host = InetAddress.getByName( socket.getHost() ).getCanonicalHostName();
   int port = socket.getPort();

   GSSName serverName = manager.createName( "MSSQLSvc/" + host + ":" + port, nameType );

   Logger.println( "GSS: Using SPN " + serverName );

   _gssContext = manager.createContext( serverName, mech, null, GSSContext.DEFAULT_LIFETIME );
   _gssContext.requestMutualAuth( true );  // FIXME: may fail, check via _gssContext.getMutualAuthState()

   byte[] token = _gssContext.initSecContext( new byte[0], 0, 0 );
   Logger.println( "GSS: Created GSS token (length: " + token.length + ")" );

   return token;
}
 
Example #30
Source File: Context.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}