Package org.apache.wss4j.dom.message.token

Class KerberosSecurity

  • public class KerberosSecurity
extends BinarySecurity
    Kerberos Security Token.

    • Constructor Detail

      • KerberosSecurity

        public KerberosSecurity​(Element elem,
                        BSPEnforcer bspEnforcer)
                 throws WSSecurityException
        This constructor creates a new Kerberos token object and initializes it from the data contained in the element.
        Parameters:
        elem - the element containing the Kerberos token data
        bspEnforcer - a BSPEnforcer instance to enforce BSP rules
        Throws:
        WSSecurityException

      • KerberosSecurity

        public KerberosSecurity​(Document doc)
        This constructor creates a new Kerberos element.
        Parameters:
        doc -

    • Method Detail

      • isV5ApReq

        public boolean isV5ApReq()
        Return true if this token is a Kerberos V5 AP REQ token

      • isGssV5ApReq

        public boolean isGssV5ApReq()
        Return true if this token is a Kerberos GSS V5 AP REQ token

      • retrieveServiceTicket

        public void retrieveServiceTicket​(CallbackHandler callbackHandler)
                           throws WSSecurityException
        Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this BinarySecurityToken.
        Parameters:
        callbackHandler - a CallbackHandler instance to retrieve a password (optional), JAAS Login Module name (required) + service name (required)
        Throws:
        WSSecurityException

      • retrieveServiceTicket

        public void retrieveServiceTicket​(String jaasLoginModuleName,
                                  CallbackHandler callbackHandler,
                                  String serviceName)
                           throws WSSecurityException
        Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this BinarySecurityToken.
        Parameters:
        jaasLoginModuleName - the JAAS Login Module name to use
        callbackHandler - a CallbackHandler instance to retrieve a password (optional)
        serviceName - the desired Kerberized service
        Throws:
        WSSecurityException

      • decorateSubject

        protected void decorateSubject​(Subject subject)

      • getSecretKey

        public SecretKey getSecretKey()
        Get the SecretKey associated with the service principal
        Returns:
        the SecretKey associated with the service principal

      • isKerberosToken

        public static boolean isKerberosToken​(String valueType)
        Return true if the valueType represents a Kerberos Token
        Parameters:
        valueType - the valueType of the token
        Returns:
        true if the valueType represents a Kerberos Token