Package org.pac4j.kerberos.credentials.authenticator

Class SunJaasKerberosTicketValidator

  • All Implemented Interfaces:
    KerberosTicketValidator
    public class SunJaasKerberosTicketValidator
extends org.pac4j.core.util.InitializableObject
implements KerberosTicketValidator
    Implementation of KerberosTicketValidator which uses the SUN JAAS login module, which is included in the SUN JRE, it will not work with an IBM JRE. The whole configuration is done in this class, no additional JAAS configuration is needed.
    Since:
    2.1.0

    originally from spring-kerberos project

    Author:
    Garry Boyce

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void internalInit​(boolean forceReinit)  
      void setDebug​(boolean debug)
      Enables the debug mode of the JAAS Kerberos login module.
      void setHoldOnToGSSContext​(boolean holdOnToGSSContext)
      Determines whether to hold on to the GSS security context or otherwise dispose of it immediately (the default behaviour).
      void setKeyTabLocation​(org.springframework.core.io.Resource keyTabLocation)
      The location of the keytab.
      void setServicePrincipal​(java.lang.String servicePrincipal)
      The service principal of the application.
      KerberosTicketValidation validateTicket​(byte[] token)
      Validates a Kerberos/SPNEGO ticket.

      • Methods inherited from class org.pac4j.core.util.InitializableObject

        afterInternalInit, beforeInternalInit, getLastAttempt, getMaxAttempts, getMinTimeIntervalBetweenAttemptsInMilliseconds, getNbAttempts, init, init, isInitialized, reinit, setMaxAttempts, setMinTimeIntervalBetweenAttemptsInMilliseconds, shouldInitialize

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SunJaasKerberosTicketValidator

        public SunJaasKerberosTicketValidator()

    • Method Detail

      • internalInit

        protected void internalInit​(boolean forceReinit)
        Specified by:
        internalInit in class org.pac4j.core.util.InitializableObject

      • setServicePrincipal

        public void setServicePrincipal​(java.lang.String servicePrincipal)
        The service principal of the application. For web apps this is HTTP/full-qualified-domain-name@DOMAIN. The keytab must contain the key for this principal.
        Parameters:
        servicePrincipal - service principal to use
        See Also:
        setKeyTabLocation(Resource)

      • setKeyTabLocation

        public void setKeyTabLocation​(org.springframework.core.io.Resource keyTabLocation)

        The location of the keytab. You can use the normal Resource prefixes like file: or classpath:, but as the file is later on read by JAAS, we cannot guarantee that classpath works in every environment, esp. not in Java EE application servers. You should use file: there.

        This file also needs special protection, which is another reason to not include it in the classpath but rather use file:/etc/http.keytab for example.

        Parameters:
        keyTabLocation - The location where the keytab resides

      • setDebug

        public void setDebug​(boolean debug)
        Enables the debug mode of the JAAS Kerberos login module.
        Parameters:
        debug - default is false

      • setHoldOnToGSSContext

        public void setHoldOnToGSSContext​(boolean holdOnToGSSContext)
        Determines whether to hold on to the GSS security context or otherwise dispose of it immediately (the default behaviour).

        Holding on to the GSS context allows decrypt and encrypt operations for subsequent interactions with the principal.

        Parameters:
        holdOnToGSSContext - true if should hold on to context