Class KerberosSecurity


  • public class KerberosSecurity
    extends BinarySecurity
    Kerberos Security Token.
    • Constructor Detail

      • KerberosSecurity

        public KerberosSecurity​(Element elem,
                                BSPEnforcer bspEnforcer)
                         throws WSSecurityException
        This constructor creates a new Kerberos token object and initializes it from the data contained in the element.
        Parameters:
        elem - the element containing the Kerberos token data
        bspEnforcer - a BSPEnforcer instance to enforce BSP rules
        Throws:
        WSSecurityException
      • KerberosSecurity

        public KerberosSecurity​(Document doc)
        This constructor creates a new Kerberos element.
        Parameters:
        doc -
    • Method Detail

      • isV5ApReq

        public boolean isV5ApReq()
        Return true if this token is a Kerberos V5 AP REQ token
      • isGssV5ApReq

        public boolean isGssV5ApReq()
        Return true if this token is a Kerberos GSS V5 AP REQ token
      • retrieveServiceTicket

        public void retrieveServiceTicket​(CallbackHandler callbackHandler)
                                   throws WSSecurityException
        Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this BinarySecurityToken.
        Parameters:
        callbackHandler - a CallbackHandler instance to retrieve a password (optional), JAAS Login Module name (required) + service name (required)
        Throws:
        WSSecurityException
      • retrieveServiceTicket

        public void retrieveServiceTicket​(String jaasLoginModuleName,
                                          CallbackHandler callbackHandler,
                                          String serviceName)
                                   throws WSSecurityException
        Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this BinarySecurityToken.
        Parameters:
        jaasLoginModuleName - the JAAS Login Module name to use
        callbackHandler - a CallbackHandler instance to retrieve a password (optional)
        serviceName - the desired Kerberized service
        Throws:
        WSSecurityException
      • decorateSubject

        protected void decorateSubject​(Subject subject)
      • getSecretKey

        public SecretKey getSecretKey()
        Get the SecretKey associated with the service principal
        Returns:
        the SecretKey associated with the service principal
      • isKerberosToken

        public static boolean isKerberosToken​(String valueType)
        Return true if the valueType represents a Kerberos Token
        Parameters:
        valueType - the valueType of the token
        Returns:
        true if the valueType represents a Kerberos Token