Package org.apache.wss4j.dom.validate
Class KerberosTokenValidator
- java.lang.Object
-
- org.apache.wss4j.dom.validate.KerberosTokenValidator
-
-
Constructor Summary
Constructors Constructor Description KerberosTokenValidator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description CallbackHandler
getCallbackHandler()
Get the CallbackHandler to use with the LoginContextString
getContextName()
Get the JAAS Login context name to use.KerberosTokenDecoder
getKerberosTokenDecoder()
Get the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.String
getServiceName()
Get the name of the service to use when contacting the KDC.boolean
isSpnego()
boolean
isUsernameServiceNameForm()
SPN can be configured to be in either "hostbased" or "username" form.
- "hostbased" - specifies that the service principal name should be interpreted as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service Name Form" - The service name, as it is specified in LDAP/AD, as it is listed in the KDC.
- "username" - specifies that the service principal name should be interpreted as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form" � This is usually the client username in LDAP/AD used for authentication to the KDC.void
setCallbackHandler(CallbackHandler callbackHandler)
Set the CallbackHandler to use with the LoginContext.void
setContextName(String contextName)
Set the JAAS Login context name to use.void
setKerberosTokenDecoder(KerberosTokenDecoder kerberosTokenDecoder)
Set the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.void
setServiceName(String serviceName)
The name of the service to use when contacting the KDC.void
setSpnego(boolean spnego)
void
setUsernameServiceNameForm(boolean isUsernameServiceNameForm)
If true - sets the SPN form to "username"
If false(default) - the SPN form is "hostbased"Credential
validate(Credential credential, RequestData data)
Validate the credential argument.
-
-
-
Method Detail
-
getContextName
public String getContextName()
Get the JAAS Login context name to use.- Returns:
- the JAAS Login context name to use
-
setContextName
public void setContextName(String contextName)
Set the JAAS Login context name to use.- Parameters:
contextName
- the JAAS Login context name to use
-
getCallbackHandler
public CallbackHandler getCallbackHandler()
Get the CallbackHandler to use with the LoginContext- Returns:
- the CallbackHandler to use with the LoginContext
-
setCallbackHandler
public void setCallbackHandler(CallbackHandler callbackHandler)
Set the CallbackHandler to use with the LoginContext. It can be null.- Parameters:
callbackHandler
- the CallbackHandler to use with the LoginContext
-
setServiceName
public void setServiceName(String serviceName)
The name of the service to use when contacting the KDC. This value can be null, in which case it defaults to the current principal name.- Parameters:
serviceName
- the name of the service to use when contacting the KDC
-
getServiceName
public String getServiceName()
Get the name of the service to use when contacting the KDC. This value can be null, in which case it defaults to the current principal name.- Returns:
- the name of the service to use when contacting the KDC
-
getKerberosTokenDecoder
public KerberosTokenDecoder getKerberosTokenDecoder()
Get the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.- Returns:
- the KerberosTokenDecoder instance used to extract a session key
-
setKerberosTokenDecoder
public void setKerberosTokenDecoder(KerberosTokenDecoder kerberosTokenDecoder)
Set the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.- Parameters:
kerberosTokenDecoder
- the KerberosTokenDecoder instance used to extract a session key
-
validate
public Credential validate(Credential credential, RequestData data) throws WSSecurityException
Validate the credential argument. It must contain a non-null BinarySecurityToken.- Specified by:
validate
in interfaceValidator
- Parameters:
credential
- the Credential to be validateddata
- the RequestData associated with the request- Returns:
- a validated Credential
- Throws:
WSSecurityException
- on a failed validation
-
isUsernameServiceNameForm
public boolean isUsernameServiceNameForm()
SPN can be configured to be in either "hostbased" or "username" form.
- "hostbased" - specifies that the service principal name should be interpreted as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service Name Form" - The service name, as it is specified in LDAP/AD, as it is listed in the KDC.
- "username" - specifies that the service principal name should be interpreted as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form" � This is usually the client username in LDAP/AD used for authentication to the KDC.
Default is "hostbased".- Returns:
- the isUsernameServiceNameForm
-
setUsernameServiceNameForm
public void setUsernameServiceNameForm(boolean isUsernameServiceNameForm)
If true - sets the SPN form to "username"
If false(default) - the SPN form is "hostbased"- Parameters:
isUsernameServiceNameForm
- the isUsernameServiceNameForm to set- See Also:
KerberosSecurity.retrieveServiceTicket(String, CallbackHandler, String, boolean)
-
isSpnego
public boolean isSpnego()
-
setSpnego
public void setSpnego(boolean spnego)
-
-