Package org.apache.wss4j.dom.validate

Class KerberosTokenValidator

    • Constructor Detail

      • KerberosTokenValidator

        public KerberosTokenValidator()

    • Method Detail

      • getContextName

        public String getContextName()
        Get the JAAS Login context name to use.
        Returns:
        the JAAS Login context name to use

      • setContextName

        public void setContextName​(String contextName)
        Set the JAAS Login context name to use.
        Parameters:
        contextName - the JAAS Login context name to use

      • getCallbackHandler

        public CallbackHandler getCallbackHandler()
        Get the CallbackHandler to use with the LoginContext
        Returns:
        the CallbackHandler to use with the LoginContext

      • setCallbackHandler

        public void setCallbackHandler​(CallbackHandler callbackHandler)
        Set the CallbackHandler to use with the LoginContext. It can be null.
        Parameters:
        callbackHandler - the CallbackHandler to use with the LoginContext

      • setServiceName

        public void setServiceName​(String serviceName)
        The name of the service to use when contacting the KDC. This value can be null, in which case it defaults to the current principal name.
        Parameters:
        serviceName - the name of the service to use when contacting the KDC

      • getServiceName

        public String getServiceName()
        Get the name of the service to use when contacting the KDC. This value can be null, in which case it defaults to the current principal name.
        Returns:
        the name of the service to use when contacting the KDC

      • getKerberosTokenDecoder

        public KerberosTokenDecoder getKerberosTokenDecoder()
        Get the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.
        Returns:
        the KerberosTokenDecoder instance used to extract a session key

      • setKerberosTokenDecoder

        public void setKerberosTokenDecoder​(KerberosTokenDecoder kerberosTokenDecoder)
        Set the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.
        Parameters:
        kerberosTokenDecoder - the KerberosTokenDecoder instance used to extract a session key

      • validate

        public Credential validate​(Credential credential,
                           RequestData data)
                    throws WSSecurityException
        Validate the credential argument. It must contain a non-null BinarySecurityToken.
        Specified by:
        validate in interface Validator
        Parameters:
        credential - the Credential to be validated
        data - the RequestData associated with the request
        Returns:
        a validated Credential
        Throws:
        WSSecurityException - on a failed validation

      • isUsernameServiceNameForm

        public boolean isUsernameServiceNameForm()
        SPN can be configured to be in either "hostbased" or "username" form.
        - "hostbased" - specifies that the service principal name should be interpreted as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service Name Form" - The service name, as it is specified in LDAP/AD, as it is listed in the KDC.
        - "username" - specifies that the service principal name should be interpreted as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form" � This is usually the client username in LDAP/AD used for authentication to the KDC.

        Default is "hostbased".
        Returns:
        the isUsernameServiceNameForm

      • isSpnego

        public boolean isSpnego()

      • setSpnego

        public void setSpnego​(boolean spnego)