com.ibm.security.jgss
Class GSSManagerImpl
- java.lang.Object
org.ietf.jgss.GSSManager
com.ibm.security.jgss.GSSManagerImpl
- public class GSSManagerImpl
- extends GSSManager
Field Summary
Modifier and Type | Field and Description |
---|---|
|
GSS_PROVIDER_PROPERTY_PREFIX
Provider property prefix for GSS mechanisms.
|
|
GSS_PROVIDER_PROPERTY_PREFIX_LEN
Length of provider property prefix for GSS mechanisms.
|
|
MECH_TYPE_KRB5
Oid representing the Kerberos V5 mechanism.
|
|
MECH_TYPE_KRB5_RFC1510
Oid representing the Kerberos V5 mechanism.
|
|
MECH_TYPE_SPKM1
Oid representing SPKM-1.
|
|
MECH_TYPE_SPKM2
Oid representing SPKM-2.
|
|
MECH_TYPE_SPNEGO
Oid representing SPNEGO.
|
Constructor Summary
Constructor and Description |
---|
GSSManagerImpl()
|
GSSManagerImpl(int caller)
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
addProviderAtEnd(java.security.Provider p,Oid mech)
|
|
addProviderAtFront(java.security.Provider p,Oid mech)
|
createContext(byte[] interProcessToken)
|
|
createContext(GSSCredential cred)
|
|
createContext(GSSName peer,Oid mech,GSSCredential cred,int lifetime)
|
|
createCredential(GSSName aName,int lifeTime,Oid[] mechs,int usage)
|
|
createCredential(GSSName aName,int lifeTime,Oid mech,int usage)
|
|
createCredential(int usage)
|
|
createMechContext(byte[] interProcessToken,Oid mech)
|
|
createMechContext(GSSCredentialSpi cred,Oid mech)
|
|
createMechContext(GSSCredentialSpi cred,Oid mech,GSSContext con)
|
|
createMechContext(GSSNameSpi peer,GSSCredentialSpi cred,int lifetime,Oid mech)
|
|
createMechCredential(GSSNameSpi name,int initLifetime,int acceptLifetime,int usage,Oid mech)
|
|
createName(byte[] name,Oid nameType)
|
|
createName(byte[] name,Oid nameType,Oid mechType)
|
|
createName(GSSNameSpi mechName)
|
|
createName(java.lang.String nameStr,Oid nameType)
|
|
createName(java.lang.String nameStr,Oid nameType,Oid mechType)
|
|
|
getMechs()
|
|
getMechsForName(Oid nameType)
|
|
getNamesForMech(Oid mech)
|
|
useAllCreds()
|
|
useSubjectCredsOnly()
Returns the value of the javax.security.auth.useSubjectCredsOnly
property.
|
Methods inherited from class org.ietf.jgss.GSSManager |
---|
getInstance |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail
MECH_TYPE_KRB5
- public static Oid MECH_TYPE_KRB5
MECH_TYPE_KRB5_RFC1510
- public static Oid MECH_TYPE_KRB5_RFC1510
MECH_TYPE_SPKM1
- public static Oid MECH_TYPE_SPKM1
MECH_TYPE_SPKM2
- public static Oid MECH_TYPE_SPKM2
MECH_TYPE_SPNEGO
- public static Oid MECH_TYPE_SPNEGO
GSS_PROVIDER_PROPERTY_PREFIX
- public static final java.lang.String GSS_PROVIDER_PROPERTY_PREFIX
GSS_PROVIDER_PROPERTY_PREFIX_LEN
- public static final int GSS_PROVIDER_PROPERTY_PREFIX_LEN
Constructor Detail
GSSManagerImpl
- public GSSManagerImpl(int caller)
- throws GSSException
GSSManagerImpl
- public GSSManagerImpl()
- throws GSSException
Method Detail
getMechs
- public Oid[] getMechs()
GSSManager
getMechs
in class GSSManager
getMechsForName
GSSManager
getMechsForName
in class GSSManager
nameType
- The Oid object for the name type. getNamesForMech
- public Oid[] getNamesForMech(Oid mech)
- throws GSSException
GSSManager
getNamesForMech
in class GSSManager
mech
- The Oid object for the mechanism to query. createName
- public GSSName createName(java.lang.String nameStr,
- Oid nameType)
- throws GSSException
GSSManager
createName
in class GSSManager
nameStr
- The string representing a printable form of the name to create. nameType
- The Oid specifying the namespace of the printable name
qualify the interpretation of the input nameStr, it
does not necessarily imply a type for the output
GSSName implementation. "null" value can be used to
specify that a mechanism specific default printable
syntax should be assumed by each mechanism that
examines nameStr. createName
- public GSSName createName(byte[] name,
- Oid nameType)
- throws GSSException
GSSManager
createName
in class GSSManager
name
- The byte array containing the name to create. nameType
- The Oid specifying the namespace of the name supplied
in the byte array. Note that nameType serves to
describe and qualify the interpretation of the input
name byte array, it does not necessarily imply a type
for the output GSSName implementation. "null" value
can be used to specify that a mechanism specific
default syntax should be assumed by each mechanism
that examines the byte array. createName
- public GSSName createName(java.lang.String nameStr,
- Oid nameType,
- Oid mechType)
- throws GSSException
GSSManager
createName(String, Oid)
method and then also the
canonicalize
method.
createName
in class GSSManager
nameStr
- The string representing a printable
form of the name to create. nameType
- The Oid specifying the namespace of the printable name
supplied. Note that nameType serves to describe and
qualify the interpretation of the input nameStr, it
does not necessarily imply a type for the output
GSSName implementation. "null" value can be used to
specify that a mechanism specific default printable
syntax should be assumed when the mechanism examines nameStr. mechType
- Oid specifying the mechanism for which this name
should be created. createName
- public GSSName createName(byte[] name,
- Oid nameType,
- Oid mechType)
- throws GSSException
GSSManager
createName(byte[], Oid)
method followed by the
canonicalize
createName
in class GSSManager
name
- The byte array representing the name to create. nameType
- The Oid specifying the namespace of the name supplied
in the byte array. Note that nameType serves to
describe and qualify the interpretation of the input
name byte array, it does not necessarily imply a type
for the output GSSName implementation. "null" value
can be used to specify that a mechanism specific
default syntax should be assumed by each mechanism
that examines the byte array. mechType
- Oid specifying the mechanism for which this name
should be created. createCredential
- public GSSCredential createCredential( int usage)
- throws GSSException
GSSManager
createCredential
in class GSSManager
usage
- The intended usage for this credential object. The
value of this parameter must be one of:
GSSCredential.ACCEPT_AND_INITIATE,
GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY createCredential
- public GSSCredential createCredential( GSSName aName,
- int lifeTime,
- Oid mech,
- int usage)
- throws GSSException
GSSManager
createCredential
in class GSSManager
aName
- Name of the principal for whom this credential is to be
acquired. Use "null" to specify the default principal. usage
- The intended usage for this credential object. The
value of this parameter must be one of:
GSSCredential.ACCEPT_AND_INITIATE,
GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY createCredential
- public GSSCredential createCredential( GSSName aName,
- int lifeTime,
- Oid[] mechs,
- int usage)
- throws GSSException
GSSManager
getMechs
method.
createCredential
in class GSSManager
aName
- Name of the principal for whom this credential is to be
acquired. Use "null" to specify the default principal. usage
- The intended usage for this credential object. The
value of this parameter must be one of:
GSSCredential.ACCEPT_AND_INITIATE,
GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY createContext
- public GSSContext createContext( GSSName peer,
- Oid mech,
- GSSCredential cred,
- int lifetime)
- throws GSSException
GSSManager
createContext
in class GSSManager
peer
- Name of the target peer. lifetime
- The request lifetime, in seconds, for the credential. createContext
- public GSSContext createContext( GSSCredential cred)
- throws GSSException
GSSManager
createContext
in class GSSManager
createContext
- public GSSContext createContext( byte[] interProcessToken)
- throws GSSException
GSSManager
createContext
in class GSSManager
interProcessToken
- The token previously emitted
from the export method. addProviderAtFront
- public void addProviderAtFront( java.security.Provider p,
- Oid mech)
- throws GSSException
GSSManager
Calling this method repeatedly preserves the older settings but lowers them in preference thus forming an ordered list of provider and Oid pairs that grows at the top.
Calling addProviderAtFront with a null Oid will remove all previous preferences that were set for this provider in the GSSManager instance. Calling addProviderAtFront with a non-null Oid will remove any previous preference that was set using this mechanism and this provider together.
If the GSSManager implementation does not support an SPI with a pluggable provider architecture it should throw a GSSException with the status code GSSException.UNAVAILABLE to indicate that the operation is unavailable.
Here are some examples:
Suppose an application desired that the provider A always be checked first when any mechanism is needed, it would call:
Now if it also desired that the mechanism of Oid m1 always be obtained from the provider B before the previously set A was checked, it would call:GSSManager mgr = GSSManager.getInstance(); // mgr may at this point have its own pre-configured list // of provider preferences. The following will prepend to // any such list: mgr.addProviderAtFront(A, null);
The GSSManager would then first check with B if m1 was needed. In case B did not provide support for m1, the GSSManager would continue on to check with A. If any mechanism m2 is needed where m2 is different from m1 then the GSSManager would skip B and check with A directly.mgr.addProviderAtFront(B, m1);
Suppose at a later time the following call is made to the same GSSManager instance:
then the previous setting with the pair (B, m1) is subsumed by this and should be removed. Effectively the list of preferences now becomes {(B, null), (A, null), ... //followed by the pre-configured list.mgr.addProviderAtFront(B, null)
Please note, however, that the following call:
does not subsume the previous setting of (A, null) and the list will effectively become {(A, m3), (B, null), (A, null), ...}mgr.addProviderAtFront(A, m3)
addProviderAtFront
in class GSSManager
p
- The provider instance that should be used whenever
support is needed for mech. mech
- The mechanism for which the provider is being set addProviderAtEnd
- public void addProviderAtEnd(java.security.Provider p,
- Oid mech)
- throws GSSException
GSSManager
Calling this method repeatedly preserves the older settings but raises them above newer ones in preference thus forming an ordered list of providers and Oid pairs that grows at the bottom. Thus the older provider settings will be utilized first before this one is.
If there are any previously existing preferences that conflict with the preference being set here, then the GSSManager should ignore this request.
If the GSSManager implementation does not support an SPI with a pluggable provider architecture it should throw a GSSException with the status code GSSException.UNAVAILABLE to indicate that the operation is unavailable.
Example Code
Suppose an application desired that when a mechanism of Oid m1 is needed the system default providers always be checked first, and only when they do not support m1 should a provider A be checked. It would then make the call:
Now, if it also desired that for all mechanisms the provider B be checked after all configured providers have been checked, it would then call:GSSManager mgr = GSSManager.getInstance(); mgr.addProviderAtEnd(A, m1);
Effectively the list of preferences now becomes {..., (A, m1), (B, null)}.mgr.addProviderAtEnd(B, null);
Suppose at a later time the following call is made to the same GSSManager instance:
then the previous setting with the pair (B, null) subsumes this and therefore this request should be ignored. The same would happen if a request is made for the already existing pairs of (A, m1) or (B, null).mgr.addProviderAtEnd(B, m2)
Please note, however, that the following call:
is not subsumed by the previous setting of (A, m1) and the list will effectively become {..., (A, m1), (B, null), (A, null)}mgr.addProviderAtEnd(A, null)
addProviderAtEnd
in class GSSManager
p
- The provider instance that should be used whenever
support is needed for mech. mech
- The mechanism for which the provider is being set useSubjectCredsOnly
- public static boolean useSubjectCredsOnly( )
createMechCredential
- public GSSCredentialSpi createMechCredential( GSSNameSpi name,
- int initLifetime,
- int acceptLifetime,
- int usage,
- Oid mech)
- throws GSSException
createMechContext
- public GSSContextSpi createMechContext( GSSNameSpi peer,
- GSSCredentialSpi cred,
- int lifetime,
- Oid mech)
- throws GSSException
createMechContext
- public GSSContextSpi createMechContext( GSSCredentialSpi cred,
- Oid mech)
- throws GSSException
createMechContext
- public GSSContextSpi createMechContext( GSSCredentialSpi cred,
- Oid mech,
- GSSContext con)
- throws GSSException
createMechContext
- public GSSContextSpi createMechContext( byte[] interProcessToken,
- Oid mech)
- throws GSSException
createName
- public GSSNameImpl createName(GSSNameSpi mechName)
- throws GSSException
useAllCreds
- public static boolean useAllCreds( )
© Portions Copyright 2003, 2011, Oracle and/or its affiliates. All rights reserved.