Package com.ibm.security.jgss.spi
Provides a set of service provider interfaces (SPIs) to be implemented by Java GSSAPI mechanism developers and integrators.
See:
Interface Summary
Interface | Description |
---|---|
GSSContextSpi | This interface is implemented by a mechanism specific instance of a GSS security context. |
GSSCredentialSpi | This interface is implemented by a mechanism specific credential element. |
GSSNameSpi | This interface is implemented by a mechanism specific name element. |
MechanismFactory | This interface is implemented by the factory class for every plugin mechanism. |
Package com.ibm.security.jgss.spi Description
Provides a set of service provider interfaces (SPIs) to be implemented by Java GSSAPI mechanism developers and integrators. The SPI forms the "glue" between the mechanism-independent Java GSSAPI framework and the mechanism itself.The interfaces contained in this package are
- GSSContextSpi
- GSSCredentialSpi
- GSSNameSpi
- MechanismFactory
The MechanismFactory interface contains operations for creating concrete instances of GSSContextSpi, GSSCredentialSpi and GSSNameSpi interfaces.
Tying It All Together: The Provider Class
In order to plug a mechanism under a Java GSSAPI framework, the mechanism developer/integrator has to supply a Provider class whose master file contains a mapping from the property "GssApiMechanism.As an example, consider an IBM provider that supports the Kerberos V5 mechanism (identified by the OID 1.2.840.113554.1.2.2). Further suppose that the factory class for the mechanism is called Krb5MechFactory and is contained in the package com.ibm.security.jgss.mech.krb5. Such a provider can be coded as
package com.ibm.security.jgss; import java.security.Provider; import java.security.AccessController; import java.security.PrivilegedAction; public final class IBMJGSSProvider extends Provider { public IBMJGSSProvider() { super("IBMJGSSProvider", 1.0, "IBMJGSSProvider supports Kerberos V5 Mechanism"); // Kerberos V5 mechanism OID is 1.2.840.113554.1.2.2 // Factory class name for the Kerberos V5 mechanism is // com.ibm.security.jgss.mech.krb5.Krb5MechFactory AccessController.doPrivileged(new PrivilegedAction() { public Object run() { put("GssApiMechanism.1.2.840.113554.1.2.2", "com.ibm.security.jgss.mech.krb5.Krb5MechFactory"); // If this provider supported multiple mechanisms, // we'd have additional "put" statements similar // to the one above. return null; } }); } }There are two ways to install a provider for the GSSAPI framework to use:
- Specify it in the java.security file. For example
security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.crypto.provider.IBMJCE # Now the GSSAPI provider security.provider.2=com.ibm.crypto.provider.IBMJGSSProvider
- Add it programmatically through the addProviderAtFront and addProviderAtEnd
methods the org.ietf.jgss.GSSManager class. For eaxmple
GSSManager manager = GSSManager.getInstance(); Provider provider = new com.ibm.security.jgss.IBMJGGSProvider(); Oid krb5 = new Oid("1.2.840.113554.1.2.2"); manager.addProviderAtFront(provider, krb5);
Package Specification
(none)Related Documentation
- RFC 2853, Generic Security Service API Version 2: Java Bindings
Internet Engineering Task Force (IETF) RFCs are available from the IETF web site http://www.ietf.org - The Java Cryptographic Architecture: API Specification & Reference
This document describes how to code and install a Provider class.