com.ibm.security.jgss

Class GSSManagerImpl

  1. java.lang.Object
  2. extended byorg.ietf.jgss.GSSManager
  3. extended bycom.ibm.security.jgss.GSSManagerImpl

  1. public class GSSManagerImpl
  2. extends GSSManager
Version:
1.1 5/7/07
Author:
Thomas Owusu

Field Summary

Modifier and Type Field and Description
  1. static
  2. java.lang.String
GSS_PROVIDER_PROPERTY_PREFIX
Provider property prefix for GSS mechanisms.
  1. static
  2. int
GSS_PROVIDER_PROPERTY_PREFIX_LEN
Length of provider property prefix for GSS mechanisms.
  1. static
  2. Oid
MECH_TYPE_KRB5
Oid representing the Kerberos V5 mechanism.
  1. static
  2. Oid
MECH_TYPE_KRB5_RFC1510
Oid representing the Kerberos V5 mechanism.
  1. static
  2. Oid
MECH_TYPE_SPKM1
Oid representing SPKM-1.
  1. static
  2. Oid
MECH_TYPE_SPKM2
Oid representing SPKM-2.
  1. static
  2. Oid
MECH_TYPE_SPNEGO
Oid representing SPNEGO.

Constructor Summary

Constructor and Description
GSSManagerImpl()
GSSManagerImpl(int caller)

Method Summary

Modifier and Type Method and Description
  1. void
addProviderAtEnd(java.security.Provider p,Oid mech)
  1. void
addProviderAtFront(java.security.Provider p,Oid mech)
  1. GSSContext
createContext(byte[] interProcessToken)
  1. GSSContext
createContext(GSSCredential cred)
  1. GSSContext
createContext(GSSName peer,Oid mech,GSSCredential cred,int lifetime)
  1. GSSCredential
createCredential(GSSName aName,int lifeTime,Oid[] mechs,int usage)
  1. GSSCredential
createCredential(GSSName aName,int lifeTime,Oid mech,int usage)
  1. GSSCredential
createCredential(int usage)
  1. GSSContextSpi
createMechContext(byte[] interProcessToken,Oid mech)
  1. GSSContextSpi
createMechContext(GSSCredentialSpi cred,Oid mech)
  1. GSSContextSpi
createMechContext(GSSCredentialSpi cred,Oid mech,GSSContext con)
  1. GSSContextSpi
createMechContext(GSSNameSpi peer,GSSCredentialSpi cred,int lifetime,Oid mech)
  1. GSSCredentialSpi
createMechCredential(GSSNameSpi name,int initLifetime,int acceptLifetime,int usage,Oid mech)
  1. GSSName
createName(byte[] name,Oid nameType)
  1. GSSName
createName(byte[] name,Oid nameType,Oid mechType)
  1. GSSNameImpl
createName(GSSNameSpi mechName)
  1. GSSName
createName(java.lang.String nameStr,Oid nameType)
  1. GSSName
createName(java.lang.String nameStr,Oid nameType,Oid mechType)
  1. Oid[]
getMechs()
  1. Oid[]
getMechsForName(Oid nameType)
  1. Oid[]
getNamesForMech(Oid mech)
  1. static
  2. boolean
useAllCreds()
  1. static
  2. boolean
useSubjectCredsOnly()
Returns the value of the javax.security.auth.useSubjectCredsOnly property.
Methods inherited from class org.ietf.jgss.GSSManager
getInstance
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MECH_TYPE_KRB5

  1. public static Oid MECH_TYPE_KRB5
Oid representing the Kerberos V5 mechanism.

MECH_TYPE_KRB5_RFC1510

  1. public static Oid MECH_TYPE_KRB5_RFC1510
Oid representing the Kerberos V5 mechanism. This has the old value defined in RFC-1510.
See Also:

MECH_TYPE_SPKM1

  1. public static Oid MECH_TYPE_SPKM1
Oid representing SPKM-1.

MECH_TYPE_SPKM2

  1. public static Oid MECH_TYPE_SPKM2
Oid representing SPKM-2.

MECH_TYPE_SPNEGO

  1. public static Oid MECH_TYPE_SPNEGO
Oid representing SPNEGO.

GSS_PROVIDER_PROPERTY_PREFIX

  1. public static final java.lang.String GSS_PROVIDER_PROPERTY_PREFIX
Provider property prefix for GSS mechanisms.
See Also:

GSS_PROVIDER_PROPERTY_PREFIX_LEN

  1. public static final int GSS_PROVIDER_PROPERTY_PREFIX_LEN
Length of provider property prefix for GSS mechanisms.

Constructor Detail

GSSManagerImpl

  1. public GSSManagerImpl(int caller)
  2. throws GSSException
Throws:

GSSManagerImpl

  1. public GSSManagerImpl()
  2. throws GSSException
Throws:

Method Detail

getMechs

  1. public Oid[] getMechs()
Description copied from class: GSSManager
Returns an array of Oid objects indicating mechanisms available to GSS-API callers. A "null" value is returned when no mechanism are available (an example of this would be when mechanism are dynamically configured, and currently no mechanisms are installed).
Specified by:
getMechs in class GSSManager
Returns:
A list of supported mechanisms.

getMechsForName

  1. public Oid[] getMechsForName(Oid nameType)
Description copied from class: GSSManager
Returns an array of Oid objects corresponding to the mechanisms that support the specific name type. "null" is returned when no mechanisms are found to support the specified name type.
Specified by:
Parameters:
nameType - The Oid object for the name type.
Returns:
A list of mechanisms that support the specified name type.

getNamesForMech

  1. public Oid[] getNamesForMech(Oid mech)
  2. throws GSSException
Description copied from class: GSSManager
Returns name type Oid's supported by the specified mechanism.
Specified by:
Parameters:
mech - The Oid object for the mechanism to query.
Returns:
A list of name types supported for the specified mechanism.
Throws:

createName

  1. public GSSName createName(java.lang.String nameStr,
  2. Oid nameType)
  3. throws GSSException
Description copied from class: GSSManager
Factory method to convert a contiguous string name from the specified namespace to an GSSName object. In general, the GSSName object created will not be an MN; two examples that are exceptions to this are when the namespace type parameter indicates NT_EXPORT_NAME or when the GSS-API implementation is not multi-mechanism.
Specified by:
Parameters:
nameStr - The string representing a printable form of the name to create.
nameType - The Oid specifying the namespace of the printable name qualify the interpretation of the input nameStr, it does not necessarily imply a type for the output GSSName implementation. "null" value can be used to specify that a mechanism specific default printable syntax should be assumed by each mechanism that examines nameStr.
Returns:
A GSSName representing the specified name string and type.
Throws:

createName

  1. public GSSName createName(byte[] name,
  2. Oid nameType)
  3. throws GSSException
Description copied from class: GSSManager
Factory method to convert a contiguous byte array containing a name from the specified namespace to an GSSName object. In general, the GSSName object created will not be an MN; two examples that are exceptions to this are when the namespace type parameter indicates NT_EXPORT_NAME or when the GSS-API implementation is not multi-mechanism.
Specified by:
Parameters:
name - The byte array containing the name to create.
nameType - The Oid specifying the namespace of the name supplied in the byte array. Note that nameType serves to describe and qualify the interpretation of the input name byte array, it does not necessarily imply a type for the output GSSName implementation. "null" value can be used to specify that a mechanism specific default syntax should be assumed by each mechanism that examines the byte array.
Returns:
A GSSName representing the specified name string and type.
Throws:

createName

  1. public GSSName createName(java.lang.String nameStr,
  2. Oid nameType,
  3. Oid mechType)
  4. throws GSSException
Description copied from class: GSSManager
Factory method to convert a contiguous string name from the specified namespace to an GSSName object that is a mechanism name (MN). In other words, this method is a utility that does the equivalent of two steps: the createName(String, Oid) method and then also the canonicalize method.
Specified by:
Parameters:
nameStr - The string representing a printable form of the name to create.
nameType - The Oid specifying the namespace of the printable name supplied. Note that nameType serves to describe and qualify the interpretation of the input nameStr, it does not necessarily imply a type for the output GSSName implementation. "null" value can be used to specify that a mechanism specific default printable syntax should be assumed when the mechanism examines nameStr.
mechType - Oid specifying the mechanism for which this name should be created.
Returns:
A GSSName representing the given name string, name type and mechanism.
Throws:

createName

  1. public GSSName createName(byte[] name,
  2. Oid nameType,
  3. Oid mechType)
  4. throws GSSException
Description copied from class: GSSManager
Factory method to convert a contiguous byte array containing a name from the specified namespace to an GSSName object that is an MN. In other words, this method is a utility that does the equivalent of two steps: the createName(byte[], Oid) method followed by the canonicalize
Specified by:
Parameters:
name - The byte array representing the name to create.
nameType - The Oid specifying the namespace of the name supplied in the byte array. Note that nameType serves to describe and qualify the interpretation of the input name byte array, it does not necessarily imply a type for the output GSSName implementation. "null" value can be used to specify that a mechanism specific default syntax should be assumed by each mechanism that examines the byte array.
mechType - Oid specifying the mechanism for which this name should be created.
Returns:
A GSSName representing the given name, name type and mechanism.
Throws:

createCredential

  1. public GSSCredential createCredential( int usage)
  2. throws GSSException
Description copied from class: GSSManager
Factory method for acquiring default credentials. This will cause the GSS-API to use system specific defaults for the set of mechanisms, name, and an INDEFINITE_LIFETIME.
Specified by:
Parameters:
usage - The intended usage for this credential object. The value of this parameter must be one of: GSSCredential.ACCEPT_AND_INITIATE, GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY
Returns:
A GSSCredential for the specified usage.
Throws:

createCredential

  1. public GSSCredential createCredential( GSSName aName,
  2. int lifeTime,
  3. Oid mech,
  4. int usage)
  5. throws GSSException
Description copied from class: GSSManager
Factory method for acquiring a single mechanism credential.
Specified by:
Parameters:
aName - Name of the principal for whom this credential is to be acquired. Use "null" to specify the default principal.
usage - The intended usage for this credential object. The value of this parameter must be one of: GSSCredential.ACCEPT_AND_INITIATE, GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY
Returns:
A GSSCredential for the specified parameters.
Throws:

createCredential

  1. public GSSCredential createCredential( GSSName aName,
  2. int lifeTime,
  3. Oid[] mechs,
  4. int usage)
  5. throws GSSException
Description copied from class: GSSManager
Factory method for acquiring credentials over a set of mechanisms. Acquires credentials for each of the mechanisms specified in the array called mechs. To determine the list of mechanisms' for which the acquisition of credentials succeeded, the caller should use the getMechs method.
Specified by:
Parameters:
aName - Name of the principal for whom this credential is to be acquired. Use "null" to specify the default principal.
usage - The intended usage for this credential object. The value of this parameter must be one of: GSSCredential.ACCEPT_AND_INITIATE, GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY
Returns:
A GSSCredential for the specified parameters.
Throws:

createContext

  1. public GSSContext createContext( GSSName peer,
  2. Oid mech,
  3. GSSCredential cred,
  4. int lifetime)
  5. throws GSSException
Description copied from class: GSSManager
Factory method for creating a context on the initiator's side. Context flags may be modified through the mutator methods prior to calling GSSContext.initSecContext().
Specified by:
Parameters:
peer - Name of the target peer.
lifetime - The request lifetime, in seconds, for the credential.
Returns:
A GSSContext for the specified parameters.
Throws:

createContext

  1. public GSSContext createContext( GSSCredential cred)
  2. throws GSSException
Description copied from class: GSSManager
Factory method for creating a context on the acceptor' side. The context's properties will be determined from the input token supplied to the accept method.
Specified by:
Returns:
A GSSContext for the specified parameters.
Throws:

createContext

  1. public GSSContext createContext( byte[] interProcessToken)
  2. throws GSSException
Description copied from class: GSSManager
Factory method for creating a previously exported context. The context properties will be determined from the input token and can't be modified through the set methods.
Specified by:
Parameters:
interProcessToken - The token previously emitted from the export method.
Returns:
A imported GSSContext.
Throws:

addProviderAtFront

  1. public void addProviderAtFront( java.security.Provider p,
  2. Oid mech)
  3. throws GSSException
Description copied from class: GSSManager
This method is used to indicate to the GSSManager that the application would like a particular provider to be used ahead of all others when support is desired for the given mechanism. When a value of null is used instead of an Oid for the mechanism, the GSSManager must use the indicated provider ahead of all others no matter what the mechanism is. Only when the indicated provider does not support the needed mechanism should the GSSManager move on to a different provider.

Calling this method repeatedly preserves the older settings but lowers them in preference thus forming an ordered list of provider and Oid pairs that grows at the top.

Calling addProviderAtFront with a null Oid will remove all previous preferences that were set for this provider in the GSSManager instance. Calling addProviderAtFront with a non-null Oid will remove any previous preference that was set using this mechanism and this provider together.

If the GSSManager implementation does not support an SPI with a pluggable provider architecture it should throw a GSSException with the status code GSSException.UNAVAILABLE to indicate that the operation is unavailable.

Here are some examples:

Suppose an application desired that the provider A always be checked first when any mechanism is needed, it would call:

     GSSManager mgr = GSSManager.getInstance();
     // mgr may at this point have its own pre-configured list
     // of provider preferences. The following will prepend to
     // any such list:

     mgr.addProviderAtFront(A, null);
 
Now if it also desired that the mechanism of Oid m1 always be obtained from the provider B before the previously set A was checked, it would call:
     mgr.addProviderAtFront(B, m1);
 
The GSSManager would then first check with B if m1 was needed. In case B did not provide support for m1, the GSSManager would continue on to check with A. If any mechanism m2 is needed where m2 is different from m1 then the GSSManager would skip B and check with A directly.

Suppose at a later time the following call is made to the same GSSManager instance:

     mgr.addProviderAtFront(B, null)
 
then the previous setting with the pair (B, m1) is subsumed by this and should be removed. Effectively the list of preferences now becomes {(B, null), (A, null), ... //followed by the pre-configured list.

Please note, however, that the following call:

     mgr.addProviderAtFront(A, m3)
 
does not subsume the previous setting of (A, null) and the list will effectively become {(A, m3), (B, null), (A, null), ...}
Specified by:
Parameters:
p - The provider instance that should be used whenever support is needed for mech.
mech - The mechanism for which the provider is being set
Throws:

addProviderAtEnd

  1. public void addProviderAtEnd(java.security.Provider p,
  2. Oid mech)
  3. throws GSSException
Description copied from class: GSSManager
This method is used to indicate to the GSSManager that the application would like a particular provider to be used if no other provider can be found that supports the given mechanism. When a value of null is used instead of an Oid for the mechanism, the GSSManager must use the indicated provider for any mechanism.

Calling this method repeatedly preserves the older settings but raises them above newer ones in preference thus forming an ordered list of providers and Oid pairs that grows at the bottom. Thus the older provider settings will be utilized first before this one is.

If there are any previously existing preferences that conflict with the preference being set here, then the GSSManager should ignore this request.

If the GSSManager implementation does not support an SPI with a pluggable provider architecture it should throw a GSSException with the status code GSSException.UNAVAILABLE to indicate that the operation is unavailable.

Example Code

Suppose an application desired that when a mechanism of Oid m1 is needed the system default providers always be checked first, and only when they do not support m1 should a provider A be checked. It would then make the call:

         GSSManager mgr = GSSManager.getInstance();

         mgr.addProviderAtEnd(A, m1);
 
Now, if it also desired that for all mechanisms the provider B be checked after all configured providers have been checked, it would then call:
         mgr.addProviderAtEnd(B, null);
 
Effectively the list of preferences now becomes {..., (A, m1), (B, null)}.

Suppose at a later time the following call is made to the same GSSManager instance:

         mgr.addProviderAtEnd(B, m2)
 
then the previous setting with the pair (B, null) subsumes this and therefore this request should be ignored. The same would happen if a request is made for the already existing pairs of (A, m1) or (B, null).

Please note, however, that the following call:

         mgr.addProviderAtEnd(A, null)
 
is not subsumed by the previous setting of (A, m1) and the list will effectively become {..., (A, m1), (B, null), (A, null)}
Specified by:
Parameters:
p - The provider instance that should be used whenever support is needed for mech.
mech - The mechanism for which the provider is being set
Throws:

useSubjectCredsOnly

  1. public static boolean useSubjectCredsOnly( )
Returns the value of the javax.security.auth.useSubjectCredsOnly property. The property is true by default.

createMechCredential

  1. public GSSCredentialSpi createMechCredential( GSSNameSpi name,
  2. int initLifetime,
  3. int acceptLifetime,
  4. int usage,
  5. Oid mech)
  6. throws GSSException
Throws:

createMechContext

  1. public GSSContextSpi createMechContext( GSSNameSpi peer,
  2. GSSCredentialSpi cred,
  3. int lifetime,
  4. Oid mech)
  5. throws GSSException
Throws:

createMechContext

  1. public GSSContextSpi createMechContext( GSSCredentialSpi cred,
  2. Oid mech)
  3. throws GSSException
Throws:

createMechContext

  1. public GSSContextSpi createMechContext( GSSCredentialSpi cred,
  2. Oid mech,
  3. GSSContext con)
  4. throws GSSException
Throws:

createMechContext

  1. public GSSContextSpi createMechContext( byte[] interProcessToken,
  2. Oid mech)
  3. throws GSSException
Throws:

createName

  1. public GSSNameImpl createName(GSSNameSpi mechName)
  2. throws GSSException
Throws:

useAllCreds

  1. public static boolean useAllCreds( )

© Portions Copyright 2003, 2011 IBM Corporation. All rights reserved.
© Portions Copyright 2003, 2011, Oracle and/or its affiliates. All rights reserved.