KerberosTokenValidator (Apache WSS4J 1.6.17 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.ws.security.validate
Class KerberosTokenValidator

java.lang.Object
  org.apache.ws.security.validate.KerberosTokenValidator

All Implemented Interfaces:: Validator

public class KerberosTokenValidator
extends Object
implements Validator
extends Object
implements Validator

Constructor Summary
`KerberosTokenValidator()`

Method Summary
`CallbackHandler`	`getCallbackHandler()` Get the CallbackHandler to use with the LoginContext
`String`	`getContextName()` Get the JAAS Login context name to use.
`String`	`getJaasLoginModuleName()` Deprecated. Get the JAAS Login module name to use.
`KerberosTokenDecoder`	`getKerberosTokenDecoder()` Get the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.
`String`	`getServiceName()` Get the name of the service to use when contacting the KDC.
`boolean`	`isSpnego()`
`boolean`	`isUsernameServiceNameForm()` SPN can be configured to be in either "hostbased" or "username" form. - "hostbased" - specifies that the service principal name should be interpreted as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service Name Form" - The service name, as it is specified in LDAP/AD, as it is listed in the KDC. - "username" - specifies that the service principal name should be interpreted as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form" � This is usually the client username in LDAP/AD used for authentication to the KDC.
`void`	`setCallbackHandler(CallbackHandler callbackHandler)` Set the CallbackHandler to use with the LoginContext.
`void`	`setContextName(String contextName)` Set the JAAS Login context name to use.
`void`	`setJaasLoginModuleName(String jaasLoginModuleName)` Deprecated. Set the JAAS Login module name to use.
`void`	`setKerberosTokenDecoder(KerberosTokenDecoder kerberosTokenDecoder)` Set the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.
`void`	`setServiceName(String serviceName)` The name of the service to use when contacting the KDC.
`void`	`setSpnego(boolean spnego)`
`void`	`setUsernameServiceNameForm(boolean isUsernameServiceNameForm)` If true - sets the SPN form to "username" If false(default) - the SPN form is "hostbased"
`Credential`	`validate(Credential credential, RequestData data)` Validate the credential argument.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

KerberosTokenValidator

public KerberosTokenValidator()

Method Detail

getContextName

public String getContextName()

Get the JAAS Login context name to use.

Returns:: the JAAS Login context name to use

setContextName

public void setContextName(String contextName)

Set the JAAS Login context name to use.

Parameters:: contextName - the JAAS Login context name to use

getJaasLoginModuleName

public String getJaasLoginModuleName()

Deprecated. Get the JAAS Login module name to use.

Returns:: the JAAS Login module name to use

setJaasLoginModuleName

public void setJaasLoginModuleName(String jaasLoginModuleName)

Deprecated. Set the JAAS Login module name to use.

Parameters:: jaasLoginModuleName - the JAAS Login module name to use

getCallbackHandler

public CallbackHandler getCallbackHandler()

Get the CallbackHandler to use with the LoginContext

Returns:: the CallbackHandler to use with the LoginContext

setCallbackHandler

public void setCallbackHandler(CallbackHandler callbackHandler)

Set the CallbackHandler to use with the LoginContext. It can be null.

Parameters:: callbackHandler - the CallbackHandler to use with the LoginContext

setServiceName

public void setServiceName(String serviceName)

The name of the service to use when contacting the KDC. This value can be null, in which case it defaults to the current principal name.

Parameters:: serviceName - the name of the service to use when contacting the KDC

getServiceName

public String getServiceName()

Get the name of the service to use when contacting the KDC. This value can be null, in which case it defaults to the current principal name.

Returns:: the name of the service to use when contacting the KDC

getKerberosTokenDecoder

public KerberosTokenDecoder getKerberosTokenDecoder()

Get the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.

Returns:: the KerberosTokenDecoder instance used to extract a session key

setKerberosTokenDecoder

public void setKerberosTokenDecoder(KerberosTokenDecoder kerberosTokenDecoder)

Set the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.

Parameters:: kerberosTokenDecoder - the KerberosTokenDecoder instance used to extract a session key

validate

public Credential validate(Credential credential,
                           RequestData data)
                    throws WSSecurityException

Validate the credential argument. It must contain a non-null BinarySecurityToken.

Specified by:: validate in interface Validator

Parameters:: credential - the Credential to be validated; data - the RequestData associated with the request
Returns:: a validated Credential
Throws:: WSSecurityException - on a failed validation

isUsernameServiceNameForm

public boolean isUsernameServiceNameForm()

SPN can be configured to be in either "hostbased" or "username" form.
- "hostbased" - specifies that the service principal name should be interpreted as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service Name Form" - The service name, as it is specified in LDAP/AD, as it is listed in the KDC.
- "username" - specifies that the service principal name should be interpreted as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form" � This is usually the client username in LDAP/AD used for authentication to the KDC.

Default is "hostbased".

Returns:: the isUsernameServiceNameForm

setUsernameServiceNameForm

public void setUsernameServiceNameForm(boolean isUsernameServiceNameForm)

If true - sets the SPN form to "username"
If false(default) - the SPN form is "hostbased"

Parameters:: isUsernameServiceNameForm - the isUsernameServiceNameForm to set
See Also:: KerberosSecurity.retrieveServiceTicket(String, CallbackHandler, String, boolean)

isSpnego

public boolean isSpnego()

setSpnego

public void setSpnego(boolean spnego)