|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.jini.jeri.kerberos.KerberosUtil
class KerberosUtil
Utility class for the Kerberos provider.
Nested Class Summary | |
---|---|
(package private) static class |
KerberosUtil.Config
An instances of this class records one configuration possibly satisfiable by this provider. |
(package private) static class |
KerberosUtil.ConfigIter
An iterator returns all possible configs |
(package private) static class |
KerberosUtil.Connection
Connection class serves as the parent of connection classes defined in both client and server end point classes. |
(package private) static class |
KerberosUtil.ConnectionInputStream
Input stream returned by getInputStream() of client or server connection |
(package private) static class |
KerberosUtil.ConnectionOutputStream
Output stream returned by getOutputStream() of client or server connection |
(package private) static class |
KerberosUtil.SoftCache
A synchronized hash map that only maintains soft reference to its value objects. |
Field Summary | |
---|---|
private static boolean[] |
BOOL_TABLE
Field used by ConfigIter to generate configs |
private static Map |
depends
Map constraints to other constraints they depend on |
(package private) static InvocationConstraints |
INTEGRITY_PREFERRED_CONSTRAINTS
|
(package private) static InvocationConstraints |
INTEGRITY_REQUIRED_CONSTRAINTS
|
(package private) static Oid |
krb5MechOid
Oid used to represent the Kerberos v5 GSS-API mechanism, defined as in RFC 1964. |
(package private) static Oid |
krb5NameType
Oid used to represent the name syntax in Kerberos v5 GSS-API mechanism. |
Constructor Summary | |
---|---|
private |
KerberosUtil()
make the null constructor private, so this class is non-instantiable |
Method Summary | |
---|---|
(package private) static boolean |
canGetSubject()
Test whether the caller has AuthPermission("getSubject"). |
(package private) static void |
checkAuthPermission(AuthenticationPermission perm)
Check whether the caller has the specified AuthenticationPermission. |
(package private) static void |
checkAuthPermission(KerberosPrincipal local,
KerberosPrincipal peer,
String action)
Check whether the caller has the AuthenticationPermission with the specified principals and action. |
(package private) static boolean |
collectCpCandidates(InvocationConstraint c,
Set cpCandidates)
Collect all client principal candidates from the given constraint. |
(package private) static boolean |
containsConstraint(Set constraints,
InvocationConstraint candidate)
Check whether the given set of constraints contains the candidate constraint. |
(package private) static GSSCredential |
getGSSCredential(Subject subj,
KerberosPrincipal principal,
GSSManager manager,
int usage)
Get the GSSCredential corresponding to the given principal from the given Subject , whose usage type is governed by
the usage parameter. |
(package private) static boolean |
isSatisfiable(KerberosUtil.Config config,
InvocationConstraint c)
Test whether the specified configuration is satisfiable by the given constraint. |
(package private) static boolean |
isSupportableConstraint(InvocationConstraint c)
Test whether the specified constraint can possibly be supported by this provider. |
(package private) static boolean |
isSupportedConstraintType(InvocationConstraint c)
Check whether the type of the specified constraint is supported by this provider. |
(package private) static void |
logThrow(Logger logger,
Level level,
Class sourceClass,
String sourceMethod,
String msg,
Object[] params,
Throwable e)
Logs a throw. |
(package private) static void |
secureThrow(Exception detailedException,
UnsupportedConstraintException genericException)
Only throw non-generic exception if caller has getSubject permission. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
static final Oid krb5MechOid
static final Oid krb5NameType
static final InvocationConstraints INTEGRITY_REQUIRED_CONSTRAINTS
static final InvocationConstraints INTEGRITY_PREFERRED_CONSTRAINTS
private static final boolean[] BOOL_TABLE
private static final Map depends
Constructor Detail |
---|
private KerberosUtil()
Method Detail |
---|
static boolean canGetSubject()
static boolean isSupportedConstraintType(InvocationConstraint c)
c
- the constraint to be tested
static boolean isSupportableConstraint(InvocationConstraint c)
c
- the constraint to be tested
static boolean isSatisfiable(KerberosUtil.Config config, InvocationConstraint c)
config
- configuration to be testedc
- the constraint to be tested
static boolean collectCpCandidates(InvocationConstraint c, Set cpCandidates)
c
- the given constraintcpCandidates
- the set of candidates satisfiable by the
constraints previously checked, which new principals should be
added to. This set contains no principals if no client
principal constraint has been checked yet.
ClientMinPrincipal
or ClientMaxPrincipal
, or ConstraintAlternatives
whose elements are of those types, and
is not satisfiable regarding to the given set of candidates,
true other wise.static void checkAuthPermission(KerberosPrincipal local, KerberosPrincipal peer, String action)
local
- local principal of the
AuthenticationPermission
, cannot be *
null.peer
- peer principal of the
AuthenticationPermission
.action
- action of the
AuthenticationPermission
, valid values
include: * "connect", "delegate", "listen", and
"accept".
- Throws:
SecurityException
- if the caller does not have the
checked permission
static void checkAuthPermission(AuthenticationPermission perm)
perm
- the AuthenticationPermission to be checked
SecurityException
- if the caller does not have the
checked permissionstatic boolean containsConstraint(Set constraints, InvocationConstraint candidate)
constraints
- the constraints to be checkedcandidate
- candidate constraint
static GSSCredential getGSSCredential(Subject subj, KerberosPrincipal principal, GSSManager manager, int usage) throws GSSException
Subject
, whose usage type is governed by
the usage parameter.
subj
- the subject from which the TGT or
KerberosKey
will be extracted to construct
the GSSCredential, can not be nullprincipal
- the principal whose name will be used to
construct the GSSCredential. If null
, then
a null
name will be passed to the
manager
to allow it to choose a default.manager
- the GSSManager instance that will be used to
construct the GSSCredential, can not be nullusage
- intended usage for the GSScredential. The value of
this parameter must be one of: GSSCredential.INITIATE_AND_ACCEPT
, GSSCredential.ACCEPT_ONLY
, and GSSCredential.INITIATE_ONLY
.
UnsupportedConstraintException
- if failed to get the
requested GSSCredential
GSSException
static void secureThrow(Exception detailedException, UnsupportedConstraintException genericException) throws UnsupportedConstraintException
detailedException
- the real
UnsupportedConstraintException
or
SecurityException
to be thrown if caller
has the "getSubject" AuthPermission
.genericException
- the generic
UnsupportedConstraintException
to be thrown
if caller does not have the "getSubject"
AuthPermission
.
UnsupportedConstraintException
static void logThrow(Logger logger, Level level, Class sourceClass, String sourceMethod, String msg, Object[] params, Throwable e)
logger
- logger to log tolevel
- the log levelsourceClass
- class where throw occurredsourceMethod
- name of the method where throw occurredmsg
- log messageparams
- log message parameterse
- exception thrown
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |