public abstract class KerberosChallengeHandler extends NegotiableChallengeHandler
DispatchChallengeHandler
can be used to directly respond to "Negotiate" challenges where Kerberos-generated authentication
credentials are required. In addition, a KerberosChallengeHandler can be used indirectly in conjunction
with a NegotiateChallengeHandler
to assist in the construction of a challenge response using object identifiers.
This abstract class captures common requirements for a number of implementation flavors for Kerberos, including
Microsoft's SPNEGO implementation, and a
SPNEGO Kerberos v5 GSS implementation.
To successfully use a KerberosChallengeHandler, one must know one or more Kerberos KDC
service locations and optionally (if not defaulted to "HTTP/requestedURIHostname"
) provide
the name of the specific service being requested.
setDefaultLocation(java.net.URI)
, orsetRealmLocation(String, java.net.URI)
.setServiceName(String)
.
LoginHandler someServerLoginHandler = ...; // perhaps this pops a dialog
KerberosChallengeHandler kerberosChallengeHandler =
KerberosChallengeHandler.create()
.setDefaultLocation(URI.create("ws://kb.hostname.com/kerberos5"))
.setRealmLocation("ATHENA.MIT.EDU", URI.create("ws://athena.hostname.com/kerberos5"))
.setServiceName("HTTP/servergw.hostname.com")
.setLoginHandler(someServerLoginHandler)
NegotiateChallengeHandler negotiateChallengeHandler =
NegotiateChallengeHandler.create().register(kerberosChallengeHandler);
WebSocketFactory wsFactory = WebSocketFactory.createWebSocketFactory();
wsFactory.setDefaultChallengeHandler(DispatchChallengeHandler.create().register("ws://gateway.kaazing.wan:8001/echo",
negotiateChallengeHandler)
.register("ws://gateway.kaazing.wan:8001/echo/*",
negotiateChallengeHandler));
At this point, any user attempting to access "servergw.hostname.com:8000/echo" will be challenged using
a KerberosChallengeHandler
instance. If the user enters credentials with the ATHENA.MIT.EDU realm
the realm-specific "athena.hostname.com" KDC will be used to ask for Kerberos credentials for the challenge
response. If the user enters credentials with any other realm the "kb.hostname.com" KDC will be used to ask
for Kerberos credentials. All requests to either KDC will be for the service name
"HTTP/servergw.hostname.com" (indicating access to that HTTP server is the service for which Kerberos credentials
are being requested).Modifier | Constructor and Description |
---|---|
protected |
KerberosChallengeHandler()
Default constructor.
|
Modifier and Type | Method and Description |
---|---|
abstract KerberosChallengeHandler |
clear(String... realmNames)
Clear any data associated with the provided realm names, including any realm-specific location information.
|
static KerberosChallengeHandler |
create() |
static KerberosChallengeHandler |
create(ClassLoader classLoader) |
abstract URI |
getDefaultLocation()
Retrieve the specified default location.
|
abstract URI |
getRealmLocation(String realmName)
Return the URI to be used for Kerberos service requests when a user in the realm mentioned
provides credentials.
|
abstract String |
getServiceName()
Retrieve the service name.
|
abstract WebSocketFactory |
getWebSocketFactory()
Returns the
WebSocketFactory instance associated with this
KerberosChallengeHandler. |
abstract KerberosChallengeHandler |
setDefaultLocation(URI location)
Set the default location to connect to a Kerberos service.
|
abstract KerberosChallengeHandler |
setRealmLocation(String realmName,
URI location)
Specify the connect location of a Kerberos service to be used for users in the named realm.
|
abstract KerberosChallengeHandler |
setServiceName(String serviceName)
Specify the service principal name for which a ticket is desired.
|
abstract void |
setWebSocketFactory(WebSocketFactory webSocketFactory)
Sets the
WebSocketFactory to be used for connecting to a
protected proxy. |
getLoginHandler, getSupportedOids, setLoginHandler
canHandle, create, create, handle
protected KerberosChallengeHandler()
public static KerberosChallengeHandler create()
public static KerberosChallengeHandler create(ClassLoader classLoader)
public abstract KerberosChallengeHandler setDefaultLocation(URI location)
setRealmLocation(String, java.net.URI)
.location
- the location of the Kerberos service to connect to by default, if
a realm-specific location is not specified.public abstract KerberosChallengeHandler setRealmLocation(String realmName, URI location)
realmName
- the realm for which a specific location is to be specifiedlocation
- a specific location to be used for Kerberos service requests when a user in the realm mentioned
provides credentials.public abstract KerberosChallengeHandler setServiceName(String serviceName)
serviceName
- the service principal name for which a ticket is desired.public abstract URI getDefaultLocation()
null
if none has been specified.public abstract URI getRealmLocation(String realmName)
realmName
- the name of the realm for which to find URIs#getDefaultLocation
if no such URI exists.public abstract String getServiceName()
null
if none has been specified.public abstract KerberosChallengeHandler clear(String... realmNames)
After this call, any default location, and the service name, will always remain unaffected. This permits a cleared challenge handler to be further used without re-initialization.
If no realm names are specified, ALL realm-specific data associated with this challenge handler are cleared. If some realm names are specified, ONLY data associated with those realms in this challenge handler are cleared.
realmNames
- if specified, only realm-specific data associated with named realms are cleared.public abstract WebSocketFactory getWebSocketFactory()
WebSocketFactory
instance associated with this
KerberosChallengeHandler.public abstract void setWebSocketFactory(WebSocketFactory webSocketFactory)
WebSocketFactory
to be used for connecting to a
protected proxy. The WebSocketFactory instance has the default
ChallengeHandler
setup and the extensions enabled. WebSocket
created using the factory can be used to connect to the proxy.webSocketFactory
- factory instanceCopyright © 2014. All Rights Reserved.