Package | com.kaazing.gateway.client.security |
Class | public class KerberosChallengeHandler |
Inheritance | KerberosChallengeHandler ![]() ![]() |
KerberosChallengeHandler
, when registered with the DispatchChallengeHandler
can be used to directly respond to "Negotiate" challenges where Kerberos-generated authentication
credentials are required. In addition, a KerberosChallengeHandler can be used indirectly in conjunction
with a NegotiateChallengeHandler
to assist in the construction of a challenge response using object identifiers.
This abstract class captures common requirements for a number of implementation flavors for Kerberos, including Microsoft's SPNEGO implementation, and a SPNEGO Kerberos v5 GSS implementation.
To successfully use a KerberosChallengeHandler, one must know one or more Kerberos KDC
service locations and optionally (if not defaulted to HTTP/requestedURIHostname
) provide
the name of the specific service being requested.
setDefaultLocation(String)
, orsetRealmLocation(String, String)
.setServiceName(String)
.For example, one may install a configured a kerberos challenge handler as:
LoginHandler someServerLoginHandler = ...; // perhaps this pops a dialog ChallengeHandlers.setDefault((ChallengeHandlers.load(DispatchChallengeHandler.class) as DispatchChallengeHandler) .register("servergw.hostname.com:8000/jms", (ChallengeHandlers.load(KerberosChallengeHandler.class) as KerberosChallengeHandler) .setDefaultLocation(URI.create("ws://kb.hostname.com/kerberos5")) .setRealmLocation("ATHENA.MIT.EDU", URI.create("ws://athena.hostname.com/kerberos5")) .setServiceName("HTTP/servergw.hostname.com") .setLoginHandler(someServerLoginHandler) ) );
Following the code above, any user attempting to access "servergw.hostname.com:8000/jms" will be challenged using a {
Method | Defined by | ||
---|---|---|---|
![]() |
canHandle(challengeRequest:ChallengeRequest):Boolean
Can the presented challenge be potentially handled by this challenge handler?
| ChallengeHandler | |
clear(... realmNames):KerberosChallengeHandler
Clear any data associated with the provided realm names, including any realm-specific location information.
| KerberosChallengeHandler | ||
defaultImplementation():String
[static]
Called to automatically discover the default implementation when loading this challenge handler.
| KerberosChallengeHandler | ||
getDefaultLocation():String
Retrieve the specified default location.
| KerberosChallengeHandler | ||
![]() |
Get the general login handler associated with this challenge handler.
| NegotiableChallengeHandler | |
getRealmLocation(realmName:String):String
Return the URI to be used for Kerberos service requests when a user in the realm mentioned
provides credentials.
| KerberosChallengeHandler | ||
getServiceName():String
Retrieve the service name.
| KerberosChallengeHandler | ||
![]() |
getSupportedOids():Array
Return a collection of string representations of object identifiers
supported by this challenge handler implementation, in dot-separated notation.
| NegotiableChallengeHandler | |
![]() |
Handle the presented challenge by creating a challenge response future.
| ChallengeHandler | |
setDefaultLocation(location:String):KerberosChallengeHandler
Set the default location to connect to a Kerberos service.
| KerberosChallengeHandler | ||
![]() |
Provide a general login handler to be used in association with this challenge handler.
| NegotiableChallengeHandler | |
setRealmLocation(realmName:String, location:String):KerberosChallengeHandler
Specify the connect location of a Kerberos service to be used for users in the named realm.
| KerberosChallengeHandler | ||
setServiceName(serviceName:String):KerberosChallengeHandler
Specify the service principal name for which a ticket is desired.
| KerberosChallengeHandler |
clear | () | method |
public function clear(... realmNames):KerberosChallengeHandler
Clear any data associated with the provided realm names, including any realm-specific location information. After this call, any default location, and the service name, will always remain unaffected. This permits a cleared challenge handler to be further used without re-initialization. If no realm names are specified, ALL realm-specific data associated with this challenge handler are cleared. If some realm names are specified, ONLY data associated with those realms in this challenge handler are cleared.
Parameters... realmNames |
KerberosChallengeHandler —
a reference to this object, for chained call support.
|
defaultImplementation | () | method |
public static function defaultImplementation():String
Called to automatically discover the default implementation when loading this challenge handler.
ReturnsString |
getDefaultLocation | () | method |
public function getDefaultLocation():String
Retrieve the specified default location.
ReturnsString — the default kerberos location to connect to, or null if none has been specified.
|
getRealmLocation | () | method |
public function getRealmLocation(realmName:String):String
Return the URI to be used for Kerberos service requests when a user in the realm mentioned provides credentials.
ParametersrealmName:String — the name of the realm for which to find URIs
|
String — the URI to be used for Kerberos service requests when a user in the realm mentioned
provides credentials, or getDefaultLocation() if no such URI exists.
|
getServiceName | () | method |
public function getServiceName():String
Retrieve the service name.
ReturnsString — the previously specified service name, or null if none has been specified.
|
setDefaultLocation | () | method |
public function setDefaultLocation(location:String):KerberosChallengeHandler
Set the default location to connect to a Kerberos service.
If not specified, this challenge handler will only correctly connect
to realms specified using setRealmLocation()
.
location:String — the location of the Kerberos service to connect to by default, if
a realm-specific location is not specified.
|
KerberosChallengeHandler —
a reference to this object, for chained call support.
|
setRealmLocation | () | method |
public function setRealmLocation(realmName:String, location:String):KerberosChallengeHandler
Specify the connect location of a Kerberos service to be used for users in the named realm.
ParametersrealmName:String — the realm for which a specific location is to be specified
|
|
location:String — a specific location to be used for Kerberos service requests when a user in the realm mentioned
provides credentials.
|
KerberosChallengeHandler —
a reference to this object, for chained call support.
|
setServiceName | () | method |
public function setServiceName(serviceName:String):KerberosChallengeHandler
Specify the service principal name for which a ticket is desired.
If not specified, this challenge handler will not provide a service principal name.
ParametersserviceName:String — the service principal name for which a ticket is desired.
|
KerberosChallengeHandler —
a reference to this object, for chained call support.
|