keycloak
公開メンバ関数 | 静的公開メンバ関数 | 非公開メンバ関数 | 全メンバ一覧
org.keycloak.common.util.KerberosJdkProvider.IBMJDKProvider クラス
org.keycloak.common.util.KerberosJdkProvider.IBMJDKProvider の継承関係図
Inheritance graph
org.keycloak.common.util.KerberosJdkProvider.IBMJDKProvider 連携図
Collaboration graph

公開メンバ関数

Configuration createJaasConfigurationForServer (String keytab, final String serverPrincipal, final boolean debug)
 
Configuration createJaasConfigurationForUsernamePasswordLogin (final boolean debug)
 
KerberosTicket gssCredentialToKerberosTicket (KerberosTicket kerberosTicket, GSSCredential gssCredential)
 
GSSCredential kerberosTicketToGSSCredential (KerberosTicket kerberosTicket)
 
GSSCredential kerberosTicketToGSSCredential (KerberosTicket kerberosTicket, final int lifetime, final int usage)
 

静的公開メンバ関数

static KerberosJdkProvider getProvider ()
 

非公開メンバ関数

String getKeytabURL (String keytab)
 

詳解

関数詳解

◆ createJaasConfigurationForServer()

Configuration org.keycloak.common.util.KerberosJdkProvider.IBMJDKProvider.createJaasConfigurationForServer ( String  keytab,
final String  serverPrincipal,
final boolean  debug 
)
inline
168  {
169  final String keytabUrl = getKeytabURL(keytab);
170 
171  return new Configuration() {
172 
173  @Override
174  public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
175  Map<String, Object> options = new HashMap<>();
176  options.put("noAddress", "true");
177  options.put("credsType","acceptor");
178  options.put("useKeytab", keytabUrl);
179  options.put("principal", serverPrincipal);
180  options.put("debug", String.valueOf(debug));
181 
182  AppConfigurationEntry kerberosLMConfiguration = new AppConfigurationEntry("com.ibm.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
183  return new AppConfigurationEntry[] { kerberosLMConfiguration };
184  }
185  };
186  }
org.keycloak.common.util.KerberosJdkProvider.IBMJDKProvider.getKeytabURL
String getKeytabURL(String keytab)
Definition: KerberosJdkProvider.java:188

◆ createJaasConfigurationForUsernamePasswordLogin()

Configuration org.keycloak.common.util.KerberosJdkProvider.IBMJDKProvider.createJaasConfigurationForUsernamePasswordLogin ( final boolean  debug)
inline
200  {
201  return new Configuration() {
202 
203  @Override
204  public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
205  Map<String, Object> options = new HashMap<>();
206  options.put("credsType","initiator");
207  options.put("noAddress", "true");
208  options.put("debug", String.valueOf(debug));
209  AppConfigurationEntry kerberosLMConfiguration = new AppConfigurationEntry("com.ibm.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
210  return new AppConfigurationEntry[] { kerberosLMConfiguration };
211  }
212  };
213  }

◆ getKeytabURL()

String org.keycloak.common.util.KerberosJdkProvider.IBMJDKProvider.getKeytabURL ( String  keytab)
inlineprivate
188  {
189  try {
190  return new File(keytab).toURI().toURL().toString();
191  } catch (MalformedURLException mfe) {
192  System.err.println("Invalid keytab location specified in configuration: " + keytab);
193  mfe.printStackTrace();
194  return keytab;
195  }
196  }

◆ getProvider()

static KerberosJdkProvider org.keycloak.common.util.KerberosJdkProvider.getProvider ( )
inlinestaticinherited
86  {
87  if (Environment.IS_IBM_JAVA) {
88  return new IBMJDKProvider();
89  } else {
90  return new SunJDKProvider();
91  }
92  }

◆ gssCredentialToKerberosTicket()

KerberosTicket org.keycloak.common.util.KerberosJdkProvider.IBMJDKProvider.gssCredentialToKerberosTicket ( KerberosTicket  kerberosTicket,
GSSCredential  gssCredential 
)
inline
218  {
219  if (kerberosTicket == null) {
220  throw new KerberosSerializationUtils.KerberosSerializationException("Not available kerberosTicket in subject credentials in IBM JDK");
221  } else {
222  return kerberosTicket;
223  }
224  }

◆ kerberosTicketToGSSCredential() [1/2]

GSSCredential org.keycloak.common.util.KerberosJdkProvider.kerberosTicketToGSSCredential ( KerberosTicket  kerberosTicket)
inlineinherited
54  {
55  return kerberosTicketToGSSCredential(kerberosTicket, GSSCredential.DEFAULT_LIFETIME, GSSCredential.INITIATE_ONLY);
56  }
org.keycloak.common.util.KerberosJdkProvider.kerberosTicketToGSSCredential
GSSCredential kerberosTicketToGSSCredential(KerberosTicket kerberosTicket)
Definition: KerberosJdkProvider.java:54

◆ kerberosTicketToGSSCredential() [2/2]

GSSCredential org.keycloak.common.util.KerberosJdkProvider.kerberosTicketToGSSCredential ( KerberosTicket  kerberosTicket,
final int  lifetime,
final int  usage 
)
inlineinherited
59  {
60  try {
61  final GSSManager gssManager = GSSManager.getInstance();
62 
63  KerberosPrincipal kerberosPrincipal = kerberosTicket.getClient();
64  String krbPrincipalName = kerberosTicket.getClient().getName();
65  final GSSName gssName = gssManager.createName(krbPrincipalName, KerberosConstants.KRB5_NAME_OID);
66 
67  Set<KerberosPrincipal> principals = Collections.singleton(kerberosPrincipal);
68  Set<GSSName> publicCreds = Collections.singleton(gssName);
69  Set<KerberosTicket> privateCreds = Collections.singleton(kerberosTicket);
70  Subject subject = new Subject(false, principals, publicCreds, privateCreds);
71 
72  return Subject.doAs(subject, new PrivilegedExceptionAction<GSSCredential>() {
73 
74  @Override
75  public GSSCredential run() throws Exception {
76  return gssManager.createCredential(gssName, lifetime, KerberosConstants.KRB5_OID, usage);
77  }
78 
79  });
80  } catch (Exception e) {
81  throw new KerberosSerializationUtils.KerberosSerializationException("Unexpected exception during convert KerberosTicket to GSSCredential", e);
82  }
83  }
このクラス詳解は次のファイルから抽出されました:
2018年10月29日(月) 00時34分27秒作成 - keycloak / 構成:   doxygen 1.8.13