keycloak
公開メンバ関数 | 静的公開メンバ関数 | 全メンバ一覧
org.keycloak.common.util.KerberosJdkProvider.SunJDKProvider クラス
org.keycloak.common.util.KerberosJdkProvider.SunJDKProvider の継承関係図
Inheritance graph
org.keycloak.common.util.KerberosJdkProvider.SunJDKProvider 連携図
Collaboration graph

公開メンバ関数

Configuration createJaasConfigurationForServer (final String keytab, final String serverPrincipal, final boolean debug)
 
Configuration createJaasConfigurationForUsernamePasswordLogin (final boolean debug)
 
KerberosTicket gssCredentialToKerberosTicket (KerberosTicket kerberosTicket, GSSCredential gssCredential)
 
GSSCredential kerberosTicketToGSSCredential (KerberosTicket kerberosTicket)
 
GSSCredential kerberosTicketToGSSCredential (KerberosTicket kerberosTicket, final int lifetime, final int usage)
 

静的公開メンバ関数

static KerberosJdkProvider getProvider ()
 

詳解

関数詳解

◆ createJaasConfigurationForServer()

Configuration org.keycloak.common.util.KerberosJdkProvider.SunJDKProvider.createJaasConfigurationForServer ( final String  keytab,
final String  serverPrincipal,
final boolean  debug 
)
inline
103  {
104  return new Configuration() {
105 
106  @Override
107  public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
108  Map<String, Object> options = new HashMap<>();
109  options.put("storeKey", "true");
110  options.put("doNotPrompt", "true");
111  options.put("isInitiator", "false");
112  options.put("useKeyTab", "true");
113 
114  options.put("keyTab", keytab);
115  options.put("principal", serverPrincipal);
116  options.put("debug", String.valueOf(debug));
117  AppConfigurationEntry kerberosLMConfiguration = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
118  return new AppConfigurationEntry[] { kerberosLMConfiguration };
119  }
120  };
121  }

◆ createJaasConfigurationForUsernamePasswordLogin()

Configuration org.keycloak.common.util.KerberosJdkProvider.SunJDKProvider.createJaasConfigurationForUsernamePasswordLogin ( final boolean  debug)
inline
125  {
126  return new Configuration() {
127 
128  @Override
129  public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
130  Map<String, Object> options = new HashMap<>();
131  options.put("storeKey", "true");
132  options.put("debug", String.valueOf(debug));
133  AppConfigurationEntry kerberosLMConfiguration = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
134  return new AppConfigurationEntry[] { kerberosLMConfiguration };
135  }
136  };
137  }

◆ getProvider()

static KerberosJdkProvider org.keycloak.common.util.KerberosJdkProvider.getProvider ( )
inlinestaticinherited
86  {
87  if (Environment.IS_IBM_JAVA) {
88  return new IBMJDKProvider();
89  } else {
90  return new SunJDKProvider();
91  }
92  }

◆ gssCredentialToKerberosTicket()

KerberosTicket org.keycloak.common.util.KerberosJdkProvider.SunJDKProvider.gssCredentialToKerberosTicket ( KerberosTicket  kerberosTicket,
GSSCredential  gssCredential 
)
inline
142  {
143  try {
144  Class<?> gssUtil = Class.forName("com.sun.security.jgss.GSSUtil");
145  Method createSubject = gssUtil.getMethod("createSubject", GSSName.class, GSSCredential.class);
146  Subject subject = (Subject) createSubject.invoke(null, null, gssCredential);
147  Set<KerberosTicket> kerberosTickets = subject.getPrivateCredentials(KerberosTicket.class);
148  Iterator<KerberosTicket> iterator = kerberosTickets.iterator();
149  if (iterator.hasNext()) {
150  return iterator.next();
151  } else {
152  throw new KerberosSerializationUtils.KerberosSerializationException("Not available kerberosTicket in subject credentials. Subject was: " + subject.toString());
153  }
154  } catch (KerberosSerializationUtils.KerberosSerializationException ke) {
155  throw ke;
156  } catch (Exception e) {
157  throw new KerberosSerializationUtils.KerberosSerializationException("Unexpected error during convert GSSCredential to KerberosTicket", e);
158  }
159  }

◆ kerberosTicketToGSSCredential() [1/2]

GSSCredential org.keycloak.common.util.KerberosJdkProvider.kerberosTicketToGSSCredential ( KerberosTicket  kerberosTicket)
inlineinherited
54  {
55  return kerberosTicketToGSSCredential(kerberosTicket, GSSCredential.DEFAULT_LIFETIME, GSSCredential.INITIATE_ONLY);
56  }
org.keycloak.common.util.KerberosJdkProvider.kerberosTicketToGSSCredential
GSSCredential kerberosTicketToGSSCredential(KerberosTicket kerberosTicket)
Definition: KerberosJdkProvider.java:54

◆ kerberosTicketToGSSCredential() [2/2]

GSSCredential org.keycloak.common.util.KerberosJdkProvider.kerberosTicketToGSSCredential ( KerberosTicket  kerberosTicket,
final int  lifetime,
final int  usage 
)
inlineinherited
59  {
60  try {
61  final GSSManager gssManager = GSSManager.getInstance();
62 
63  KerberosPrincipal kerberosPrincipal = kerberosTicket.getClient();
64  String krbPrincipalName = kerberosTicket.getClient().getName();
65  final GSSName gssName = gssManager.createName(krbPrincipalName, KerberosConstants.KRB5_NAME_OID);
66 
67  Set<KerberosPrincipal> principals = Collections.singleton(kerberosPrincipal);
68  Set<GSSName> publicCreds = Collections.singleton(gssName);
69  Set<KerberosTicket> privateCreds = Collections.singleton(kerberosTicket);
70  Subject subject = new Subject(false, principals, publicCreds, privateCreds);
71 
72  return Subject.doAs(subject, new PrivilegedExceptionAction<GSSCredential>() {
73 
74  @Override
75  public GSSCredential run() throws Exception {
76  return gssManager.createCredential(gssName, lifetime, KerberosConstants.KRB5_OID, usage);
77  }
78 
79  });
80  } catch (Exception e) {
81  throw new KerberosSerializationUtils.KerberosSerializationException("Unexpected exception during convert KerberosTicket to GSSCredential", e);
82  }
83  }
このクラス詳解は次のファイルから抽出されました:
2018年10月29日(月) 00時34分27秒作成 - keycloak / 構成:   doxygen 1.8.13