List of usage examples for javax.security.auth.kerberos KerberosTicket getServer
public final KerberosPrincipal getServer()
From source file:com.buaa.cfs.utils.SecurityUtil.java
/** * Check whether the server principal is the TGS's principal * * @param ticket the original TGT (the ticket that is obtained when a kinit is done) * * @return true or false//from w ww.j a v a 2 s . c om */ public static boolean isOriginalTGT(KerberosTicket ticket) { return isTGSPrincipal(ticket.getServer()); }
From source file:org.apache.hadoop.security.SecurityUtil.java
/** * Find the original TGT within the current subject's credentials. Cross-realm * TGT's of the form "krbtgt/TWO.COM@ONE.COM" may be present. * //from ww w .j av a 2 s .c o m * @return The TGT from the current subject * @throws IOException * if TGT can't be found */ private static KerberosTicket getTgtFromSubject() throws IOException { Subject current = Subject.getSubject(AccessController.getContext()); if (current == null) { throw new IOException("Can't get TGT from current Subject, because it is null"); } Set<KerberosTicket> tickets = current.getPrivateCredentials(KerberosTicket.class); for (KerberosTicket t : tickets) { if (isOriginalTGT(t.getServer().getName())) return t; } throw new IOException("Failed to find TGT from current Subject:" + current); }
From source file:org.apache.hadoop.security.UserGroupInformation.java
/** * Get the Kerberos TGT/*from w ww.j av a2s .c o m*/ * @return the user's TGT or null if none was found */ private synchronized KerberosTicket getTGT() { Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { if (LOG.isDebugEnabled()) { LOG.debug("Found tgt " + ticket); } return ticket; } } return null; }
From source file:org.apache.nifi.security.krb.AbstractKerberosUser.java
/** * Get the Kerberos TGT./*from w w w. ja v a 2 s. c o m*/ * * @return the user's TGT or null if none was found */ private synchronized KerberosTicket getTGT() { final Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class); for (KerberosTicket ticket : tickets) { if (isTGSPrincipal(ticket.getServer())) { return ticket; } } return null; }
From source file:uk.ac.ox.webauth.WebauthGetTokensRequest.java
/** * Simple test method that tries to post the request to the WebKDC and parse * the response message./*from w w w. ja v a 2s . c om*/ * @param args First principal and then the keytab to load a key from, * then the service to generate the KRB_AP_REQ message for, * then the url to post the request to. * @throws Exception when something goes wrong. */ public static void main(String[] args) throws Exception { // get some keys to decrypt with long start = System.currentTimeMillis(); KeytabKeyLoader kkl = new KeytabKeyLoader(args[0], args[1], false); Subject sub = kkl.acquire(); long stop = System.currentTimeMillis(); System.out.println("Grabbing private key took " + (stop - start) + " milliseconds."); // grab the service ticket start = System.currentTimeMillis(); try { Subject.doAs(sub, new ServiceTicketGrabberHack(args[0], args[2])); } catch (Exception e) { e.printStackTrace(); } KerberosTicket ticket = null; for (KerberosTicket t : sub.getPrivateCredentials(KerberosTicket.class)) { if (t.getServer().getName().startsWith(args[2])) { ticket = t; } } stop = System.currentTimeMillis(); System.out.println("Getting the service ticket took " + (stop - start) + " milliseconds."); // request a webkdc token start = System.currentTimeMillis(); byte[] krb_ap_req = new KrbApReq(ticket).toASN1Object().getEncoded(); WebauthGetTokensRequest wgtr = new WebauthGetTokensRequest(args[3], krb_ap_req); wgtr.tokenRequest(); stop = System.currentTimeMillis(); System.out.println("Getting the WebKDC token took " + (stop - start) + " milliseconds."); System.out.println("Token data: " + wgtr.tokenData()); System.out.println("Session key: " + wgtr.sessionKey()); System.out.println("Expires: " + wgtr.expires()); System.out.println("Success."); }