Example usage for javax.security.auth.kerberos KerberosTicket getSessionKey

List of usage examples for javax.security.auth.kerberos KerberosTicket getSessionKey

  1. HOME
  2. Java
  3. javax
  4. javax.security.auth.kerberos.*
  5. KerberosTicket
  6. getSessionKey

Introduction

In this page you can find the example usage for javax.security.auth.kerberos KerberosTicket getSessionKey.

Prototype

public final SecretKey getSessionKey()

Source Link

Document

Returns the session key associated with this ticket.

Usage

From source file:org.apache.ws.security.message.token.KerberosSecurity.java

/**
 * Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
 * BinarySecurityToken.//w  w  w  .j a  va  2 s.  c om
 * @param jaasLoginModuleName the JAAS Login Module name to use
 * @param callbackHandler a CallbackHandler instance to retrieve a password (optional)
 * @param serviceName the desired Kerberized service
 * @throws WSSecurityException
 */
public void retrieveServiceTicket(String jaasLoginModuleName, CallbackHandler callbackHandler,
        String serviceName) throws WSSecurityException {
    // Get a TGT from the KDC using JAAS
    LoginContext loginContext = null;
    try {
        if (callbackHandler == null) {
            loginContext = new LoginContext(jaasLoginModuleName);
        } else {
            loginContext = new LoginContext(jaasLoginModuleName, callbackHandler);
        }
        loginContext.login();
    } catch (LoginException ex) {
        if (log.isDebugEnabled()) {
            log.debug(ex.getMessage(), ex);
        }
        throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError",
                new Object[] { ex.getMessage() }, ex);
    }
    if (log.isDebugEnabled()) {
        log.debug("Successfully authenticated to the TGT");
    }

    Subject clientSubject = loginContext.getSubject();
    Set<Principal> clientPrincipals = clientSubject.getPrincipals();
    if (clientPrincipals.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError",
                new Object[] { "No Client principals found after login" });
    }
    // Store the TGT
    KerberosTicket tgt = getKerberosTicket(clientSubject, null);

    // Get the service ticket
    KerberosClientAction action = new KerberosClientAction(clientPrincipals.iterator().next(), serviceName);
    byte[] ticket = (byte[]) Subject.doAs(clientSubject, action);
    if (ticket == null) {
        throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosServiceTicketError");
    }
    if (log.isDebugEnabled()) {
        log.debug("Successfully retrieved a service ticket");
    }

    // Get the Service Ticket (private credential)
    KerberosTicket serviceTicket = getKerberosTicket(clientSubject, tgt);
    if (serviceTicket != null) {
        secretKey = serviceTicket.getSessionKey();
    }

    setToken(ticket);

    if ("".equals(getValueType())) {
        setValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
    }
}