public interface ExtendedGSSContext extends GSSContext
org.ietf.jgss.GSSContext,
such as querying context-specific attributes.| Modifier and Type | Interface and Description |
|---|---|
static class |
ExtendedGSSContext.ExtendedGSSContextImpl |
DEFAULT_LIFETIME, INDEFINITE_LIFETIME| Modifier and Type | Method and Description |
|---|---|
boolean |
getDelegPolicyState()
Returns the delegation policy response.
|
Object |
inquireSecContext(InquireType type)
Return the mechanism-specific attribute associated with
type. |
void |
requestDelegPolicy(boolean state)
Requests that the delegation policy be respected.
|
acceptSecContext, acceptSecContext, dispose, export, getAnonymityState, getConfState, getCredDelegState, getDelegCred, getIntegState, getLifetime, getMech, getMIC, getMIC, getMutualAuthState, getReplayDetState, getSequenceDetState, getSrcName, getTargName, getWrapSizeLimit, initSecContext, initSecContext, isEstablished, isInitiator, isProtReady, isTransferable, requestAnonymity, requestConf, requestCredDeleg, requestInteg, requestLifetime, requestMutualAuth, requestReplayDet, requestSequenceDet, setChannelBinding, unwrap, unwrap, verifyMIC, verifyMIC, wrap, wrapObject inquireSecContext(InquireType type) throws GSSException
type.
If there is a security manager, an InquireSecContextPermission
with the name type.mech must be granted. Otherwise, this could
result in a SecurityException.
Example:
GSSContext ctxt = m.createContext(...)
// Establishing the context
if (ctxt instanceof ExtendedGSSContext) {
ExtendedGSSContext ex = (ExtendedGSSContext)ctxt;
try {
Key key = (key)ex.inquireSecContext(
InquireType.KRB5_GET_SESSION_KEY);
// read key info
} catch (GSSException gsse) {
// deal with exception
}
}
type - the type of the attribute requestedGSSException - containing the following
major error codes:
GSSException.BAD_MECH if the mechanism
does not support this method,
GSSException.UNAVAILABLE if the
type specified is not supported,
GSSException.NO_CONTEXT if the
security context is invalid,
GSSException.FAILURE for other
unspecified failures.SecurityException - if a security manager exists and a proper
InquireSecContextPermission is not granted.InquireSecContextPermission,
InquireTypevoid requestDelegPolicy(boolean state)
throws GSSException
initSecContext.
When this flag is false, delegation will only be tried when the
credentials delegation flag
is true.
When this flag is true but the
credentials delegation flag
is false, delegation will be only tried if the delegation policy permits
delegation.
When both this flag and the
credentials delegation flag
are true, delegation will be always tried. However, if the delegation
policy does not permit delegation, the value of
getDelegPolicyState() will be false, even
if delegation is performed successfully.
In any case, if the delegation is not successful, the value returned
by GSSContext.getCredDelegState() is false, and the value
returned by getDelegPolicyState() is also false.
Not all mechanisms support delegation policy. Therefore, the
application should check to see if the request was honored with the
getDelegPolicyState method. When
delegation policy is not supported, requestDelegPolicy
should return silently without throwing an exception.
Note: for the Kerberos 5 mechanism, the delegation policy is expressed through the OK-AS-DELEGATE flag in the service ticket. When it's true, the KDC permits delegation to the target server. In a cross-realm environment, in order for delegation be permitted, all cross-realm TGTs on the authentication path must also have the OK-AS-DELAGATE flags set.
state - true if the policy should be respectedGSSException - containing the following
major error codes:
GSSException.FAILUREboolean getDelegPolicyState()
requestDelegPolicy(boolean).
Copyright © 2000, 2016, Oracle and/or its affiliates. All rights reserved.
DRAFT 9-internal+0-2016-04-14-195246.buildd.src