org.springframework.security.extensions.kerberos
Class SunJaasKerberosTicketValidator

java.lang.Object
  extended by org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator
All Implemented Interfaces:
InitializingBean, KerberosTicketValidator

public class SunJaasKerberosTicketValidator
extends Object
implements KerberosTicketValidator, InitializingBean

Implementation of KerberosTicketValidator which uses the SUN JAAS login module, which is included in the SUN JRE, it will not work with an IBM JRE. The whole configuration is done in this class, no additional JAAS configuration is needed.

Since:
1.0
Version:
$Id: SunJaasKerberosTicketValidator.java 35 2009-09-03 18:15:03Z mwiesner $
Author:
Mike Wiesner

Constructor Summary
SunJaasKerberosTicketValidator()
           
 
Method Summary
 void afterPropertiesSet()
           
 void setDebug(boolean debug)
          Enables the debug mode of the JAAS Kerberos login module
 void setKeyTabLocation(Resource keyTabLocation)
          The location of the keytab.
 void setServicePrincipal(String servicePrincipal)
          The service principal of the application.
 String validateTicket(byte[] token)
          Validates a Kerberos/SPNEGO ticket.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SunJaasKerberosTicketValidator

public SunJaasKerberosTicketValidator()
Method Detail

validateTicket

public String validateTicket(byte[] token)
Description copied from interface: KerberosTicketValidator
Validates a Kerberos/SPNEGO ticket.

Specified by:
validateTicket in interface KerberosTicketValidator
Parameters:
token - Kerbeos/SPNEGO ticket
Returns:
authenticated kerberos principal

setServicePrincipal

public void setServicePrincipal(String servicePrincipal)
The service principal of the application. For web apps this is HTTP/full-qualified-domain-name@DOMAIN. The keytab must contain the key for this principal.

Parameters:
servicePrincipal - service principal to use
See Also:
setKeyTabLocation(Resource)

setKeyTabLocation

public void setKeyTabLocation(Resource keyTabLocation)
The location of the keytab. You can use the normale Spring Resource prefixes like file: or classpath:, but as the file is later on read by JAAS, we cannot guarantee that classpath works in every environment, esp. not in Java EE application servers. You should use file: there.

Parameters:
keyTabLocation - The location where the keytab resides

setDebug

public void setDebug(boolean debug)
Enables the debug mode of the JAAS Kerberos login module

Parameters:
debug - default is false

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception


Copyright © 2009 SpringSource, Inc. All Rights Reserved.