Class KerberosServiceRequestToken

java.lang.Object
org.springframework.security.authentication.AbstractAuthenticationToken
org.springframework.security.kerberos.authentication.KerberosServiceRequestToken
All Implemented Interfaces:
Serializable, Principal, org.springframework.security.core.Authentication, org.springframework.security.core.CredentialsContainer, KerberosAuthentication

public class KerberosServiceRequestToken extends org.springframework.security.authentication.AbstractAuthenticationToken implements KerberosAuthentication

Holds the Kerberos/SPNEGO token for requesting a kerberized service and is also the output of KerberosServiceAuthenticationProvider.

Will mostly be created in SpnegoAuthenticationProcessingFilter and authenticated in KerberosServiceAuthenticationProvider.

This token cannot be re-authenticated, as you will get a Kerberos Reply error.
Since:
1.0
See Also:
  • Constructor Details

    • KerberosServiceRequestToken

      public KerberosServiceRequestToken(Object principal, KerberosTicketValidation ticketValidation, Collection<? extends org.springframework.security.core.GrantedAuthority> authorities, byte[] token)
      Creates an authenticated token, normally used as an output of an authentication provider.
      Parameters:
      principal - the user principal (mostly of instance UserDetails)
      ticketValidation - result of ticket validation
      authorities - the authorities which are granted to the user
      token - the Kerberos/SPNEGO token
      See Also:
      • UserDetails
    • KerberosServiceRequestToken

      public KerberosServiceRequestToken(byte[] token)
      Creates an unauthenticated instance which should then be authenticated by KerberosServiceAuthenticationProvider.
      Parameters:
      token - Kerberos/SPNEGO token
      See Also:
  • Method Details

    • hashCode

      public int hashCode()
      Calculates hashcode based on the Kerberos token
      Specified by:
      hashCode in interface Principal
      Overrides:
      hashCode in class org.springframework.security.authentication.AbstractAuthenticationToken
    • equals

      public boolean equals(Object obj)
      equals() is based only on the Kerberos token
      Specified by:
      equals in interface Principal
      Overrides:
      equals in class org.springframework.security.authentication.AbstractAuthenticationToken
    • getCredentials

      public Object getCredentials()
      Specified by:
      getCredentials in interface org.springframework.security.core.Authentication
    • getPrincipal

      public Object getPrincipal()
      Specified by:
      getPrincipal in interface org.springframework.security.core.Authentication
    • getToken

      public byte[] getToken()
      Returns the Kerberos token
      Returns:
      the token data
    • getTicketValidation

      public KerberosTicketValidation getTicketValidation()
      Gets the ticket validation
      Returns:
      the ticket validation (which will be null if the token is unauthenticated)
    • hasResponseToken

      public boolean hasResponseToken()
      Determines whether an authenticated token has a response token
      Returns:
      whether a response token is available
    • getEncodedResponseToken

      public String getEncodedResponseToken()
      Gets the (Base64) encoded response token assuming one is available.
      Returns:
      encoded response token
    • decrypt

      public byte[] decrypt(byte[] data, int offset, int length) throws PrivilegedActionException
      Unwraps an encrypted message using the gss context
      Parameters:
      data - the data
      offset - data offset
      length - data length
      Returns:
      the decrypted message
      Throws:
      PrivilegedActionException - if jaas throws and error
    • decrypt

      public byte[] decrypt(byte[] data) throws PrivilegedActionException
      Unwraps an encrypted message using the gss context
      Parameters:
      data - the data
      Returns:
      the decrypted message
      Throws:
      PrivilegedActionException - if jaas throws and error
    • encrypt

      public byte[] encrypt(byte[] data, int offset, int length) throws PrivilegedActionException
      Wraps an message using the gss context
      Parameters:
      data - the data
      offset - data offset
      length - data length
      Returns:
      the encrypted message
      Throws:
      PrivilegedActionException - if jaas throws and error
    • encrypt

      public byte[] encrypt(byte[] data) throws PrivilegedActionException
      Wraps an message using the gss context
      Parameters:
      data - the data
      Returns:
      the encrypted message
      Throws:
      PrivilegedActionException - if jaas throws and error
    • getJaasSubjectHolder

      public JaasSubjectHolder getJaasSubjectHolder()
      Specified by:
      getJaasSubjectHolder in interface KerberosAuthentication