Class KerberosServiceRequestToken
java.lang.Object
org.springframework.security.authentication.AbstractAuthenticationToken
org.springframework.security.kerberos.authentication.KerberosServiceRequestToken
- All Implemented Interfaces:
Serializable
,Principal
,Authentication
,CredentialsContainer
,KerberosAuthentication
public class KerberosServiceRequestToken
extends AbstractAuthenticationToken
implements KerberosAuthentication
Holds the Kerberos/SPNEGO token for requesting a kerberized service and is also the
output of KerberosServiceAuthenticationProvider
.
Will mostly be created in SpnegoAuthenticationProcessingFilter
and
authenticated in KerberosServiceAuthenticationProvider
.
- Since:
- 1.0
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class org.springframework.security.authentication.AbstractAuthenticationToken
AbstractAuthenticationToken.AbstractAuthenticationBuilder<B extends AbstractAuthenticationToken.AbstractAuthenticationBuilder<B>>
Nested classes/interfaces inherited from interface org.springframework.security.core.Authentication
Authentication.Builder<B extends Authentication.Builder<B>>
-
Constructor Summary
ConstructorsConstructorDescriptionKerberosServiceRequestToken
(byte[] token) Creates an unauthenticated instance which should then be authenticated byKerberosServiceAuthenticationProvider
.KerberosServiceRequestToken
(Object principal, KerberosTicketValidation ticketValidation, Collection<? extends GrantedAuthority> authorities, byte[] token) Creates an authenticated token, normally used as an output of an authentication provider. -
Method Summary
Modifier and TypeMethodDescriptionbyte[]
decrypt
(byte[] data) Unwraps an encrypted message using the gss contextbyte[]
decrypt
(byte[] data, int offset, int length) Unwraps an encrypted message using the gss contextbyte[]
encrypt
(byte[] data) Wraps an message using the gss contextbyte[]
encrypt
(byte[] data, int offset, int length) Wraps an message using the gss contextboolean
equals() is based only on the Kerberos tokenThe credentials that prove the principal is correct.Gets the (Base64) encoded response token assuming one is available.The identity of the principal being authenticated.Gets the ticket validationbyte[]
getToken()
Returns the Kerberos tokenint
hashCode()
Calculates hashcode based on the Kerberos tokenboolean
Determines whether an authenticated token has a response tokenMethods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken
eraseCredentials, getAuthorities, getDetails, getName, isAuthenticated, setAuthenticated, setDetails, toString
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.springframework.security.core.Authentication
toBuilder
-
Constructor Details
-
KerberosServiceRequestToken
public KerberosServiceRequestToken(Object principal, KerberosTicketValidation ticketValidation, Collection<? extends GrantedAuthority> authorities, byte[] token) Creates an authenticated token, normally used as an output of an authentication provider.- Parameters:
principal
- the user principal (mostly of instanceUserDetails
)ticketValidation
- result of ticket validationauthorities
- the authorities which are granted to the usertoken
- the Kerberos/SPNEGO token- See Also:
-
KerberosServiceRequestToken
public KerberosServiceRequestToken(byte[] token) Creates an unauthenticated instance which should then be authenticated byKerberosServiceAuthenticationProvider
.- Parameters:
token
- Kerberos/SPNEGO token- See Also:
-
-
Method Details
-
equals
equals() is based only on the Kerberos token- Specified by:
equals
in interfacePrincipal
- Overrides:
equals
in classAbstractAuthenticationToken
-
hashCode
public int hashCode()Calculates hashcode based on the Kerberos token- Specified by:
hashCode
in interfacePrincipal
- Overrides:
hashCode
in classAbstractAuthenticationToken
-
getCredentials
Description copied from interface:Authentication
The credentials that prove the principal is correct. This is usually a password, but could be anything relevant to theAuthenticationManager
. Callers are expected to populate the credentials.- Specified by:
getCredentials
in interfaceAuthentication
- Returns:
- the credentials that prove the identity of the
Principal
-
getPrincipal
Description copied from interface:Authentication
The identity of the principal being authenticated. In the case of an authentication request with username and password, this would be the username. Callers are expected to populate the principal for an authentication request.The AuthenticationManager implementation will often return an Authentication containing richer information as the principal for use by the application. Many of the authentication providers will create a
UserDetails
object as the principal.- Specified by:
getPrincipal
in interfaceAuthentication
- Returns:
- the
Principal
being authenticated or the authenticated principal after authentication.
-
getToken
public byte[] getToken()Returns the Kerberos token- Returns:
- the token data
-
getTicketValidation
Gets the ticket validation- Returns:
- the ticket validation (which will be null if the token is unauthenticated)
-
hasResponseToken
public boolean hasResponseToken()Determines whether an authenticated token has a response token- Returns:
- whether a response token is available
-
getEncodedResponseToken
Gets the (Base64) encoded response token assuming one is available.- Returns:
- encoded response token
-
decrypt
Unwraps an encrypted message using the gss context- Parameters:
data
- the dataoffset
- data offsetlength
- data length- Returns:
- the decrypted message
- Throws:
PrivilegedActionException
- if jaas throws and error
-
decrypt
Unwraps an encrypted message using the gss context- Parameters:
data
- the data- Returns:
- the decrypted message
- Throws:
PrivilegedActionException
- if jaas throws and error
-
encrypt
Wraps an message using the gss context- Parameters:
data
- the dataoffset
- data offsetlength
- data length- Returns:
- the encrypted message
- Throws:
PrivilegedActionException
- if jaas throws and error
-
encrypt
Wraps an message using the gss context- Parameters:
data
- the data- Returns:
- the encrypted message
- Throws:
PrivilegedActionException
- if jaas throws and error
-
getJaasSubjectHolder
- Specified by:
getJaasSubjectHolder
in interfaceKerberosAuthentication
-