Class KerberosServiceRequestToken
java.lang.Object
org.springframework.security.authentication.AbstractAuthenticationToken
org.springframework.security.kerberos.authentication.KerberosServiceRequestToken
- All Implemented Interfaces:
Serializable,Principal,Authentication,CredentialsContainer,KerberosAuthentication
public class KerberosServiceRequestToken
extends AbstractAuthenticationToken
implements KerberosAuthentication
Holds the Kerberos/SPNEGO token for requesting a kerberized service and is also the
output of KerberosServiceAuthenticationProvider.
Will mostly be created in SpnegoAuthenticationProcessingFilter and
authenticated in KerberosServiceAuthenticationProvider.
- Since:
- 1.0
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class org.springframework.security.authentication.AbstractAuthenticationToken
AbstractAuthenticationToken.AbstractAuthenticationBuilder<B extends AbstractAuthenticationToken.AbstractAuthenticationBuilder<B>>Nested classes/interfaces inherited from interface org.springframework.security.core.Authentication
Authentication.Builder<B extends Authentication.Builder<B>> -
Constructor Summary
ConstructorsConstructorDescriptionKerberosServiceRequestToken(byte[] token) Creates an unauthenticated instance which should then be authenticated byKerberosServiceAuthenticationProvider.KerberosServiceRequestToken(Object principal, KerberosTicketValidation ticketValidation, Collection<? extends GrantedAuthority> authorities, byte[] token) Creates an authenticated token, normally used as an output of an authentication provider. -
Method Summary
Modifier and TypeMethodDescriptionbyte[]decrypt(byte[] data) Unwraps an encrypted message using the gss contextbyte[]decrypt(byte[] data, int offset, int length) Unwraps an encrypted message using the gss contextbyte[]encrypt(byte[] data) Wraps an message using the gss contextbyte[]encrypt(byte[] data, int offset, int length) Wraps an message using the gss contextbooleanequals() is based only on the Kerberos tokenThe credentials that prove the principal is correct.Gets the (Base64) encoded response token assuming one is available.The identity of the principal being authenticated.Gets the ticket validationbyte[]getToken()Returns the Kerberos tokeninthashCode()Calculates hashcode based on the Kerberos tokenbooleanDetermines whether an authenticated token has a response tokenMethods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken
eraseCredentials, getAuthorities, getDetails, getName, isAuthenticated, setAuthenticated, setDetails, toStringMethods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, waitMethods inherited from interface org.springframework.security.core.Authentication
toBuilder
-
Constructor Details
-
KerberosServiceRequestToken
public KerberosServiceRequestToken(Object principal, KerberosTicketValidation ticketValidation, Collection<? extends GrantedAuthority> authorities, byte[] token) Creates an authenticated token, normally used as an output of an authentication provider.- Parameters:
principal- the user principal (mostly of instanceUserDetails)ticketValidation- result of ticket validationauthorities- the authorities which are granted to the usertoken- the Kerberos/SPNEGO token- See Also:
-
KerberosServiceRequestToken
public KerberosServiceRequestToken(byte[] token) Creates an unauthenticated instance which should then be authenticated byKerberosServiceAuthenticationProvider.- Parameters:
token- Kerberos/SPNEGO token- See Also:
-
-
Method Details
-
equals
equals() is based only on the Kerberos token- Specified by:
equalsin interfacePrincipal- Overrides:
equalsin classAbstractAuthenticationToken
-
hashCode
public int hashCode()Calculates hashcode based on the Kerberos token- Specified by:
hashCodein interfacePrincipal- Overrides:
hashCodein classAbstractAuthenticationToken
-
getCredentials
Description copied from interface:AuthenticationThe credentials that prove the principal is correct. This is usually a password, but could be anything relevant to theAuthenticationManager. Callers are expected to populate the credentials.- Specified by:
getCredentialsin interfaceAuthentication- Returns:
- the credentials that prove the identity of the
Principal
-
getPrincipal
Description copied from interface:AuthenticationThe identity of the principal being authenticated. In the case of an authentication request with username and password, this would be the username. Callers are expected to populate the principal for an authentication request.The AuthenticationManager implementation will often return an Authentication containing richer information as the principal for use by the application. Many of the authentication providers will create a
UserDetailsobject as the principal.- Specified by:
getPrincipalin interfaceAuthentication- Returns:
- the
Principalbeing authenticated or the authenticated principal after authentication.
-
getToken
public byte[] getToken()Returns the Kerberos token- Returns:
- the token data
-
getTicketValidation
Gets the ticket validation- Returns:
- the ticket validation (which will be null if the token is unauthenticated)
-
hasResponseToken
public boolean hasResponseToken()Determines whether an authenticated token has a response token- Returns:
- whether a response token is available
-
getEncodedResponseToken
Gets the (Base64) encoded response token assuming one is available.- Returns:
- encoded response token
-
decrypt
Unwraps an encrypted message using the gss context- Parameters:
data- the dataoffset- data offsetlength- data length- Returns:
- the decrypted message
- Throws:
PrivilegedActionException- if jaas throws and error
-
decrypt
Unwraps an encrypted message using the gss context- Parameters:
data- the data- Returns:
- the decrypted message
- Throws:
PrivilegedActionException- if jaas throws and error
-
encrypt
Wraps an message using the gss context- Parameters:
data- the dataoffset- data offsetlength- data length- Returns:
- the encrypted message
- Throws:
PrivilegedActionException- if jaas throws and error
-
encrypt
Wraps an message using the gss context- Parameters:
data- the data- Returns:
- the encrypted message
- Throws:
PrivilegedActionException- if jaas throws and error
-
getJaasSubjectHolder
- Specified by:
getJaasSubjectHolderin interfaceKerberosAuthentication
-