Class GSSAPIBindRequestProperties

    • Constructor Summary

      Constructors 
      Constructor Description
      GSSAPIBindRequestProperties​(java.lang.String authenticationID, byte[] password)
      Creates a new set of GSSAPI bind request properties with the provided information.
      GSSAPIBindRequestProperties​(java.lang.String authenticationID, java.lang.String password)
      Creates a new set of GSSAPI bind request properties with the provided information.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean enableGSSAPIDebugging()
      Indicates whether JVM-level debugging should be enabled for GSSAPI bind processing.
      java.util.List<SASLQualityOfProtection> getAllowedQoP()
      Retrieves the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
      java.lang.String getAuthenticationID()
      Retrieves the authentication ID for the GSSAPI bind request, if defined.
      java.lang.String getAuthorizationID()
      Retrieves the authorization ID for the GSSAPI bind request, if defined.
      java.lang.String getConfigFilePath()
      Retrieves the path to a JAAS configuration file that should be used when processing the GSSAPI bind request, if defined.
      java.lang.Boolean getIsInitiator()
      Indicates whether the client should be configured so that it explicitly indicates whether it is the initiator or the acceptor.
      java.lang.String getJAASClientName()
      Retrieves the name that will be used to identify this client in the JAAS framework.
      java.lang.String getKDCAddress()
      Retrieves the address to use for the Kerberos key distribution center, if defined.
      java.lang.String getKeyTabPath()
      Retrieves the path to the keytab file from which to obtain the user credentials.
      ASN1OctetString getPassword()
      Retrieves the password that should be used for the GSSAPI bind request, if defined.
      java.lang.String getRealm()
      Retrieves the realm to use for the GSSAPI bind request, if defined.
      java.lang.String getSASLClientServerName()
      Retrieves the server name that should be used when creating the Java SaslClient, if one is defined.
      java.lang.String getServicePrincipalProtocol()
      Retrieves the protocol specified in the service principal that the directory server uses for its communication with the KDC.
      java.util.Set<java.lang.String> getSuppressedSystemProperties()
      Retrieves a set of system properties that will not be altered by GSSAPI processing.
      java.lang.String getTicketCachePath()
      Retrieves the path to the Kerberos ticket cache file that should be used during authentication, if defined.
      boolean refreshKrb5Config()
      Indicates whether to refresh the configuration before the JAAS login method is called.
      boolean renewTGT()
      Indicates whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.
      boolean requireCachedCredentials()
      Indicates whether GSSAPI authentication should only occur using an existing Kerberos session.
      void setAllowedQoP​(SASLQualityOfProtection... allowedQoP)
      Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
      void setAllowedQoP​(java.util.List<SASLQualityOfProtection> allowedQoP)
      Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
      void setAuthenticationID​(java.lang.String authenticationID)
      Sets the authentication ID for the GSSAPI bind request.
      void setAuthorizationID​(java.lang.String authorizationID)
      Specifies the authorization ID for the GSSAPI bind request.
      void setConfigFilePath​(java.lang.String configFilePath)
      Specifies the path to a JAAS configuration file that should be used when processing the GSSAPI bind request.
      void setEnableGSSAPIDebugging​(boolean enableGSSAPIDebugging)
      Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing.
      void setIsInitiator​(java.lang.Boolean isInitiator)
      Specifies whether the client should explicitly indicate whether it is the GSSAPI initiator or acceptor.
      void setJAASClientName​(java.lang.String jaasClientName)
      Specifies the name that will be used to identify this client in the JAAS framework.
      void setKDCAddress​(java.lang.String kdcAddress)
      Specifies the address to use for the Kerberos key distribution center.
      void setKeyTabPath​(java.lang.String keyTabPath)
      Specifies the path to the keytab file from which to obtain the user credentials.
      void setPassword​(byte[] password)
      Specifies the password that should be used for the GSSAPI bind request.
      void setPassword​(ASN1OctetString password)
      Specifies the password that should be used for the GSSAPI bind request.
      void setPassword​(java.lang.String password)
      Specifies the password that should be used for the GSSAPI bind request.
      void setRealm​(java.lang.String realm)
      Specifies the realm to use for the GSSAPI bind request.
      void setRefreshKrb5Config​(boolean refreshKrb5Config)
      Specifies whether to refresh the configuration before the JAAS login method is called.
      void setRenewTGT​(boolean renewTGT)
      Specifies whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.
      void setRequireCachedCredentials​(boolean requireCachedCredentials)
      Specifies whether an GSSAPI authentication should only occur using an existing Kerberos session.
      void setSASLClientServerName​(java.lang.String saslClientServerName)
      Specifies the server name that should be used when creating the Java SaslClient.
      void setServicePrincipalProtocol​(java.lang.String servicePrincipalProtocol)
      Specifies the protocol specified in the service principal that the directory server uses for its communication with the KDC.
      void setSuppressedSystemProperties​(java.util.Collection<java.lang.String> suppressedSystemProperties)
      Specifies a set of system properties that will not be altered by GSSAPI processing.
      void setTicketCachePath​(java.lang.String ticketCachePath)
      Specifies the path to the Kerberos ticket cache file that should be used during authentication.
      void setUseKeyTab​(boolean useKeyTab)
      Specifies whether to use a keytab to obtain the user credentials.
      void setUseSubjectCredentialsOnly​(boolean useSubjectCredentialsOnly)
      Specifies whether to allow the client to use credentials that are outside the current subject.
      void setUseTicketCache​(boolean useTicketCache)
      Specifies whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.
      java.lang.String toString()
      Retrieves a string representation of the GSSAPI bind request properties.
      void toString​(java.lang.StringBuilder buffer)
      Appends a string representation of the GSSAPI bind request properties to the provided buffer.
      boolean useKeyTab()
      Indicates whether to use a keytab to obtain the user credentials.
      boolean useSubjectCredentialsOnly()
      Indicates whether to allow the client to use credentials that are outside of the current subject, obtained via some system-specific mechanism.
      boolean useTicketCache()
      Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Constructor Detail

      • GSSAPIBindRequestProperties

        public GSSAPIBindRequestProperties​(java.lang.String authenticationID,
                                           java.lang.String password)
        Creates a new set of GSSAPI bind request properties with the provided information.
        Parameters:
        authenticationID - The authentication ID for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.
        password - The password for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.
      • GSSAPIBindRequestProperties

        public GSSAPIBindRequestProperties​(java.lang.String authenticationID,
                                           byte[] password)
        Creates a new set of GSSAPI bind request properties with the provided information.
        Parameters:
        authenticationID - The authentication ID for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.
        password - The password for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.
    • Method Detail

      • getAuthenticationID

        public java.lang.String getAuthenticationID()
        Retrieves the authentication ID for the GSSAPI bind request, if defined.
        Returns:
        The authentication ID for the GSSAPI bind request, or null if an existing Kerberos session should be used.
      • setAuthenticationID

        public void setAuthenticationID​(java.lang.String authenticationID)
        Sets the authentication ID for the GSSAPI bind request.
        Parameters:
        authenticationID - The authentication ID for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.
      • getAuthorizationID

        public java.lang.String getAuthorizationID()
        Retrieves the authorization ID for the GSSAPI bind request, if defined.
        Returns:
        The authorizationID for the GSSAPI bind request, or null if the authorization ID should be the same as the authentication ID.
      • setAuthorizationID

        public void setAuthorizationID​(java.lang.String authorizationID)
        Specifies the authorization ID for the GSSAPI bind request.
        Parameters:
        authorizationID - The authorization ID for the GSSAPI bind request. It may be null if the authorization ID should be the same as the authentication ID.
      • getPassword

        public ASN1OctetString getPassword()
        Retrieves the password that should be used for the GSSAPI bind request, if defined.
        Returns:
        The password that should be used for the GSSAPI bind request, or null if an existing Kerberos session should be used.
      • setPassword

        public void setPassword​(java.lang.String password)
        Specifies the password that should be used for the GSSAPI bind request.
        Parameters:
        password - The password that should be used for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.
      • setPassword

        public void setPassword​(byte[] password)
        Specifies the password that should be used for the GSSAPI bind request.
        Parameters:
        password - The password that should be used for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.
      • setPassword

        public void setPassword​(ASN1OctetString password)
        Specifies the password that should be used for the GSSAPI bind request.
        Parameters:
        password - The password that should be used for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.
      • getRealm

        public java.lang.String getRealm()
        Retrieves the realm to use for the GSSAPI bind request, if defined.
        Returns:
        The realm to use for the GSSAPI bind request, or null if the request should attempt to use the default realm from the system configuration.
      • setRealm

        public void setRealm​(java.lang.String realm)
        Specifies the realm to use for the GSSAPI bind request.
        Parameters:
        realm - The realm to use for the GSSAPI bind request. It may be null if the request should attempt to use the default realm from the system configuration.
      • getAllowedQoP

        public java.util.List<SASLQualityOfProtectiongetAllowedQoP()
        Retrieves the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
        Returns:
        The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
      • setAllowedQoP

        public void setAllowedQoP​(java.util.List<SASLQualityOfProtection> allowedQoP)
        Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
        Parameters:
        allowedQoP - The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred. If this is null or empty, then a list containing only the SASLQualityOfProtection.AUTH quality of protection value will be used.
      • setAllowedQoP

        public void setAllowedQoP​(SASLQualityOfProtection... allowedQoP)
        Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
        Parameters:
        allowedQoP - The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred. If this is null or empty, then a list containing only the SASLQualityOfProtection.AUTH quality of protection value will be used.
      • getKDCAddress

        public java.lang.String getKDCAddress()
        Retrieves the address to use for the Kerberos key distribution center, if defined.
        Returns:
        The address to use for the Kerberos key distribution center, or null if request should attempt to determine the KDC address from the system configuration.
      • setKDCAddress

        public void setKDCAddress​(java.lang.String kdcAddress)
        Specifies the address to use for the Kerberos key distribution center.
        Parameters:
        kdcAddress - The address to use for the Kerberos key distribution center. It may be null if the request should attempt to determine the KDC address from the system configuration.
      • getJAASClientName

        public java.lang.String getJAASClientName()
        Retrieves the name that will be used to identify this client in the JAAS framework.
        Returns:
        The name that will be used to identify this client in the JAAS framework.
      • setJAASClientName

        public void setJAASClientName​(java.lang.String jaasClientName)
        Specifies the name that will be used to identify this client in the JAAS framework.
        Parameters:
        jaasClientName - The name that will be used to identify this client in the JAAS framework. It must not be null or empty.
      • getConfigFilePath

        public java.lang.String getConfigFilePath()
        Retrieves the path to a JAAS configuration file that should be used when processing the GSSAPI bind request, if defined.
        Returns:
        The path to a JAAS configuration file that should be used when processing the GSSAPI bind request, or null if a JAAS configuration file should be automatically constructed for the bind request.
      • setConfigFilePath

        public void setConfigFilePath​(java.lang.String configFilePath)
        Specifies the path to a JAAS configuration file that should be used when processing the GSSAPI bind request.
        Parameters:
        configFilePath - The path to a JAAS configuration file that should be used when processing the GSSAPI bind request. It may be null if a configuration file should be automatically constructed for the bind request.
      • getSASLClientServerName

        public java.lang.String getSASLClientServerName()
        Retrieves the server name that should be used when creating the Java SaslClient, if one is defined.
        Returns:
        The server name that should be used when creating the Java SaslClient, or null if none is defined and the SaslClient should use the address specified when establishing the connection.
      • setSASLClientServerName

        public void setSASLClientServerName​(java.lang.String saslClientServerName)
        Specifies the server name that should be used when creating the Java SaslClient.
        Parameters:
        saslClientServerName - The server name that should be used when creating the Java SaslClient. It may be null to indicate that the SaslClient should use the address specified when establishing the connection.
      • getServicePrincipalProtocol

        public java.lang.String getServicePrincipalProtocol()
        Retrieves the protocol specified in the service principal that the directory server uses for its communication with the KDC. The service principal is usually something like "ldap/directory.example.com", where "ldap" is the protocol and "directory.example.com" is the fully-qualified address of the directory server system, but some servers may allow authentication with a service principal with a protocol other than "ldap".
        Returns:
        The protocol specified in the service principal that the directory server uses for its communication with the KDC.
      • setServicePrincipalProtocol

        public void setServicePrincipalProtocol​(java.lang.String servicePrincipalProtocol)
        Specifies the protocol specified in the service principal that the directory server uses for its communication with the KDC. This should generally be "ldap", but some servers may allow a service principal with a protocol other than "ldap".
        Parameters:
        servicePrincipalProtocol - The protocol specified in the service principal that the directory server uses for its communication with the KDC.
      • refreshKrb5Config

        public boolean refreshKrb5Config()
        Indicates whether to refresh the configuration before the JAAS login method is called.
        Returns:
        true if the GSSAPI implementation should refresh the configuration before the JAAS login method is called, or false if not.
      • setRefreshKrb5Config

        public void setRefreshKrb5Config​(boolean refreshKrb5Config)
        Specifies whether to refresh the configuration before the JAAS login method is called.
        Parameters:
        refreshKrb5Config - Indicates whether to refresh the configuration before the JAAS login method is called.
      • useSubjectCredentialsOnly

        public boolean useSubjectCredentialsOnly()
        Indicates whether to allow the client to use credentials that are outside of the current subject, obtained via some system-specific mechanism.
        Returns:
        true if the client will only be allowed to use credentials that are within the current subject, or false if the client will be allowed to use credentials outside the current subject.
      • setUseSubjectCredentialsOnly

        public void setUseSubjectCredentialsOnly​(boolean useSubjectCredentialsOnly)
        Specifies whether to allow the client to use credentials that are outside the current subject. If this is false, then a system-specific mechanism may be used in an attempt to obtain credentials from an existing session.
        Parameters:
        useSubjectCredentialsOnly - Indicates whether to allow the client to use credentials that are outside of the current subject.
      • useKeyTab

        public boolean useKeyTab()
        Indicates whether to use a keytab to obtain the user credentials.
        Returns:
        true if the GSSAPI login attempt should use a keytab to obtain the user credentials, or false if not.
      • setUseKeyTab

        public void setUseKeyTab​(boolean useKeyTab)
        Specifies whether to use a keytab to obtain the user credentials.
        Parameters:
        useKeyTab - Indicates whether to use a keytab to obtain the user credentials.
      • getKeyTabPath

        public java.lang.String getKeyTabPath()
        Retrieves the path to the keytab file from which to obtain the user credentials. This will only be used if useKeyTab returns true.
        Returns:
        The path to the keytab file from which to obtain the user credentials, or null if the default keytab location should be used.
      • setKeyTabPath

        public void setKeyTabPath​(java.lang.String keyTabPath)
        Specifies the path to the keytab file from which to obtain the user credentials.
        Parameters:
        keyTabPath - The path to the keytab file from which to obtain the user credentials. It may be null if the default keytab location should be used.
      • useTicketCache

        public boolean useTicketCache()
        Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.
        Returns:
        true if a ticket cache may be used to take advantage of an existing Kerberos session, or false if Kerberos credentials should always be provided.
      • setUseTicketCache

        public void setUseTicketCache​(boolean useTicketCache)
        Specifies whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.
        Parameters:
        useTicketCache - Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.
      • requireCachedCredentials

        public boolean requireCachedCredentials()
        Indicates whether GSSAPI authentication should only occur using an existing Kerberos session.
        Returns:
        true if GSSAPI authentication should only use an existing Kerberos session and should fail if the client does not have an existing session, or false if the client will be allowed to create a new session if one does not already exist.
      • setRequireCachedCredentials

        public void setRequireCachedCredentials​(boolean requireCachedCredentials)
        Specifies whether an GSSAPI authentication should only occur using an existing Kerberos session.
        Parameters:
        requireCachedCredentials - Indicates whether an existing Kerberos session will be required for authentication. If true, then authentication will fail if the client does not already have an existing Kerberos session. This will be ignored if useTicketCache is false.
      • getTicketCachePath

        public java.lang.String getTicketCachePath()
        Retrieves the path to the Kerberos ticket cache file that should be used during authentication, if defined.
        Returns:
        The path to the Kerberos ticket cache file that should be used during authentication, or null if the default ticket cache file should be used.
      • setTicketCachePath

        public void setTicketCachePath​(java.lang.String ticketCachePath)
        Specifies the path to the Kerberos ticket cache file that should be used during authentication.
        Parameters:
        ticketCachePath - The path to the Kerberos ticket cache file that should be used during authentication. It may be null if the default ticket cache file should be used.
      • renewTGT

        public boolean renewTGT()
        Indicates whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.
        Returns:
        true if the client should attempt to renew its ticket-granting ticket if the authentication is processed using an existing Kerberos session, or false if not.
      • setRenewTGT

        public void setRenewTGT​(boolean renewTGT)
        Specifies whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.
        Parameters:
        renewTGT - Indicates whether to attempt to renew the client's ticket-granting ticket if an existing Kerberos session is used to authenticate.
      • getIsInitiator

        public java.lang.Boolean getIsInitiator()
        Indicates whether the client should be configured so that it explicitly indicates whether it is the initiator or the acceptor.
        Returns:
        Boolean.TRUE if the client should explicitly indicate that it is the GSSAPI initiator, Boolean.FALSE if the client should explicitly indicate that it is the GSSAPI acceptor, or null if the client should not explicitly indicate either state (which is the default if the setIsInitiator(java.lang.Boolean) method has not been called).
      • setIsInitiator

        public void setIsInitiator​(java.lang.Boolean isInitiator)
        Specifies whether the client should explicitly indicate whether it is the GSSAPI initiator or acceptor.
        Parameters:
        isInitiator - Indicates whether the client should be considered the GSSAPI initiator. A value of Boolean.TRUE means the client should explicitly indicate that it is the GSSAPI initiator. A value of Boolean.FALSE means the client should explicitly indicate that it is the GSSAPI acceptor. A value of null means that the client will not explicitly indicate one way or the other (although this behavior will only apply to Sun/Oracle-based implementations; on the IBM implementation, the client will always be the initiator unless explicitly configured otherwise).
      • getSuppressedSystemProperties

        public java.util.Set<java.lang.String> getSuppressedSystemProperties()
        Retrieves a set of system properties that will not be altered by GSSAPI processing.
        Returns:
        A set of system properties that will not be altered by GSSAPI processing.
      • setSuppressedSystemProperties

        public void setSuppressedSystemProperties​(java.util.Collection<java.lang.String> suppressedSystemProperties)
        Specifies a set of system properties that will not be altered by GSSAPI processing. This should generally only be used in cases in which the specified system properties are known to already be set correctly for the desired authentication processing.
        Parameters:
        suppressedSystemProperties - A set of system properties that will not be altered by GSSAPI processing. It may be null or empty to indicate that no properties should be suppressed.
      • enableGSSAPIDebugging

        public boolean enableGSSAPIDebugging()
        Indicates whether JVM-level debugging should be enabled for GSSAPI bind processing. If this is enabled, then debug information may be written to standard error when performing GSSAPI processing that could be useful for debugging authentication problems.
        Returns:
        true if JVM-level debugging should be enabled for GSSAPI bind processing, or false if not.
      • setEnableGSSAPIDebugging

        public void setEnableGSSAPIDebugging​(boolean enableGSSAPIDebugging)
        Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing. If this is enabled, then debug information may be written to standard error when performing GSSAPI processing that could be useful for debugging authentication problems.
        Parameters:
        enableGSSAPIDebugging - Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing.
      • toString

        public java.lang.String toString()
        Retrieves a string representation of the GSSAPI bind request properties.
        Overrides:
        toString in class java.lang.Object
        Returns:
        A string representation of the GSSAPI bind request properties.
      • toString

        public void toString​(java.lang.StringBuilder buffer)
        Appends a string representation of the GSSAPI bind request properties to the provided buffer.
        Parameters:
        buffer - The buffer to which the information should be appended.