| java.lang.Object | |
| ↳ | sun.security.krb5.Credentials |
Class Overview
This class encapsulates the concept of a Kerberos service credential. That includes a Kerberos ticket and an associated session key.
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Acquires default credentials.
| |||||||||||
Acquires credentials for a specified service using initial credential.
| |||||||||||
Returns a TGT for the given client principal via an AS-Exchange.
| |||||||||||
Returns a TGT for the given client principal from a ticket cache.
| |||||||||||
Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE
flag set
| |||||||||||
Acquires a service ticket for the specified service
principal.
| |||||||||||
Gets service credential from key table.
| |||||||||||
Returns a string representation of the object.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
Public Constructors
public Credentials (Ticket new_ticket, PrincipalName new_client, PrincipalName new_server, EncryptionKey new_key, TicketFlags new_flags, KerberosTime authTime, KerberosTime new_startTime, KerberosTime new_endTime, KerberosTime renewTill, HostAddresses cAddr)
public Credentials (byte[] encoding, String client, String server, byte[] keyBytes, int keyType, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] cAddrs)
Throws
| IOException | |
|---|---|
| KrbException |
Public Methods
public static synchronized Credentials acquireDefaultCreds ()
Acquires default credentials.
The possible locations for default credentials cache is searched in
the following order:
- The directory and cache file name specified by "KRB5CCNAME" system. property.
- The directory and cache file name specified by "KRB5CCNAME" environment variable.
- A cache file named krb5cc_{user.name} at {user.home} directory.
Returns
- a
KrbCredsobject if the credential is found, otherwise return null.
public static Credentials acquireServiceCreds (String service, Credentials ccreds)
Acquires credentials for a specified service using initial credential. When the service has a different realm from the initial credential, we do cross-realm authentication - first, we use the current credential to get a cross-realm credential from the local KDC, then use that cross-realm credential to request service credential from the foreigh KDC.
Parameters
| service | the name of service principal using format components@realm |
|---|---|
| ccreds | client's initial credential. |
Returns
- a
Credentialsobject.
Throws
| IOException | if an error occurs in reading the credentials cache |
|---|---|
| KrbException | if an error occurs specific to Kerberos |
public static Credentials acquireTGT (PrincipalName princ, EncryptionKey[] secretKeys, char[] password)
Returns a TGT for the given client principal via an AS-Exchange. This method causes pre-authentication data to be sent in the AS-REQ.
Parameters
| princ | the client principal. This value cannot be null. |
|---|
Throws
| IOException | |
|---|---|
| KrbException |
public static Credentials acquireTGTFromCache (PrincipalName princ, String ticketCache)
Returns a TGT for the given client principal from a ticket cache.
Parameters
| princ | the client principal. A value of null means that the default principal name in the credentials cache will be used. |
|---|---|
| ticketCache | the path to the tickets file. A value of null will be accepted to indicate that the default path should be searched |
Throws
| IOException | |
|---|---|
| KrbException |
public boolean checkDelegate ()
Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE flag set
Returns
- true if OK-AS_DELEGATE flag is set, otherwise, return false.
public CredentialsCache getCache ()
public final PrincipalName getClient ()
Acquires a service ticket for the specified service principal. If the service ticket is not already available, it obtains a new one from the KDC.
public final byte[] getEncoded ()
public final boolean[] getFlags ()
public static Credentials getServiceCreds (String serviceName, File keyTabFile)
Gets service credential from key table. The credential is used to decrypt the received client message and authenticate the client by verifying the client's credential.
Parameters
| serviceName | the name of service, using format component@realm |
|---|---|
| keyTabFile | the file of key table. |
Returns
- a
KrbCredsobject.
public Ticket getTicket ()
public TicketFlags getTicketFlags ()
public boolean isForwardable ()
public boolean isRenewable ()
public String toString ()
Returns a string representation of the object. In general, the
toString method returns a string that
"textually represents" this object. The result should
be a concise but informative representation that is easy for a
person to read.
It is recommended that all subclasses override this method.
The toString method for class Object
returns a string consisting of the name of the class of which the
object is an instance, the at-sign character `@', and
the unsigned hexadecimal representation of the hash code of the
object. In other words, this method returns a string equal to the
value of:
getClass().getName() + '@' + Integer.toHexString(hashCode())
Returns
- a string representation of the object.