Package org.apache.wss4j.dom.validate

Class KerberosTokenValidator

java.lang.Object
org.apache.wss4j.dom.validate.KerberosTokenValidator
All Implemented Interfaces:
Validator
public class KerberosTokenValidator extends Object implements Validator

  • Constructor Details

    • KerberosTokenValidator

      public KerberosTokenValidator()

  • Method Details

    • getContextName

      public String getContextName()
      Get the JAAS Login context name to use.
      Returns:
      the JAAS Login context name to use

    • setContextName

      public void setContextName(String contextName)
      Set the JAAS Login context name to use.
      Parameters:
      contextName - the JAAS Login context name to use

    • getCallbackHandler

      public CallbackHandler getCallbackHandler()
      Get the CallbackHandler to use with the LoginContext
      Returns:
      the CallbackHandler to use with the LoginContext

    • setCallbackHandler

      public void setCallbackHandler(CallbackHandler callbackHandler)
      Set the CallbackHandler to use with the LoginContext. It can be null.
      Parameters:
      callbackHandler - the CallbackHandler to use with the LoginContext

    • setServiceName

      public void setServiceName(String serviceName)
      The name of the service to use when contacting the KDC. This value can be null, in which case it defaults to the current principal name.
      Parameters:
      serviceName - the name of the service to use when contacting the KDC

    • getServiceName

      public String getServiceName()
      Get the name of the service to use when contacting the KDC. This value can be null, in which case it defaults to the current principal name.
      Returns:
      the name of the service to use when contacting the KDC

    • getKerberosTokenDecoder

      public KerberosTokenDecoder getKerberosTokenDecoder()
      Get the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.
      Returns:
      the KerberosTokenDecoder instance used to extract a session key

    • setKerberosTokenDecoder

      public void setKerberosTokenDecoder(KerberosTokenDecoder kerberosTokenDecoder)
      Set the KerberosTokenDecoder instance used to extract a session key from the received Kerberos token.
      Parameters:
      kerberosTokenDecoder - the KerberosTokenDecoder instance used to extract a session key

    • validate

      public Credential validate(Credential credential, RequestData data) throws WSSecurityException
      Validate the credential argument. It must contain a non-null BinarySecurityToken.
      Specified by:
      validate in interface Validator
      Parameters:
      credential - the Credential to be validated
      data - the RequestData associated with the request
      Returns:
      a validated Credential
      Throws:
      WSSecurityException - on a failed validation

    • isUsernameServiceNameForm

      public boolean isUsernameServiceNameForm()
      SPN can be configured to be in either "hostbased" or "username" form.
      - "hostbased" - specifies that the service principal name should be interpreted as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service Name Form" - The service name, as it is specified in LDAP/AD, as it is listed in the KDC.
      - "username" - specifies that the service principal name should be interpreted as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form" � This is usually the client username in LDAP/AD used for authentication to the KDC.

      Default is "hostbased".
      Returns:
      the isUsernameServiceNameForm

    • setUsernameServiceNameForm

      public void setUsernameServiceNameForm(boolean isUsernameServiceNameForm)
      If true - sets the SPN form to "username"
      If false(default) - the SPN form is "hostbased"
      Parameters:
      isUsernameServiceNameForm - the isUsernameServiceNameForm to set
      See Also:

    • isSpnego

      public boolean isSpnego()

    • setSpnego

      public void setSpnego(boolean spnego)