kv-4.0.9.src.oracle.kv.KerberosCredentials Maven / Gradle / Ivy
Show all versions of oracle-nosql-client Show documentation
/*-
*
* This file is part of Oracle NoSQL Database
* Copyright (C) 2011, 2016 Oracle and/or its affiliates. All rights reserved.
*
* If you have received this file as part of Oracle NoSQL Database the
* following applies to the work as a whole:
*
* Oracle NoSQL Database server software is free software: you can
* redistribute it and/or modify it under the terms of the GNU Affero
* General Public License as published by the Free Software Foundation,
* version 3.
*
* Oracle NoSQL Database is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Affero General Public License for more details.
*
* If you have received this file as part of Oracle NoSQL Database Client or
* distributed separately the following applies:
*
* Oracle NoSQL Database client software is free software: you can
* redistribute it and/or modify it under the terms of the Apache License
* as published by the Apache Software Foundation, version 2.0.
*
* You should have received a copy of the GNU Affero General Public License
* and/or the Apache License in the LICENSE file along with Oracle NoSQL
* Database client or server distribution. If not, see
* .
*
* An active Oracle commercial licensing agreement for this product supersedes
* these licenses and in such case the license notices, but not the copyright
* notice, may be removed by you in connection with your distribution that is
* in accordance with the commercial licensing terms.
*
* For more information please contact:
*
* [email protected]
*
*/
package oracle.kv;
import static oracle.kv.KVSecurityConstants.AUTH_EXT_MECH_PROPERTY;
import static oracle.kv.KVSecurityConstants.AUTH_USERNAME_PROPERTY;
import static oracle.kv.KVSecurityConstants.KRB_MECH_NAME;
import java.io.Serializable;
import java.util.Properties;
import javax.security.auth.Subject;
/**
* Login credentials for Kerberos authentication.
*
* This class provides a way for an application to authenticate as a particular
* Kerberos user when accessing a KVStore instance.
*
* There are two approaches that client applications can use to authenticate
* using Kerberos. Client applications that use the
* Java Authentication and Authorization Service (JAAS) programming
* framework can specify credentials by using the {@link Subject#doAs} method.
*
* Applications that do not use the JAAS framework can use this class to specify
* a Kerberos identity. The credentials of the specified user will be acquired
* from the Kerberos Key Distribution Center (KDC) based on the values
* specified for the KerberosCredentials instance.
*
* @since 3.5
*/
public class KerberosCredentials implements LoginCredentials, Serializable {
private static final long serialVersionUID = 1L;
/* User principal name */
private final String username;
/* Kerberos login properties */
private Properties krbProperties;
/**
* Creates Kerberos user credentials. The properties passed in are used to
* retrieve the Kerberos credentials of the specified user from the
* Kerberos Key Distribution Center (KDC).
*
* If, as recommended, each server host uses a different principal name
* that includes an individual instance name, the {@link
* KVSecurityConstants#AUTH_KRB_SERVICES_PROPERTY} should specify the
* mappings of server hostnames to Kerberos service principal names.
* Users may need to provide Kerberos login properties so that underlying
* authentication system can retrieve credentials from KDC. The properties
* currently supported:
*
*
* - {@link KVSecurityConstants#AUTH_KRB_CCACHE_PROPERTY}
*
- {@link KVSecurityConstants#AUTH_KRB_KEYTAB_PROPERTY}
*
- {@link KVSecurityConstants#AUTH_KRB_MUTUAL_PROPERTY}
*
*
*
*
When multiple properties are set, for example,
* {@link KVSecurityConstants#AUTH_KRB_CCACHE_PROPERTY} and
* {@link KVSecurityConstants#AUTH_KRB_KEYTAB_PROPERTY},
* the underlying login service will retrieve credentials of this user in
* following preference order:
*
* - credentials cache
*
- keytab
*
* Without setting credential cache and keytab property, this method will
* attempt to retrieve ticket or key from default credential cache or
* keytab.
* @param username the name of the user
* @param krbProperties the Kerberos login properties
*/
public KerberosCredentials(String username, Properties krbProperties)
throws IllegalArgumentException {
if (username == null) {
throw new IllegalArgumentException(
"The username argument must not be null");
}
if (krbProperties == null) {
throw new IllegalArgumentException(
"The krbProperties argument must not be null");
}
this.username = username;
this.krbProperties = krbProperties;
this.krbProperties.setProperty(AUTH_USERNAME_PROPERTY, username);
this.krbProperties.setProperty(AUTH_EXT_MECH_PROPERTY, KRB_MECH_NAME);
}
/**
* @see LoginCredentials#getUsername()
*/
@Override
public String getUsername() {
return username;
}
/**
* Returns the Kerberos login properties. These properties are used to get
* credentials from the Kerberos Key Distribution Center (KDC).
*
* @return the Kerberos login properties
*/
public Properties getKrbProperties() {
return krbProperties;
}
}