-
- All Superinterfaces:
GSSContext
public interface ExtendedGSSContext extends GSSContext
The extended GSSContext interface for supporting additional functionalities not defined byorg.ietf.jgss.GSSContext, such as querying context-specific attributes.
-
-
Field Summary
-
Fields declared in interface org.ietf.jgss.GSSContext
DEFAULT_LIFETIME, INDEFINITE_LIFETIME
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description booleangetDelegPolicyState()Returns the delegation policy response.ObjectinquireSecContext(InquireType type)Return the mechanism-specific attribute associated withtype.voidrequestDelegPolicy(boolean state)Requests that the delegation policy be respected.-
Methods declared in interface org.ietf.jgss.GSSContext
acceptSecContext, acceptSecContext, dispose, export, getAnonymityState, getConfState, getCredDelegState, getDelegCred, getIntegState, getLifetime, getMech, getMIC, getMIC, getMutualAuthState, getReplayDetState, getSequenceDetState, getSrcName, getTargName, getWrapSizeLimit, initSecContext, initSecContext, isEstablished, isInitiator, isProtReady, isTransferable, requestAnonymity, requestConf, requestCredDeleg, requestInteg, requestLifetime, requestMutualAuth, requestReplayDet, requestSequenceDet, setChannelBinding, unwrap, unwrap, verifyMIC, verifyMIC, wrap, wrap
-
-
-
-
Method Detail
-
inquireSecContext
Object inquireSecContext(InquireType type) throws GSSException
Return the mechanism-specific attribute associated withtype.If there is a security manager, an
InquireSecContextPermissionwith the nametype.mechmust be granted. Otherwise, this could result in aSecurityException.Example:
GSSContext ctxt = m.createContext(...) // Establishing the context if (ctxt instanceof ExtendedGSSContext) { ExtendedGSSContext ex = (ExtendedGSSContext)ctxt; try { Key key = (key)ex.inquireSecContext( InquireType.KRB5_GET_SESSION_KEY); // read key info } catch (GSSException gsse) { // deal with exception } }- Parameters:
type- the type of the attribute requested- Returns:
- the attribute, see the method documentation for details.
- Throws:
GSSException- containing the following major error codes:GSSException.BAD_MECHif the mechanism does not support this method,GSSException.UNAVAILABLEif the type specified is not supported,GSSException.NO_CONTEXTif the security context is invalid,GSSException.FAILUREfor other unspecified failures.SecurityException- if a security manager exists and a properInquireSecContextPermissionis not granted.- See Also:
InquireSecContextPermission,InquireType
-
requestDelegPolicy
void requestDelegPolicy(boolean state) throws GSSExceptionRequests that the delegation policy be respected. When a true value is requested, the underlying context would use the delegation policy defined by the environment as a hint to determine whether credentials delegation should be performed. This request can only be made on the context initiator's side and it has to be done prior to the first call toinitSecContext.When this flag is false, delegation will only be tried when the
credentials delegation flagis true.When this flag is true but the
credentials delegation flagis false, delegation will be only tried if the delegation policy permits delegation.When both this flag and the
credentials delegation flagare true, delegation will be always tried. However, if the delegation policy does not permit delegation, the value ofgetDelegPolicyState()will be false, even if delegation is performed successfully.In any case, if the delegation is not successful, the value returned by
GSSContext.getCredDelegState()is false, and the value returned bygetDelegPolicyState()is also false.Not all mechanisms support delegation policy. Therefore, the application should check to see if the request was honored with the
getDelegPolicyStatemethod. When delegation policy is not supported,requestDelegPolicyshould return silently without throwing an exception.Note: for the Kerberos 5 mechanism, the delegation policy is expressed through the OK-AS-DELEGATE flag in the service ticket. When it's true, the KDC permits delegation to the target server. In a cross-realm environment, in order for delegation be permitted, all cross-realm TGTs on the authentication path must also have the OK-AS-DELAGATE flags set.
- Parameters:
state- true if the policy should be respected- Throws:
GSSException- containing the following major error codes:GSSException.FAILURE
-
getDelegPolicyState
boolean getDelegPolicyState()
Returns the delegation policy response. Called after a security context is established. This method can be only called on the initiator's side. SeerequestDelegPolicy(boolean).- Returns:
- the delegation policy response
-
-