Spec-Zone .ru
спецификации, руководства, описания, API
|
public interface GSSCredential extends Cloneable
Учетные данные инстанцируют, используя один из createCredential
методы в GSSManager
класс. Учетное создание GSS-API не предназначается, чтобы обеспечить "вход в систему для сетевой" функции, как таковой, функция включила бы создание новых учетных данных вместо того, чтобы просто получить дескриптор к существующим учетным данным. Раздел по учетному сбору в описании уровня пакета описывает, как существующие учетные данные получаются в платформе Java. Реализации GSS-API должны наложить локальную политику контроля доступа по вызывающим сторонам, чтобы препятствовать тому, чтобы несанкционированные вызывающие стороны получили учетные данные, на которые они не называются.
Приложения создадут учетную передачу объектов требуемые параметры. Приложение может тогда использовать методы запроса, чтобы получить определенную информацию об инстанцированном учетном объекте. Когда учетные данные больше не необходимы, приложение должно вызвать dispose
метод, чтобы высвободить любые средства, сохраненные учетными данными, возражает и уничтожать любого криптографически уязвимая информация.
Этот пример кода демонстрирует создание реализации GSSCredential для определенного объекта, запросов его полей, и его выпуска, когда это больше не необходимо:
GSSManager manager = GSSManager.getInstance(); // start by creating a name object for the entity GSSName name = manager.createName("myusername", GSSName.NT_USER_NAME); // now acquire credentials for the entity GSSCredential cred = manager.createCredential(name, GSSCredential.ACCEPT_ONLY); // display credential information - name, remaining lifetime, // and the mechanisms it has been acquired over System.out.println(cred.getName().toString()); System.out.println(cred.getRemainingLifetime()); Oid [] mechs = cred.getMechs(); if (mechs != null) { for (int i = 0; i < mechs.length; i++) System.out.println(mechs[i].toString()); } // release system resources held by the credential cred.dispose();
Modifier and Type | Field and Description |
---|---|
static int |
ACCEPT_ONLY
Credential usage flag requesting that it be usable
for context acceptance only.
|
static int |
DEFAULT_LIFETIME
A lifetime constant representing the default credential lifetime.
|
static int |
INDEFINITE_LIFETIME
A lifetime constant representing indefinite credential lifetime.
|
static int |
INITIATE_AND_ACCEPT
Credential usage flag requesting that it be usable
for both context initiation and acceptance.
|
static int |
INITIATE_ONLY
Credential usage flag requesting that it be usable
for context initiation only.
|
Modifier and Type | Method and Description |
---|---|
void |
add(GSSName name,
int initLifetime,
int acceptLifetime,
Oid mech,
int usage)
Adds a mechanism specific credential-element to an existing
credential.
|
void |
dispose()
Releases any sensitive information that the GSSCredential object may
be containing.
|
boolean |
equals(Object another)
Tests if this GSSCredential asserts the same entity as the supplied
object.
|
Oid[] |
getMechs()
Returns a list of mechanisms supported by this credential.
|
GSSName |
getName()
Retrieves the name of the entity that the credential asserts.
|
GSSName |
getName(Oid mech)
Retrieves a Mechanism Name of the entity that the credential
asserts.
|
int |
getRemainingAcceptLifetime(Oid mech)
Returns the lifetime in seconds for the credential to remain capable
of accepting security contexts using the specified mechanism.
|
int |
getRemainingInitLifetime(Oid mech)
Returns the lifetime in seconds for the credential to remain capable
of initiating security contexts using the specified mechanism.
|
int |
getRemainingLifetime()
Returns the remaining lifetime in seconds for a credential.
|
int |
getUsage()
Returns the credential usage mode.
|
int |
getUsage(Oid mech)
Returns the credential usage mode for a specific mechanism.
|
int |
hashCode()
Returns a hashcode value for this GSSCredential.
|
static final int INITIATE_AND_ACCEPT
static final int INITIATE_ONLY
static final int ACCEPT_ONLY
static final int DEFAULT_LIFETIME
static final int INDEFINITE_LIFETIME
Integer.MAX_VALUE
.void dispose() throws GSSException
GSSException
- containing the following
major error codes:
GSSException.FAILURE
GSSName getName() throws GSSException
GSSException
- containing the following
major error codes:
GSSException.FAILURE
GSSName getName(Oid mech) throws GSSException
canonicalize
on the value returned by
the other form of getName
.mech
- the Oid of the mechanism for which the Mechanism Name
should be returned.GSSException
- containing the following
major error codes:
GSSException.BAD_MECH
,
GSSException.FAILURE
int getRemainingLifetime() throws GSSException
INDEFINITE_LIFETIME
indicates that the credential does
not expire. A return value of 0 indicates that the credential is
already expired.GSSException
- containing the following
major error codes:
GSSException.FAILURE
getRemainingInitLifetime(Oid)
,
getRemainingAcceptLifetime(Oid)
int getRemainingInitLifetime(Oid mech) throws GSSException
mech
- the Oid of the mechanism whose intiator credential element
should be queried.INDEFINITE_LIFETIME
indicates that the credential element does not
expire. A return value of 0 indicates that the credential element is
already expired.GSSException
- containing the following
major error codes:
GSSException.BAD_MECH
,
GSSException.FAILURE
int getRemainingAcceptLifetime(Oid mech) throws GSSException
mech
- the Oid of the mechanism whose acceptor credential element
should be queried.INDEFINITE_LIFETIME
indicates that the credential element does not
expire. A return value of 0 indicates that the credential element is
already expired.GSSException
- containing the following
major error codes:
GSSException.BAD_MECH
,
GSSException.FAILURE
int getUsage() throws GSSException
INITIATE_ONLY
, ACCEPT_ONLY
, and INITIATE_AND_ACCEPT
.GSSException
- containing the following
major error codes:
GSSException.FAILURE
int getUsage(Oid mech) throws GSSException
mech
- the Oid of the mechanism whose credentials usage mode is
to be determined.INITIATE_ONLY
, ACCEPT_ONLY
, and INITIATE_AND_ACCEPT
.GSSException
- containing the following
major error codes:
GSSException.BAD_MECH
,
GSSException.FAILURE
Oid[] getMechs() throws GSSException
getUsage
method with
each of the returned Oid's to determine the possible modes of
usage.GSSException
- containing the following
major error codes:
GSSException.FAILURE
void add(GSSName name, int initLifetime, int acceptLifetime, Oid mech, int usage) throws GSSException
This routine is envisioned to be used mainly by context acceptors during the creation of acceptor credentials which are to be used with a variety of clients using different security mechanisms.
This routine adds the new credential element "in-place". To add the
element in a new credential, first call clone
to obtain a
copy of this credential, then call its add
method.
As always, GSS-API implementations must impose a local access-control
policy on callers to prevent unauthorized callers from acquiring
credentials to which they are not entitled.
Non-default values for initLifetime and acceptLifetime cannot always
be honored by the underlying mechanisms, thus callers should be
prepared to call getRemainingInitLifetime
and getRemainingAcceptLifetime
on the credential.
name
- the name of the principal for whom this credential is to
be acquired. Use null
to specify the default
principal.initLifetime
- the number of seconds that the credential element
should remain valid for initiating of security contexts. Use GSSCredential.INDEFINITE_LIFETIME
to request that the credentials have the maximum permitted lifetime
for this. Use GSSCredential.DEFAULT_LIFETIME
to request default credential lifetime
for this.acceptLifetime
- the number of seconds that the credential
element should remain valid for accepting security contexts. Use GSSCredential.INDEFINITE_LIFETIME
to request that the credentials have the maximum permitted lifetime
for this. Use GSSCredential.DEFAULT_LIFETIME
to request default credential lifetime
for this.mech
- the mechanism over which the credential is to be acquired.usage
- the usage mode that this credential
element should add to the credential. The value
of this parameter must be one of:
INITIATE_AND_ACCEPT
,
ACCEPT_ONLY
, and
INITIATE_ONLY
.GSSException
- containing the following
major error codes:
GSSException.DUPLICATE_ELEMENT
,
GSSException.BAD_MECH
,
GSSException.BAD_NAMETYPE
,
GSSException.NO_CRED
,
GSSException.CREDENTIALS_EXPIRED
,
GSSException.FAILURE
boolean equals(Object another)
equals
in class Object
another
- another GSSCredential for comparison to this onetrue
if the two GSSCredentials assert the same
entity; false
otherwise.Object.hashCode()
,
HashMap
int hashCode()
hashCode
in class Object
Object.equals(java.lang.Object)
,
System.identityHashCode(java.lang.Object)
For further API reference and developer documentation, see
Copyright © 1993, 2011, Oracle and/or its affiliates. All rights reserved.