Package com.unboundid.ldap.sdk
Class GSSAPIBindRequestProperties
- java.lang.Object
-
- com.unboundid.ldap.sdk.GSSAPIBindRequestProperties
-
- All Implemented Interfaces:
java.io.Serializable
@Mutable @ThreadSafety(level=NOT_THREADSAFE) public final class GSSAPIBindRequestProperties extends java.lang.Object implements java.io.Serializable
This class provides a data structure that may be used to hold a number of properties that may be used during processing for a SASL GSSAPI bind operation.- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description GSSAPIBindRequestProperties(java.lang.String authenticationID, byte[] password)
Creates a new set of GSSAPI bind request properties with the provided information.GSSAPIBindRequestProperties(java.lang.String authenticationID, java.lang.String password)
Creates a new set of GSSAPI bind request properties with the provided information.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
enableGSSAPIDebugging()
Indicates whether JVM-level debugging should be enabled for GSSAPI bind processing.java.util.List<SASLQualityOfProtection>
getAllowedQoP()
Retrieves the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.java.lang.String
getAuthenticationID()
Retrieves the authentication ID for the GSSAPI bind request, if defined.java.lang.String
getAuthorizationID()
Retrieves the authorization ID for the GSSAPI bind request, if defined.java.lang.String
getConfigFilePath()
Retrieves the path to a JAAS configuration file that should be used when processing the GSSAPI bind request, if defined.java.lang.Boolean
getIsInitiator()
Indicates whether the client should be configured so that it explicitly indicates whether it is the initiator or the acceptor.java.lang.String
getJAASClientName()
Retrieves the name that will be used to identify this client in the JAAS framework.java.lang.String
getKDCAddress()
Retrieves the address to use for the Kerberos key distribution center, if defined.java.lang.String
getKeyTabPath()
Retrieves the path to the keytab file from which to obtain the user credentials.ASN1OctetString
getPassword()
Retrieves the password that should be used for the GSSAPI bind request, if defined.java.lang.String
getRealm()
Retrieves the realm to use for the GSSAPI bind request, if defined.java.lang.String
getSASLClientServerName()
Retrieves the server name that should be used when creating the JavaSaslClient
, if one is defined.java.lang.String
getServicePrincipalProtocol()
Retrieves the protocol specified in the service principal that the directory server uses for its communication with the KDC.java.util.Set<java.lang.String>
getSuppressedSystemProperties()
Retrieves a set of system properties that will not be altered by GSSAPI processing.java.lang.String
getTicketCachePath()
Retrieves the path to the Kerberos ticket cache file that should be used during authentication, if defined.boolean
refreshKrb5Config()
Indicates whether to refresh the configuration before the JAASlogin
method is called.boolean
renewTGT()
Indicates whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.boolean
requireCachedCredentials()
Indicates whether GSSAPI authentication should only occur using an existing Kerberos session.void
setAllowedQoP(SASLQualityOfProtection... allowedQoP)
Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.void
setAllowedQoP(java.util.List<SASLQualityOfProtection> allowedQoP)
Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.void
setAuthenticationID(java.lang.String authenticationID)
Sets the authentication ID for the GSSAPI bind request.void
setAuthorizationID(java.lang.String authorizationID)
Specifies the authorization ID for the GSSAPI bind request.void
setConfigFilePath(java.lang.String configFilePath)
Specifies the path to a JAAS configuration file that should be used when processing the GSSAPI bind request.void
setEnableGSSAPIDebugging(boolean enableGSSAPIDebugging)
Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing.void
setIsInitiator(java.lang.Boolean isInitiator)
Specifies whether the client should explicitly indicate whether it is the GSSAPI initiator or acceptor.void
setJAASClientName(java.lang.String jaasClientName)
Specifies the name that will be used to identify this client in the JAAS framework.void
setKDCAddress(java.lang.String kdcAddress)
Specifies the address to use for the Kerberos key distribution center.void
setKeyTabPath(java.lang.String keyTabPath)
Specifies the path to the keytab file from which to obtain the user credentials.void
setPassword(byte[] password)
Specifies the password that should be used for the GSSAPI bind request.void
setPassword(ASN1OctetString password)
Specifies the password that should be used for the GSSAPI bind request.void
setPassword(java.lang.String password)
Specifies the password that should be used for the GSSAPI bind request.void
setRealm(java.lang.String realm)
Specifies the realm to use for the GSSAPI bind request.void
setRefreshKrb5Config(boolean refreshKrb5Config)
Specifies whether to refresh the configuration before the JAASlogin
method is called.void
setRenewTGT(boolean renewTGT)
Specifies whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.void
setRequireCachedCredentials(boolean requireCachedCredentials)
Specifies whether an GSSAPI authentication should only occur using an existing Kerberos session.void
setSASLClientServerName(java.lang.String saslClientServerName)
Specifies the server name that should be used when creating the JavaSaslClient
.void
setServicePrincipalProtocol(java.lang.String servicePrincipalProtocol)
Specifies the protocol specified in the service principal that the directory server uses for its communication with the KDC.void
setSuppressedSystemProperties(java.util.Collection<java.lang.String> suppressedSystemProperties)
Specifies a set of system properties that will not be altered by GSSAPI processing.void
setTicketCachePath(java.lang.String ticketCachePath)
Specifies the path to the Kerberos ticket cache file that should be used during authentication.void
setUseKeyTab(boolean useKeyTab)
Specifies whether to use a keytab to obtain the user credentials.void
setUseSubjectCredentialsOnly(boolean useSubjectCredentialsOnly)
Specifies whether to allow the client to use credentials that are outside the current subject.void
setUseTicketCache(boolean useTicketCache)
Specifies whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.java.lang.String
toString()
Retrieves a string representation of the GSSAPI bind request properties.void
toString(java.lang.StringBuilder buffer)
Appends a string representation of the GSSAPI bind request properties to the provided buffer.boolean
useKeyTab()
Indicates whether to use a keytab to obtain the user credentials.boolean
useSubjectCredentialsOnly()
Indicates whether to allow the client to use credentials that are outside of the current subject, obtained via some system-specific mechanism.boolean
useTicketCache()
Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.
-
-
-
Constructor Detail
-
GSSAPIBindRequestProperties
public GSSAPIBindRequestProperties(java.lang.String authenticationID, java.lang.String password)
Creates a new set of GSSAPI bind request properties with the provided information.- Parameters:
authenticationID
- The authentication ID for the GSSAPI bind request. It may benull
if an existing Kerberos session should be used.password
- The password for the GSSAPI bind request. It may benull
if an existing Kerberos session should be used.
-
GSSAPIBindRequestProperties
public GSSAPIBindRequestProperties(java.lang.String authenticationID, byte[] password)
Creates a new set of GSSAPI bind request properties with the provided information.- Parameters:
authenticationID
- The authentication ID for the GSSAPI bind request. It may benull
if an existing Kerberos session should be used.password
- The password for the GSSAPI bind request. It may benull
if an existing Kerberos session should be used.
-
-
Method Detail
-
getAuthenticationID
public java.lang.String getAuthenticationID()
Retrieves the authentication ID for the GSSAPI bind request, if defined.- Returns:
- The authentication ID for the GSSAPI bind request, or
null
if an existing Kerberos session should be used.
-
setAuthenticationID
public void setAuthenticationID(java.lang.String authenticationID)
Sets the authentication ID for the GSSAPI bind request.- Parameters:
authenticationID
- The authentication ID for the GSSAPI bind request. It may benull
if an existing Kerberos session should be used.
-
getAuthorizationID
public java.lang.String getAuthorizationID()
Retrieves the authorization ID for the GSSAPI bind request, if defined.- Returns:
- The authorizationID for the GSSAPI bind request, or
null
if the authorization ID should be the same as the authentication ID.
-
setAuthorizationID
public void setAuthorizationID(java.lang.String authorizationID)
Specifies the authorization ID for the GSSAPI bind request.- Parameters:
authorizationID
- The authorization ID for the GSSAPI bind request. It may benull
if the authorization ID should be the same as the authentication ID.
-
getPassword
public ASN1OctetString getPassword()
Retrieves the password that should be used for the GSSAPI bind request, if defined.- Returns:
- The password that should be used for the GSSAPI bind request, or
null
if an existing Kerberos session should be used.
-
setPassword
public void setPassword(java.lang.String password)
Specifies the password that should be used for the GSSAPI bind request.- Parameters:
password
- The password that should be used for the GSSAPI bind request. It may benull
if an existing Kerberos session should be used.
-
setPassword
public void setPassword(byte[] password)
Specifies the password that should be used for the GSSAPI bind request.- Parameters:
password
- The password that should be used for the GSSAPI bind request. It may benull
if an existing Kerberos session should be used.
-
setPassword
public void setPassword(ASN1OctetString password)
Specifies the password that should be used for the GSSAPI bind request.- Parameters:
password
- The password that should be used for the GSSAPI bind request. It may benull
if an existing Kerberos session should be used.
-
getRealm
public java.lang.String getRealm()
Retrieves the realm to use for the GSSAPI bind request, if defined.- Returns:
- The realm to use for the GSSAPI bind request, or
null
if the request should attempt to use the default realm from the system configuration.
-
setRealm
public void setRealm(java.lang.String realm)
Specifies the realm to use for the GSSAPI bind request.- Parameters:
realm
- The realm to use for the GSSAPI bind request. It may benull
if the request should attempt to use the default realm from the system configuration.
-
getAllowedQoP
public java.util.List<SASLQualityOfProtection> getAllowedQoP()
Retrieves the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.- Returns:
- The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
-
setAllowedQoP
public void setAllowedQoP(java.util.List<SASLQualityOfProtection> allowedQoP)
Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.- Parameters:
allowedQoP
- The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred. If this isnull
or empty, then a list containing only theSASLQualityOfProtection.AUTH
quality of protection value will be used.
-
setAllowedQoP
public void setAllowedQoP(SASLQualityOfProtection... allowedQoP)
Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.- Parameters:
allowedQoP
- The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred. If this isnull
or empty, then a list containing only theSASLQualityOfProtection.AUTH
quality of protection value will be used.
-
getKDCAddress
public java.lang.String getKDCAddress()
Retrieves the address to use for the Kerberos key distribution center, if defined.- Returns:
- The address to use for the Kerberos key distribution center, or
null
if request should attempt to determine the KDC address from the system configuration.
-
setKDCAddress
public void setKDCAddress(java.lang.String kdcAddress)
Specifies the address to use for the Kerberos key distribution center.- Parameters:
kdcAddress
- The address to use for the Kerberos key distribution center. It may benull
if the request should attempt to determine the KDC address from the system configuration.
-
getJAASClientName
public java.lang.String getJAASClientName()
Retrieves the name that will be used to identify this client in the JAAS framework.- Returns:
- The name that will be used to identify this client in the JAAS framework.
-
setJAASClientName
public void setJAASClientName(java.lang.String jaasClientName)
Specifies the name that will be used to identify this client in the JAAS framework.- Parameters:
jaasClientName
- The name that will be used to identify this client in the JAAS framework. It must not benull
or empty.
-
getConfigFilePath
public java.lang.String getConfigFilePath()
Retrieves the path to a JAAS configuration file that should be used when processing the GSSAPI bind request, if defined.- Returns:
- The path to a JAAS configuration file that should be used when
processing the GSSAPI bind request, or
null
if a JAAS configuration file should be automatically constructed for the bind request.
-
setConfigFilePath
public void setConfigFilePath(java.lang.String configFilePath)
Specifies the path to a JAAS configuration file that should be used when processing the GSSAPI bind request.- Parameters:
configFilePath
- The path to a JAAS configuration file that should be used when processing the GSSAPI bind request. It may benull
if a configuration file should be automatically constructed for the bind request.
-
getSASLClientServerName
public java.lang.String getSASLClientServerName()
Retrieves the server name that should be used when creating the JavaSaslClient
, if one is defined.- Returns:
- The server name that should be used when creating the Java
SaslClient
, ornull
if none is defined and theSaslClient
should use the address specified when establishing the connection.
-
setSASLClientServerName
public void setSASLClientServerName(java.lang.String saslClientServerName)
Specifies the server name that should be used when creating the JavaSaslClient
.- Parameters:
saslClientServerName
- The server name that should be used when creating the JavaSaslClient
. It may benull
to indicate that theSaslClient
should use the address specified when establishing the connection.
-
getServicePrincipalProtocol
public java.lang.String getServicePrincipalProtocol()
Retrieves the protocol specified in the service principal that the directory server uses for its communication with the KDC. The service principal is usually something like "ldap/directory.example.com", where "ldap" is the protocol and "directory.example.com" is the fully-qualified address of the directory server system, but some servers may allow authentication with a service principal with a protocol other than "ldap".- Returns:
- The protocol specified in the service principal that the directory server uses for its communication with the KDC.
-
setServicePrincipalProtocol
public void setServicePrincipalProtocol(java.lang.String servicePrincipalProtocol)
Specifies the protocol specified in the service principal that the directory server uses for its communication with the KDC. This should generally be "ldap", but some servers may allow a service principal with a protocol other than "ldap".- Parameters:
servicePrincipalProtocol
- The protocol specified in the service principal that the directory server uses for its communication with the KDC.
-
refreshKrb5Config
public boolean refreshKrb5Config()
Indicates whether to refresh the configuration before the JAASlogin
method is called.- Returns:
true
if the GSSAPI implementation should refresh the configuration before the JAASlogin
method is called, orfalse
if not.
-
setRefreshKrb5Config
public void setRefreshKrb5Config(boolean refreshKrb5Config)
Specifies whether to refresh the configuration before the JAASlogin
method is called.- Parameters:
refreshKrb5Config
- Indicates whether to refresh the configuration before the JAASlogin
method is called.
-
useSubjectCredentialsOnly
public boolean useSubjectCredentialsOnly()
Indicates whether to allow the client to use credentials that are outside of the current subject, obtained via some system-specific mechanism.- Returns:
true
if the client will only be allowed to use credentials that are within the current subject, orfalse
if the client will be allowed to use credentials outside the current subject.
-
setUseSubjectCredentialsOnly
public void setUseSubjectCredentialsOnly(boolean useSubjectCredentialsOnly)
Specifies whether to allow the client to use credentials that are outside the current subject. If this isfalse
, then a system-specific mechanism may be used in an attempt to obtain credentials from an existing session.- Parameters:
useSubjectCredentialsOnly
- Indicates whether to allow the client to use credentials that are outside of the current subject.
-
useKeyTab
public boolean useKeyTab()
Indicates whether to use a keytab to obtain the user credentials.- Returns:
true
if the GSSAPI login attempt should use a keytab to obtain the user credentials, orfalse
if not.
-
setUseKeyTab
public void setUseKeyTab(boolean useKeyTab)
Specifies whether to use a keytab to obtain the user credentials.- Parameters:
useKeyTab
- Indicates whether to use a keytab to obtain the user credentials.
-
getKeyTabPath
public java.lang.String getKeyTabPath()
Retrieves the path to the keytab file from which to obtain the user credentials. This will only be used ifuseKeyTab
returnstrue
.- Returns:
- The path to the keytab file from which to obtain the user
credentials, or
null
if the default keytab location should be used.
-
setKeyTabPath
public void setKeyTabPath(java.lang.String keyTabPath)
Specifies the path to the keytab file from which to obtain the user credentials.- Parameters:
keyTabPath
- The path to the keytab file from which to obtain the user credentials. It may benull
if the default keytab location should be used.
-
useTicketCache
public boolean useTicketCache()
Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.- Returns:
true
if a ticket cache may be used to take advantage of an existing Kerberos session, orfalse
if Kerberos credentials should always be provided.
-
setUseTicketCache
public void setUseTicketCache(boolean useTicketCache)
Specifies whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.- Parameters:
useTicketCache
- Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.
-
requireCachedCredentials
public boolean requireCachedCredentials()
Indicates whether GSSAPI authentication should only occur using an existing Kerberos session.- Returns:
true
if GSSAPI authentication should only use an existing Kerberos session and should fail if the client does not have an existing session, orfalse
if the client will be allowed to create a new session if one does not already exist.
-
setRequireCachedCredentials
public void setRequireCachedCredentials(boolean requireCachedCredentials)
Specifies whether an GSSAPI authentication should only occur using an existing Kerberos session.- Parameters:
requireCachedCredentials
- Indicates whether an existing Kerberos session will be required for authentication. Iftrue
, then authentication will fail if the client does not already have an existing Kerberos session. This will be ignored ifuseTicketCache
is false.
-
getTicketCachePath
public java.lang.String getTicketCachePath()
Retrieves the path to the Kerberos ticket cache file that should be used during authentication, if defined.- Returns:
- The path to the Kerberos ticket cache file that should be used
during authentication, or
null
if the default ticket cache file should be used.
-
setTicketCachePath
public void setTicketCachePath(java.lang.String ticketCachePath)
Specifies the path to the Kerberos ticket cache file that should be used during authentication.- Parameters:
ticketCachePath
- The path to the Kerberos ticket cache file that should be used during authentication. It may benull
if the default ticket cache file should be used.
-
renewTGT
public boolean renewTGT()
Indicates whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.- Returns:
true
if the client should attempt to renew its ticket-granting ticket if the authentication is processed using an existing Kerberos session, orfalse
if not.
-
setRenewTGT
public void setRenewTGT(boolean renewTGT)
Specifies whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.- Parameters:
renewTGT
- Indicates whether to attempt to renew the client's ticket-granting ticket if an existing Kerberos session is used to authenticate.
-
getIsInitiator
public java.lang.Boolean getIsInitiator()
Indicates whether the client should be configured so that it explicitly indicates whether it is the initiator or the acceptor.- Returns:
Boolean.TRUE
if the client should explicitly indicate that it is the GSSAPI initiator,Boolean.FALSE
if the client should explicitly indicate that it is the GSSAPI acceptor, ornull
if the client should not explicitly indicate either state (which is the default if thesetIsInitiator(java.lang.Boolean)
method has not been called).
-
setIsInitiator
public void setIsInitiator(java.lang.Boolean isInitiator)
Specifies whether the client should explicitly indicate whether it is the GSSAPI initiator or acceptor.- Parameters:
isInitiator
- Indicates whether the client should be considered the GSSAPI initiator. A value ofBoolean.TRUE
means the client should explicitly indicate that it is the GSSAPI initiator. A value ofBoolean.FALSE
means the client should explicitly indicate that it is the GSSAPI acceptor. A value ofnull
means that the client will not explicitly indicate one way or the other (although this behavior will only apply to Sun/Oracle-based implementations; on the IBM implementation, the client will always be the initiator unless explicitly configured otherwise).
-
getSuppressedSystemProperties
public java.util.Set<java.lang.String> getSuppressedSystemProperties()
Retrieves a set of system properties that will not be altered by GSSAPI processing.- Returns:
- A set of system properties that will not be altered by GSSAPI processing.
-
setSuppressedSystemProperties
public void setSuppressedSystemProperties(java.util.Collection<java.lang.String> suppressedSystemProperties)
Specifies a set of system properties that will not be altered by GSSAPI processing. This should generally only be used in cases in which the specified system properties are known to already be set correctly for the desired authentication processing.- Parameters:
suppressedSystemProperties
- A set of system properties that will not be altered by GSSAPI processing. It may benull
or empty to indicate that no properties should be suppressed.
-
enableGSSAPIDebugging
public boolean enableGSSAPIDebugging()
Indicates whether JVM-level debugging should be enabled for GSSAPI bind processing. If this is enabled, then debug information may be written to standard error when performing GSSAPI processing that could be useful for debugging authentication problems.- Returns:
true
if JVM-level debugging should be enabled for GSSAPI bind processing, orfalse
if not.
-
setEnableGSSAPIDebugging
public void setEnableGSSAPIDebugging(boolean enableGSSAPIDebugging)
Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing. If this is enabled, then debug information may be written to standard error when performing GSSAPI processing that could be useful for debugging authentication problems.- Parameters:
enableGSSAPIDebugging
- Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing.
-
toString
public java.lang.String toString()
Retrieves a string representation of the GSSAPI bind request properties.- Overrides:
toString
in classjava.lang.Object
- Returns:
- A string representation of the GSSAPI bind request properties.
-
toString
public void toString(java.lang.StringBuilder buffer)
Appends a string representation of the GSSAPI bind request properties to the provided buffer.- Parameters:
buffer
- The buffer to which the information should be appended.
-
-