Serializable
, Principal
public final class KerberosPrincipal extends Object implements Principal, Serializable
Modifier and Type | Field | Description |
---|---|---|
static final int |
KRB_NT_ENTERPRISE |
Enterprise name (alias) |
static final int |
KRB_NT_PRINCIPAL |
user principal name type. |
static final int |
KRB_NT_SRV_HST |
service with host name as instance (telnet, rcommands) name type. |
static final int |
KRB_NT_SRV_INST |
service and other unique instance (krbtgt) name type. |
static final int |
KRB_NT_SRV_XHST |
service with host as remaining components name type. |
static final int |
KRB_NT_UID |
unique ID name type. |
static final int |
KRB_NT_UNKNOWN |
unknown name type. |
Constructor | Description |
---|---|
KerberosPrincipal |
Constructs a KerberosPrincipal from the provided string input. |
KerberosPrincipal |
Constructs a KerberosPrincipal from the provided string and name type input. |
Modifier and Type | Method | Description |
---|---|---|
boolean |
equals |
Compares the specified object with this principal for equality. |
String |
getName() |
The returned string corresponds to the single-string representation of a Kerberos Principal name as specified in Section 2.1 of RFC 1964. |
int |
getNameType() |
Returns the name type of the KerberosPrincipal . |
String |
getRealm() |
Returns the realm component of this Kerberos principal. |
int |
hashCode() |
Returns a hash code for this KerberosPrincipal . |
String |
toString() |
Returns an informative textual representation of this KerberosPrincipal . |
public static final int KRB_NT_UNKNOWN
public static final int KRB_NT_PRINCIPAL
public static final int KRB_NT_SRV_INST
public static final int KRB_NT_SRV_HST
public static final int KRB_NT_SRV_XHST
public static final int KRB_NT_UID
public static final int KRB_NT_ENTERPRISE
public KerberosPrincipal(String name)
KerberosPrincipal
from the provided string input. The name type for this principal defaults to KRB_NT_PRINCIPAL
This string is assumed to contain a name in the format that is specified in Section 2.1.1. (Kerberos Principal Name Form) of RFC 1964 (for example, [email protected], where duke represents a principal, and FOO.COM represents a realm). If the input name does not contain a realm, the default realm is used. The default realm can be specified either in a Kerberos configuration file or via the java.security.krb5.realm
system property. For more information, see the Kerberos Requirements.
Note that when this class or any other Kerberos-related class is initially loaded and initialized, it may read and cache the default realm from the Kerberos configuration file or via the java.security.krb5.realm system property (the value will be empty if no default realm is specified), such that any subsequent calls to set or change the default realm by setting the java.security.krb5.realm system property may be ignored.
Additionally, if a security manager is installed, a ServicePermission
must be granted and the service principal of the permission must minimally be inside the KerberosPrincipal
's realm. For example, if the result of new KerberosPrincipal("user")
is [email protected]
, then a ServicePermission
with service principal host/[email protected]
(and any action) must be granted.
name
- the principal nameIllegalArgumentException
- if name is improperly formatted, if name is null, or if name does not contain the realm to use and the default realm is not specified in either a Kerberos configuration file or via the java.security.krb5.realm system property.SecurityException
- if a security manager is installed and name
does not contain the realm to use, and a proper ServicePermission
as described above is not granted.public KerberosPrincipal(String name, int nameType)
KerberosPrincipal
from the provided string and name type input. The string is assumed to contain a name in the format that is specified in Section 2.1 (Mandatory Name Forms) of RFC 1964. Valid name types are specified in Section 6.2 (Principal Names) of RFC 4120. The input name must be consistent with the provided name type. (for example, [email protected], is a valid input string for the name type, KRB_NT_PRINCIPAL where duke represents a principal, and FOO.COM represents a realm). If the input name does not contain a realm, the default realm is used. The default realm can be specified either in a Kerberos configuration file or via the java.security.krb5.realm
system property. For more information, see the Kerberos Requirements.
Note that when this class or any other Kerberos-related class is initially loaded and initialized, it may read and cache the default realm from the Kerberos configuration file or via the java.security.krb5.realm system property (the value will be empty if no default realm is specified), such that any subsequent calls to set or change the default realm by setting the java.security.krb5.realm system property may be ignored.
Additionally, if a security manager is installed, a ServicePermission
must be granted and the service principal of the permission must minimally be inside the KerberosPrincipal
's realm. For example, if the result of new KerberosPrincipal("user")
is [email protected]
, then a ServicePermission
with service principal host/[email protected]
(and any action) must be granted.
name
- the principal namenameType
- the name type of the principalIllegalArgumentException
- if name is improperly formatted, if name is null, if the nameType is not supported, or if name does not contain the realm to use and the default realm is not specified in either a Kerberos configuration file or via the java.security.krb5.realm system property.SecurityException
- if a security manager is installed and name
does not contain the realm to use, and a proper ServicePermission
as described above is not granted.public String getRealm()
public int hashCode()
KerberosPrincipal
. The hash code is defined to be the result of the following calculation:
hashCode = getName().hashCode();
public boolean equals(Object other)
KerberosPrincipal
and the two KerberosPrincipal
instances are equivalent. More formally two KerberosPrincipal
instances are equal if the values returned by getName()
are equal.public String getName()
public int getNameType()
KerberosPrincipal
. Valid name types are specified in Section 6.2 of RFC4120.public String toString()
KerberosPrincipal
.
© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/java.security.jgss/javax/security/auth/kerberos/KerberosPrincipal.html