GSSContext
public interface ExtendedGSSContext extends GSSContext
org.ietf.jgss.GSSContext
, such as querying context-specific attributes.DEFAULT_LIFETIME, INDEFINITE_LIFETIME
Modifier and Type | Method | Description |
---|---|---|
boolean |
getDelegPolicyState() |
Returns the delegation policy response. |
Object |
inquireSecContext |
Return the mechanism-specific attribute associated with type . |
void |
requestDelegPolicy |
Requests that the delegation policy be respected. |
acceptSecContext, acceptSecContext, dispose, export, getAnonymityState, getConfState, getCredDelegState, getDelegCred, getIntegState, getLifetime, getMech, getMIC, getMIC, getMutualAuthState, getReplayDetState, getSequenceDetState, getSrcName, getTargName, getWrapSizeLimit, initSecContext, initSecContext, isEstablished, isInitiator, isProtReady, isTransferable, requestAnonymity, requestConf, requestCredDeleg, requestInteg, requestLifetime, requestMutualAuth, requestReplayDet, requestSequenceDet, setChannelBinding, unwrap, unwrap, verifyMIC, verifyMIC, wrap, wrap
Object inquireSecContext(InquireType type) throws GSSException
type
. If there is a security manager, an InquireSecContextPermission
with the name type.mech
must be granted. Otherwise, this could result in a SecurityException
.
Example:
GSSContext ctxt = m.createContext(...) // Establishing the context if (ctxt instanceof ExtendedGSSContext) { ExtendedGSSContext ex = (ExtendedGSSContext)ctxt; try { Key key = (key)ex.inquireSecContext( InquireType.KRB5_GET_SESSION_KEY); // read key info } catch (GSSException gsse) { // deal with exception } }
type
- the type of the attribute requestedGSSException
- containing the following major error codes: GSSException.BAD_MECH
if the mechanism does not support this method, GSSException.UNAVAILABLE
if the type specified is not supported, GSSException.NO_CONTEXT
if the security context is invalid, GSSException.FAILURE
for other unspecified failures.SecurityException
- if a security manager exists and a proper InquireSecContextPermission
is not granted.void requestDelegPolicy(boolean state) throws GSSException
initSecContext
. When this flag is false, delegation will only be tried when the credentials delegation flag
is true.
When this flag is true but the credentials delegation flag
is false, delegation will be only tried if the delegation policy permits delegation.
When both this flag and the credentials delegation flag
are true, delegation will be always tried. However, if the delegation policy does not permit delegation, the value of getDelegPolicyState()
will be false, even if delegation is performed successfully.
In any case, if the delegation is not successful, the value returned by GSSContext.getCredDelegState()
is false, and the value returned by getDelegPolicyState()
is also false.
Not all mechanisms support delegation policy. Therefore, the application should check to see if the request was honored with the getDelegPolicyState
method. When delegation policy is not supported, requestDelegPolicy
should return silently without throwing an exception.
Note: for the Kerberos 5 mechanism, the delegation policy is expressed through the OK-AS-DELEGATE flag in the service ticket. When it's true, the KDC permits delegation to the target server. In a cross-realm environment, in order for delegation be permitted, all cross-realm TGTs on the authentication path must also have the OK-AS-DELAGATE flags set.
state
- true if the policy should be respectedGSSException
- containing the following major error codes: GSSException.FAILURE
boolean getDelegPolicyState()
requestDelegPolicy(boolean)
.
© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/jdk.security.jgss/com/sun/security/jgss/ExtendedGSSContext.html