Class KerberosCredentials
- java.lang.Object
-
- oracle.kv.KerberosCredentials
-
- All Implemented Interfaces:
Serializable
,oracle.kv.impl.util.FastExternalizable
,LoginCredentials
public class KerberosCredentials extends Object implements LoginCredentials, Serializable
Login credentials for Kerberos authentication.This class provides a way for an application to authenticate as a particular Kerberos user when accessing a KVStore instance.
There are two approaches that client applications can use to authenticate using Kerberos. Client applications that use the Java Authentication and Authorization Service (JAAS) programming framework can specify credentials by using the
Subject.doAs(javax.security.auth.Subject, java.security.PrivilegedAction<T>)
method.Applications that do not use the JAAS framework can use this class to specify a Kerberos identity. The credentials of the specified user will be acquired from the Kerberos Key Distribution Center (KDC) based on the values specified for the KerberosCredentials instance.
- Since:
- 3.5
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description KerberosCredentials(String username, Properties krbProperties)
Creates Kerberos user credentials.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Properties
getKrbProperties()
Returns the Kerberos login properties.String
getUsername()
Identifies the user owning the credentials.
-
-
-
Constructor Detail
-
KerberosCredentials
public KerberosCredentials(String username, Properties krbProperties) throws IllegalArgumentException
Creates Kerberos user credentials. The properties passed in are used to retrieve the Kerberos credentials of the specified user from the Kerberos Key Distribution Center (KDC).If, as recommended, each server host uses a different principal name that includes an individual instance name, the
KVSecurityConstants.AUTH_KRB_SERVICES_PROPERTY
should specify the mappings of server hostnames to Kerberos service principal names. Users may need to provide Kerberos login properties so that underlying authentication system can retrieve credentials from KDC. The properties currently supported:KVSecurityConstants.AUTH_KRB_CCACHE_PROPERTY
KVSecurityConstants.AUTH_KRB_KEYTAB_PROPERTY
KVSecurityConstants.AUTH_KRB_MUTUAL_PROPERTY
When multiple properties are set, for example,
KVSecurityConstants.AUTH_KRB_CCACHE_PROPERTY
andKVSecurityConstants.AUTH_KRB_KEYTAB_PROPERTY
, the underlying login service will retrieve credentials of this user in following preference order:- credentials cache
- keytab
- Parameters:
username
- the name of the userkrbProperties
- the Kerberos login properties- Throws:
IllegalArgumentException
-
-
Method Detail
-
getUsername
public String getUsername()
Description copied from interface:LoginCredentials
Identifies the user owning the credentials.- Specified by:
getUsername
in interfaceLoginCredentials
- Returns:
- the name of the user for which the credentials belong.
- See Also:
LoginCredentials.getUsername()
-
getKrbProperties
public Properties getKrbProperties()
Returns the Kerberos login properties. These properties are used to get credentials from the Kerberos Key Distribution Center (KDC).- Returns:
- the Kerberos login properties
-
-