Package oracle.kv

Class KerberosCredentials

  • All Implemented Interfaces:
    java.io.Serializable, oracle.kv.impl.util.FastExternalizable, LoginCredentials
    public class KerberosCredentials
extends java.lang.Object
implements LoginCredentials, java.io.Serializable
    Login credentials for Kerberos authentication.

    This class provides a way for an application to authenticate as a particular Kerberos user when accessing a KVStore instance.

    There are two approaches that client applications can use to authenticate using Kerberos. Client applications that use the Java Authentication and Authorization Service (JAAS) programming framework can specify credentials by using the Subject.doAs(javax.security.auth.Subject, java.security.PrivilegedAction<T>) method.

    Applications that do not use the JAAS framework can use this class to specify a Kerberos identity. The credentials of the specified user will be acquired from the Kerberos Key Distribution Center (KDC) based on the values specified for the KerberosCredentials instance.

    Since:
    3.5
    See Also:
    Serialized Form

    • Constructor Summary

      Constructors 
      Constructor Description
      KerberosCredentials​(java.lang.String username, java.util.Properties krbProperties)
      Creates Kerberos user credentials.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.util.Properties getKrbProperties()
      Returns the Kerberos login properties.
      java.lang.String getUsername()
      Identifies the user owning the credentials.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface oracle.kv.impl.util.FastExternalizable

        deserializedForm

    • Constructor Detail

      • KerberosCredentials

        public KerberosCredentials​(java.lang.String username,
                           java.util.Properties krbProperties)
                    throws java.lang.IllegalArgumentException
        Creates Kerberos user credentials. The properties passed in are used to retrieve the Kerberos credentials of the specified user from the Kerberos Key Distribution Center (KDC).

        If, as recommended, each server host uses a different principal name that includes an individual instance name, the KVSecurityConstants.AUTH_KRB_SERVICES_PROPERTY should specify the mappings of server hostnames to Kerberos service principal names. Users may need to provide Kerberos login properties so that underlying authentication system can retrieve credentials from KDC. The properties currently supported:

        When multiple properties are set, for example, KVSecurityConstants.AUTH_KRB_CCACHE_PROPERTY and KVSecurityConstants.AUTH_KRB_KEYTAB_PROPERTY, the underlying login service will retrieve credentials of this user in following preference order:

        1. credentials cache
        2. keytab
        Without setting credential cache and keytab property, this method will attempt to retrieve ticket or key from default credential cache or keytab.

        Parameters:
        username - the name of the user
        krbProperties - the Kerberos login properties
        Throws:
        java.lang.IllegalArgumentException

    • Method Detail

      • getKrbProperties

        public java.util.Properties getKrbProperties()
        Returns the Kerberos login properties. These properties are used to get credentials from the Kerberos Key Distribution Center (KDC).
        Returns:
        the Kerberos login properties