Class KerberosCredentials
- All Implemented Interfaces:
Serializable
,oracle.kv.impl.util.FastExternalizable
,LoginCredentials
This class provides a way for an application to authenticate as a particular Kerberos user when accessing a KVStore instance.
There are two approaches that client applications can use to authenticate
using Kerberos. Client applications that use the
Java Authentication and Authorization Service (JAAS) programming
framework can specify credentials by using the Subject.doAs(javax.security.auth.Subject, java.security.PrivilegedAction<T>)
method.
Applications that do not use the JAAS framework can use this class to specify a Kerberos identity. The credentials of the specified user will be acquired from the Kerberos Key Distribution Center (KDC) based on the values specified for the KerberosCredentials instance.
- Since:
- 3.5
- See Also:
-
Constructor Summary
ConstructorDescriptionKerberosCredentials
(String username, Properties krbProperties) Creates Kerberos user credentials. -
Method Summary
Modifier and TypeMethodDescriptionReturns the Kerberos login properties.Identifies the user owning the credentials.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface oracle.kv.impl.util.FastExternalizable
deserializedForm
-
Constructor Details
-
KerberosCredentials
public KerberosCredentials(String username, Properties krbProperties) throws IllegalArgumentException Creates Kerberos user credentials. The properties passed in are used to retrieve the Kerberos credentials of the specified user from the Kerberos Key Distribution Center (KDC).If, as recommended, each server host uses a different principal name that includes an individual instance name, the
KVSecurityConstants.AUTH_KRB_SERVICES_PROPERTY
should specify the mappings of server hostnames to Kerberos service principal names. Users may need to provide Kerberos login properties so that underlying authentication system can retrieve credentials from KDC. The properties currently supported:KVSecurityConstants.AUTH_KRB_CCACHE_PROPERTY
KVSecurityConstants.AUTH_KRB_KEYTAB_PROPERTY
KVSecurityConstants.AUTH_KRB_MUTUAL_PROPERTY
When multiple properties are set, for example,
KVSecurityConstants.AUTH_KRB_CCACHE_PROPERTY
andKVSecurityConstants.AUTH_KRB_KEYTAB_PROPERTY
, the underlying login service will retrieve credentials of this user in following preference order:- credentials cache
- keytab
- Parameters:
username
- the name of the userkrbProperties
- the Kerberos login properties- Throws:
IllegalArgumentException
-
-
Method Details
-
getUsername
Description copied from interface:LoginCredentials
Identifies the user owning the credentials.- Specified by:
getUsername
in interfaceLoginCredentials
- Returns:
- the name of the user for which the credentials belong.
- See Also:
-
getKrbProperties
Returns the Kerberos login properties. These properties are used to get credentials from the Kerberos Key Distribution Center (KDC).- Returns:
- the Kerberos login properties
-