public class WsGrouperKerberosAuthentication extends java.lang.Object implements WsCustomAuthentication
basic kerberos authentication for grouper, settings are specified in grouper-ws.properties note: this can be used for rest and soap, though it is not a bastion of security: 1. for soap, ws-security would be better since a ticket is passed instead of user/pass 2. for rest, Im not sure there is another option 3. the user/pass is transmitted in basic auth, so make sure SSL is on 4. passing the user/pass is not how kerberos should work since kerberos passes tickets and not passes 5. the user is authenticated to the kdc, but an ssl service is not invoked, which would be the next level of verification since it might be possible for the kdc to be spoofed to the grouper-ws
| Constructor and Description |
|---|
WsGrouperKerberosAuthentication() |
| Modifier and Type | Method and Description |
|---|---|
static boolean |
authenticateKerberos(java.lang.String principal,
java.lang.String password)
see if a user and pass are correct with berberos
|
static void |
main(java.lang.String[] args) |
java.lang.String |
retrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest httpServletRequest)
retrieve the current username (subjectId) from the request object.
|
public static void main(java.lang.String[] args)
throws java.lang.Exception
args - java.lang.Exceptionpublic java.lang.String retrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest httpServletRequest)
throws java.lang.RuntimeException
WsCustomAuthenticationretrieveLoggedInSubjectId in interface WsCustomAuthenticationWsInvalidQueryException - if there is a problemjava.lang.RuntimeExceptionWsCustomAuthentication.retrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest)public static boolean authenticateKerberos(java.lang.String principal,
java.lang.String password)
principal - password -