public class WsGrouperKerberosAuthentication extends java.lang.Object implements WsCustomAuthentication
basic kerberos authentication for grouper, settings are specified in grouper-ws.properties note: this can be used for rest and soap, though it is not a bastion of security: 1. for soap, ws-security would be better since a ticket is passed instead of user/pass 2. for rest, Im not sure there is another option 3. the user/pass is transmitted in basic auth, so make sure SSL is on 4. passing the user/pass is not how kerberos should work since kerberos passes tickets and not passes 5. the user is authenticated to the kdc, but an ssl service is not invoked, which would be the next level of verification since it might be possible for the kdc to be spoofed to the grouper-ws
Constructor and Description |
---|
WsGrouperKerberosAuthentication() |
Modifier and Type | Method and Description |
---|---|
static boolean |
authenticateKerberos(java.lang.String principal,
java.lang.String password)
see if a user and pass are correct with berberos
|
static void |
main(java.lang.String[] args) |
java.lang.String |
retrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest httpServletRequest)
retrieve the current username (subjectId) from the request object.
|
public static void main(java.lang.String[] args) throws java.lang.Exception
args
- java.lang.Exception
public java.lang.String retrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest httpServletRequest) throws java.lang.RuntimeException
WsCustomAuthentication
retrieveLoggedInSubjectId
in interface WsCustomAuthentication
WsInvalidQueryException
- if there is a problemjava.lang.RuntimeException
WsCustomAuthentication.retrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest)
public static boolean authenticateKerberos(java.lang.String principal, java.lang.String password)
principal
- password
-