ExtendedGSSContext

We're doing some experiments in JDK 7 to add more JGSS APIs. Currently they're defined into the vendor-specific package com.sun.security.jgss, but we'd like to enhance them and finally get them into the standard org.ietf.jgss package.

Basically, we defined a new ExtendedGSSContext interface. Now it has 3 methods:
  • requestDelegPolicy(boolean state): Requests that the delegation policy be respected. When a true value is requested, the underlying context would use the delegation policy defined by the environment as a hint to determine whether credentials delegation should be performed. This method is mainly used to deal with the Kerberos OK-AS-DELEGATE flag.
  • getDelegPolicyState(): Returns the delegation policy response.
  • inquireSecContext(InquireType type): Returns the mechanism-specific attribute associated with type. Currently we're supporting four types for the Kerberos 5 mechanism: KRB5_GET_TKT_FLAGS for flags in a service ticket, KRB5_GET_SESSION_KEY for the session key of an established session, KRB5_GET_AUTHZ_DATA for authorization data in a service ticket (mainly used on AD for the PAC info), and KRB5_GET_AUTHTIME for the authtime in a service ticket.
We haven't created method names like getTicketFlags or getSessionKey because we believe these information are mechanism-specific and not general enough on the GSS level. Even the getSessionKey method only returns Kerberos 5-specific keys, where the etype values are only defined in Kerberos 5. A disadvantage side of this design is that the method must return Object and the result needs to be casted to other type depending on the input type value.

Full spec is at OpenJDK code repository, and implementation in other parts of the code repo.
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog has a comments managing system that requires me to approve each comment manually. Please do not re-post and I will reply it (if I have an answer) when I get pinged.

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today