public interface GSSName
createName
methods that exist in the GSSManager
class. Conceptually a GSSName contains many
representations of the entity or many primitive name elements, one for
each supported underlying mechanism. In GSS terminology, a GSSName that
contains an element from just one mechanism is called a Mechanism Name
(MN)
Since different authentication mechanisms may employ different
namespaces for identifying their principals, GSS-API's naming support is
necessarily complex in multi-mechanism environments (or even in some
single-mechanism environments where the underlying mechanism supports
multiple namespaces). Different name formats and their definitions are
identified with Oid's
and some standard types
are defined in this interface. The format of the names can be derived
based on the unique Oid
of its name type.
Included below are code examples utilizing the GSSName
interface.
The code below creates a GSSName
, converts it to an MN, performs a
comparison, obtains a printable representation of the name, exports it
to a byte array and then re-imports to obtain a
new GSSName
.
GSSManager manager = GSSManager.getInstance(); // create a host based service name GSSName name = manager.createName("service@host", GSSName.NT_HOSTBASED_SERVICE); Oid krb5 = new Oid("1.2.840.113554.1.2.2"); GSSName mechName = name.canonicalize(krb5); // the above two steps are equivalent to the following GSSName mechName = manager.createName("service@host", GSSName.NT_HOSTBASED_SERVICE, krb5); // perform name comparison if (name.equals(mechName)) print("Names are equals."); // obtain textual representation of name and its printable // name type print(mechName.toString() + mechName.getStringNameType().toString()); // export and re-import the name byte [] exportName = mechName.export(); // create a new name object from the exported buffer GSSName newName = manager.createName(exportName, GSSName.NT_EXPORT_NAME);If a security manager is installed, in order to create a
GSSName
that contains a Kerberos name element without providing its realm,
a ServicePermission
must be granted and the service principal of the permission must minimally
be inside the Kerberos name element's realm. For example, if the result of
createName("user", NT_USER_NAME)
contains a Kerberos name element user@EXAMPLE.COM
, then
a ServicePermission
with service principal
host/www.example.com@EXAMPLE.COM
(and any action) must be granted.
Otherwise, the creation will throw a GSSException
containing the
GSSException.FAILURE
error code.Modifier and Type | Field and Description |
---|---|
static Oid |
NT_ANONYMOUS
Name type for representing an anonymous entity.
|
static Oid |
NT_EXPORT_NAME
Name type used to indicate an exported name produced by the export
method.
|
static Oid |
NT_HOSTBASED_SERVICE
Oid indicating a host-based service name form.
|
static Oid |
NT_MACHINE_UID_NAME
Name type to indicate a numeric user identifier corresponding to a
user on a local system.
|
static Oid |
NT_STRING_UID_NAME
Name type to indicate a string of digits representing the numeric
user identifier of a user on a local system.
|
static Oid |
NT_USER_NAME
Name type to indicate a named user on a local system.
|
Modifier and Type | Method and Description |
---|---|
GSSName |
canonicalize(Oid mech)
Creates a name that is canonicalized for some
mechanism.
|
boolean |
equals(GSSName another)
Compares two
GSSName objects to determine if they refer to the
same entity. |
boolean |
equals(Object another)
Compares this
GSSName object to another Object that might be a
GSSName . |
byte[] |
export()
Returns a canonical contiguous byte representation of a mechanism name
(MN), suitable for direct, byte by byte comparison by authorization
functions.
|
Oid |
getStringNameType()
Returns the name type of the printable
representation of this name that can be obtained from the
toString method. |
int |
hashCode()
Returns a hashcode value for this GSSName.
|
boolean |
isAnonymous()
Tests if this name object represents an anonymous entity.
|
boolean |
isMN()
Tests if this name object represents a Mechanism Name (MN).
|
String |
toString()
Returns a textual representation of the
GSSName object. |
static final Oid NT_HOSTBASED_SERVICE
It represents the following Oid value:
{ iso(1) member-body(2) United
States(840) mit(113554) infosys(1) gssapi(2) generic(1) service_name(4)
}
static final Oid NT_USER_NAME
It represents the following Oid value:
{ iso(1) member-body(2) United
States(840) mit(113554) infosys(1) gssapi(2) generic(1) user_name(1)
}
static final Oid NT_MACHINE_UID_NAME
It represents the following Oid value:
{ iso(1) member-body(2) United States(840) mit(113554)
infosys(1) gssapi(2) generic(1) machine_uid_name(2) }
static final Oid NT_STRING_UID_NAME
It represents the following Oid value:
{ iso(1) member-body(2) United
States(840) mit(113554) infosys(1) gssapi(2) generic(1)
string_uid_name(3) }
static final Oid NT_ANONYMOUS
It represents the following Oid value:
{ 1(iso), 3(org), 6(dod), 1(internet),
5(security), 6(nametypes), 3(gss-anonymous-name) }
static final Oid NT_EXPORT_NAME
It represents the following Oid value:
{ 1(iso),
3(org), 6(dod), 1(internet), 5(security), 6(nametypes),
4(gss-api-exported-name) }
boolean equals(GSSName another) throws GSSException
GSSName
objects to determine if they refer to the
same entity.another
- the GSSName
to compare this name withGSSException
- when the names cannot be compared, containing the following
major error codes:
GSSException.BAD_NAMETYPE
,
GSSException.FAILURE
boolean equals(Object another)
GSSName
object to another Object that might be a
GSSName
. The behaviour is exactly the same as in equals
except that no GSSException is thrown;
instead, false will be returned in the situation where an error
occurs.equals
in class Object
another
- the object to compare this name toGSSName
and the two
names refer to the same entity.equals(GSSName)
int hashCode()
hashCode
in class Object
Object.equals(java.lang.Object)
,
System.identityHashCode(java.lang.Object)
GSSName canonicalize(Oid mech) throws GSSException
mech
- the oid for the mechanism for which the canonical form of
the name is requested.GSSName
that contains just one primitive
element representing this name in a canonicalized form for the desired
mechanism.GSSException
- containing the following
major error codes:
GSSException.BAD_MECH
,
GSSException.BAD_NAMETYPE
,
GSSException.BAD_NAME
,
GSSException.FAILURE
byte[] export() throws GSSException
The exported name is useful when used in large access control lists
where the overhead of creating a GSSName
object on each
name and invoking the equals method on each name from the ACL may be
prohibitive.
Exported names may be re-imported by using the byte array factory
method GSSManager.createName
and specifying the NT_EXPORT_NAME as the name
type object identifier. The resulting GSSName
name will
also be a MN.
GSSException
- containing the following
major error codes:
GSSException.BAD_NAME
,
GSSException.BAD_NAMETYPE
,
GSSException.FAILURE
String toString()
GSSName
object. To retrieve
the printed name format, which determines the syntax of the returned
string, use the getStringNameType
method.Oid getStringNameType() throws GSSException
toString
method.GSSException
- containing the following
major error codes:
GSSException.FAILURE
boolean isAnonymous()
boolean isMN()
Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2016, Oracle and/or its affiliates. All rights reserved.
DRAFT 9-internal+0-2016-01-26-133437.ivan.openjdk9onspinwait