com.unboundid.ldap.sdk

Class GSSAPIBindRequestProperties

java.lang.Object

com.unboundid.ldap.sdk.GSSAPIBindRequestProperties

All Implemented Interfaces:

java.io.Serializable

@Mutable
 @ThreadSafety(level=NOT_THREADSAFE)
public final class GSSAPIBindRequestProperties
extends java.lang.Object
implements java.io.Serializable

This class provides a data structure that may be used to hold a number of properties that may be used during processing for a SASL GSSAPI bind operation.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
GSSAPIBindRequestProperties(java.lang.String authenticationID, byte[] password) Creates a new set of GSSAPI bind request properties with the provided information.
GSSAPIBindRequestProperties(java.lang.String authenticationID, java.lang.String password) Creates a new set of GSSAPI bind request properties with the provided information.

Method Summary

Modifier and Type	Method and Description
boolean	enableGSSAPIDebugging() Indicates whether JVM-level debugging should be enabled for GSSAPI bind processing.
java.util.List<SASLQualityOfProtection>	getAllowedQoP() Retrieves the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
java.lang.String	getAuthenticationID() Retrieves the authentication ID for the GSSAPI bind request, if defined.
java.lang.String	getAuthorizationID() Retrieves the authorization ID for the GSSAPI bind request, if defined.
GSSAPIChannelBindingType	getChannelBindingType() Retrieves the type of channel binding that should be used for the GSSAPI bind request.
java.lang.String	getConfigFilePath() Retrieves the path to a JAAS configuration file that should be used when processing the GSSAPI bind request, if defined.
java.lang.Boolean	getIsInitiator() Indicates whether the client should be configured so that it explicitly indicates whether it is the initiator or the acceptor.
java.lang.String	getJAASClientName() Retrieves the name that will be used to identify this client in the JAAS framework.
java.lang.String	getKDCAddress() Retrieves the address to use for the Kerberos key distribution center, if defined.
java.lang.String	getKeyTabPath() Retrieves the path to the keytab file from which to obtain the user credentials.
ASN1OctetString	getPassword() Retrieves the password that should be used for the GSSAPI bind request, if defined.
java.lang.String	getRealm() Retrieves the realm to use for the GSSAPI bind request, if defined.
java.lang.String	getSASLClientServerName() Retrieves the server name that should be used when creating the Java SaslClient, if one is defined.
java.lang.String	getServicePrincipalProtocol() Retrieves the protocol specified in the service principal that the directory server uses for its communication with the KDC.
java.util.Set<java.lang.String>	getSuppressedSystemProperties() Retrieves a set of system properties that will not be altered by GSSAPI processing.
java.lang.String	getTicketCachePath() Retrieves the path to the Kerberos ticket cache file that should be used during authentication, if defined.
boolean	refreshKrb5Config() Indicates whether to refresh the configuration before the JAAS login method is called.
boolean	renewTGT() Indicates whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.
boolean	requireCachedCredentials() Indicates whether GSSAPI authentication should only occur using an existing Kerberos session.
void	setAllowedQoP(java.util.List<SASLQualityOfProtection> allowedQoP) Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
void	setAllowedQoP(SASLQualityOfProtection... allowedQoP) Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.
void	setAuthenticationID(java.lang.String authenticationID) Sets the authentication ID for the GSSAPI bind request.
void	setAuthorizationID(java.lang.String authorizationID) Specifies the authorization ID for the GSSAPI bind request.
void	setChannelBindingType(GSSAPIChannelBindingType channelBindingType) Specifies the type of channel binding that should be used for the GSSAPI bind request.
void	setConfigFilePath(java.lang.String configFilePath) Specifies the path to a JAAS configuration file that should be used when processing the GSSAPI bind request.
void	setEnableGSSAPIDebugging(boolean enableGSSAPIDebugging) Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing.
void	setIsInitiator(java.lang.Boolean isInitiator) Specifies whether the client should explicitly indicate whether it is the GSSAPI initiator or acceptor.
void	setJAASClientName(java.lang.String jaasClientName) Specifies the name that will be used to identify this client in the JAAS framework.
void	setKDCAddress(java.lang.String kdcAddress) Specifies the address to use for the Kerberos key distribution center.
void	setKeyTabPath(java.lang.String keyTabPath) Specifies the path to the keytab file from which to obtain the user credentials.
void	setPassword(ASN1OctetString password) Specifies the password that should be used for the GSSAPI bind request.
void	setPassword(byte[] password) Specifies the password that should be used for the GSSAPI bind request.
void	setPassword(java.lang.String password) Specifies the password that should be used for the GSSAPI bind request.
void	setRealm(java.lang.String realm) Specifies the realm to use for the GSSAPI bind request.
void	setRefreshKrb5Config(boolean refreshKrb5Config) Specifies whether to refresh the configuration before the JAAS login method is called.
void	setRenewTGT(boolean renewTGT) Specifies whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.
void	setRequireCachedCredentials(boolean requireCachedCredentials) Specifies whether an GSSAPI authentication should only occur using an existing Kerberos session.
void	setSASLClientServerName(java.lang.String saslClientServerName) Specifies the server name that should be used when creating the Java SaslClient.
void	setServicePrincipalProtocol(java.lang.String servicePrincipalProtocol) Specifies the protocol specified in the service principal that the directory server uses for its communication with the KDC.
void	setSuppressedSystemProperties(java.util.Collection<java.lang.String> suppressedSystemProperties) Specifies a set of system properties that will not be altered by GSSAPI processing.
void	setTicketCachePath(java.lang.String ticketCachePath) Specifies the path to the Kerberos ticket cache file that should be used during authentication.
void	setUseKeyTab(boolean useKeyTab) Specifies whether to use a keytab to obtain the user credentials.
void	setUseSubjectCredentialsOnly(boolean useSubjectCredentialsOnly) Specifies whether to allow the client to use credentials that are outside the current subject.
void	setUseTicketCache(boolean useTicketCache) Specifies whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.
java.lang.String	toString() Retrieves a string representation of the GSSAPI bind request properties.
void	toString(java.lang.StringBuilder buffer) Appends a string representation of the GSSAPI bind request properties to the provided buffer.
boolean	useKeyTab() Indicates whether to use a keytab to obtain the user credentials.
boolean	useSubjectCredentialsOnly() Indicates whether to allow the client to use credentials that are outside of the current subject, obtained via some system-specific mechanism.
boolean	useTicketCache() Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

GSSAPIBindRequestProperties

public GSSAPIBindRequestProperties(@Nullable
                                   java.lang.String authenticationID,
                                   @Nullable
                                   java.lang.String password)

Creates a new set of GSSAPI bind request properties with the provided information.

Parameters:

authenticationID - The authentication ID for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

password - The password for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

GSSAPIBindRequestProperties

public GSSAPIBindRequestProperties(@Nullable
                                   java.lang.String authenticationID,
                                   @Nullable
                                   byte[] password)

Creates a new set of GSSAPI bind request properties with the provided information.

Parameters:

authenticationID - The authentication ID for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

password - The password for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

Method Detail

getAuthenticationID

@Nullable
public java.lang.String getAuthenticationID()

Retrieves the authentication ID for the GSSAPI bind request, if defined.

Returns:

The authentication ID for the GSSAPI bind request, or null if an existing Kerberos session should be used.

setAuthenticationID

public void setAuthenticationID(@Nullable
                                java.lang.String authenticationID)

Sets the authentication ID for the GSSAPI bind request.

Parameters:

authenticationID - The authentication ID for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

getAuthorizationID

@Nullable
public java.lang.String getAuthorizationID()

Retrieves the authorization ID for the GSSAPI bind request, if defined.

Returns:

The authorizationID for the GSSAPI bind request, or null if the authorization ID should be the same as the authentication ID.

setAuthorizationID

public void setAuthorizationID(@Nullable
                               java.lang.String authorizationID)

Specifies the authorization ID for the GSSAPI bind request.

Parameters:

authorizationID - The authorization ID for the GSSAPI bind request. It may be null if the authorization ID should be the same as the authentication ID.

getPassword

@Nullable
public ASN1OctetString getPassword()

Retrieves the password that should be used for the GSSAPI bind request, if defined.

Returns:

The password that should be used for the GSSAPI bind request, or null if an existing Kerberos session should be used.

setPassword

public void setPassword(@Nullable
                        java.lang.String password)

Specifies the password that should be used for the GSSAPI bind request.

Parameters:

password - The password that should be used for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

setPassword

public void setPassword(@Nullable
                        byte[] password)

Specifies the password that should be used for the GSSAPI bind request.

Parameters:

password - The password that should be used for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

setPassword

public void setPassword(@Nullable
                        ASN1OctetString password)

Specifies the password that should be used for the GSSAPI bind request.

Parameters:

password - The password that should be used for the GSSAPI bind request. It may be null if an existing Kerberos session should be used.

getRealm

@Nullable
public java.lang.String getRealm()

Retrieves the realm to use for the GSSAPI bind request, if defined.

Returns:

The realm to use for the GSSAPI bind request, or null if the request should attempt to use the default realm from the system configuration.

setRealm

public void setRealm(@Nullable
                     java.lang.String realm)

Specifies the realm to use for the GSSAPI bind request.

Parameters:

realm - The realm to use for the GSSAPI bind request. It may be null if the request should attempt to use the default realm from the system configuration.

getAllowedQoP

@NotNull
public java.util.List<SASLQualityOfProtection> getAllowedQoP()

Retrieves the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.

Returns:

The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.

setAllowedQoP

public void setAllowedQoP(@Nullable
                          java.util.List<SASLQualityOfProtection> allowedQoP)

Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.

Parameters:

allowedQoP - The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred. If this is null or empty, then a list containing only the SASLQualityOfProtection.AUTH quality of protection value will be used.

setAllowedQoP

public void setAllowedQoP(@Nullable
                          SASLQualityOfProtection... allowedQoP)

Specifies the list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred.

Parameters:

allowedQoP - The list of allowed qualities of protection that may be used for communication that occurs on the connection after the authentication has completed, in order from most preferred to least preferred. If this is null or empty, then a list containing only the SASLQualityOfProtection.AUTH quality of protection value will be used.

getKDCAddress

@Nullable
public java.lang.String getKDCAddress()

Retrieves the address to use for the Kerberos key distribution center, if defined.

Returns:

The address to use for the Kerberos key distribution center, or null if request should attempt to determine the KDC address from the system configuration.

setKDCAddress

public void setKDCAddress(@Nullable
                          java.lang.String kdcAddress)

Specifies the address to use for the Kerberos key distribution center.

Parameters:

kdcAddress - The address to use for the Kerberos key distribution center. It may be null if the request should attempt to determine the KDC address from the system configuration.

getJAASClientName

@NotNull
public java.lang.String getJAASClientName()

Retrieves the name that will be used to identify this client in the JAAS framework.

Returns:

The name that will be used to identify this client in the JAAS framework.

setJAASClientName

public void setJAASClientName(@NotNull
                              java.lang.String jaasClientName)

Specifies the name that will be used to identify this client in the JAAS framework.

Parameters:

jaasClientName - The name that will be used to identify this client in the JAAS framework. It must not be null or empty.

getConfigFilePath

@Nullable
public java.lang.String getConfigFilePath()

Retrieves the path to a JAAS configuration file that should be used when processing the GSSAPI bind request, if defined.

Returns:

The path to a JAAS configuration file that should be used when processing the GSSAPI bind request, or null if a JAAS configuration file should be automatically constructed for the bind request.

setConfigFilePath

public void setConfigFilePath(@Nullable
                              java.lang.String configFilePath)

Specifies the path to a JAAS configuration file that should be used when processing the GSSAPI bind request.

Parameters:

configFilePath - The path to a JAAS configuration file that should be used when processing the GSSAPI bind request. It may be null if a configuration file should be automatically constructed for the bind request.

getSASLClientServerName

@Nullable
public java.lang.String getSASLClientServerName()

Retrieves the server name that should be used when creating the Java SaslClient, if one is defined.

Returns:

The server name that should be used when creating the Java SaslClient, or null if none is defined and the SaslClient should use the address specified when establishing the connection.

setSASLClientServerName

public void setSASLClientServerName(@Nullable
                                    java.lang.String saslClientServerName)

Specifies the server name that should be used when creating the Java SaslClient.

Parameters:

saslClientServerName - The server name that should be used when creating the Java SaslClient. It may be null to indicate that the SaslClient should use the address specified when establishing the connection.

getServicePrincipalProtocol

@NotNull
public java.lang.String getServicePrincipalProtocol()

Retrieves the protocol specified in the service principal that the directory server uses for its communication with the KDC. The service principal is usually something like "ldap/directory.example.com", where "ldap" is the protocol and "directory.example.com" is the fully-qualified address of the directory server system, but some servers may allow authentication with a service principal with a protocol other than "ldap".

Returns:

The protocol specified in the service principal that the directory server uses for its communication with the KDC.

setServicePrincipalProtocol

public void setServicePrincipalProtocol(@NotNull
                                        java.lang.String servicePrincipalProtocol)

Specifies the protocol specified in the service principal that the directory server uses for its communication with the KDC. This should generally be "ldap", but some servers may allow a service principal with a protocol other than "ldap".

Parameters:

servicePrincipalProtocol - The protocol specified in the service principal that the directory server uses for its communication with the KDC.

refreshKrb5Config

public boolean refreshKrb5Config()

Indicates whether to refresh the configuration before the JAAS login method is called.

Returns:

true if the GSSAPI implementation should refresh the configuration before the JAAS login method is called, or false if not.

setRefreshKrb5Config

public void setRefreshKrb5Config(boolean refreshKrb5Config)

Specifies whether to refresh the configuration before the JAAS login method is called.

Parameters:

refreshKrb5Config - Indicates whether to refresh the configuration before the JAAS login method is called.

useSubjectCredentialsOnly

public boolean useSubjectCredentialsOnly()

Indicates whether to allow the client to use credentials that are outside of the current subject, obtained via some system-specific mechanism.

Returns:

true if the client will only be allowed to use credentials that are within the current subject, or false if the client will be allowed to use credentials outside the current subject.

setUseSubjectCredentialsOnly

public void setUseSubjectCredentialsOnly(boolean useSubjectCredentialsOnly)

Specifies whether to allow the client to use credentials that are outside the current subject. If this is false, then a system-specific mechanism may be used in an attempt to obtain credentials from an existing session.

Parameters:

useSubjectCredentialsOnly - Indicates whether to allow the client to use credentials that are outside of the current subject.

useKeyTab

public boolean useKeyTab()

Indicates whether to use a keytab to obtain the user credentials.

Returns:

true if the GSSAPI login attempt should use a keytab to obtain the user credentials, or false if not.

setUseKeyTab

public void setUseKeyTab(boolean useKeyTab)

Specifies whether to use a keytab to obtain the user credentials.

Parameters:

useKeyTab - Indicates whether to use a keytab to obtain the user credentials.

getKeyTabPath

@Nullable
public java.lang.String getKeyTabPath()

Retrieves the path to the keytab file from which to obtain the user credentials. This will only be used if useKeyTab returns true.

Returns:

The path to the keytab file from which to obtain the user credentials, or null if the default keytab location should be used.

setKeyTabPath

public void setKeyTabPath(@Nullable
                          java.lang.String keyTabPath)

Specifies the path to the keytab file from which to obtain the user credentials.

Parameters:

keyTabPath - The path to the keytab file from which to obtain the user credentials. It may be null if the default keytab location should be used.

useTicketCache

public boolean useTicketCache()

Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.

Returns:

true if a ticket cache may be used to take advantage of an existing Kerberos session, or false if Kerberos credentials should always be provided.

setUseTicketCache

public void setUseTicketCache(boolean useTicketCache)

Specifies whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.

Parameters:

useTicketCache - Indicates whether to enable the use of a ticket cache to to avoid the need to supply credentials if the client already has an existing Kerberos session.

requireCachedCredentials

public boolean requireCachedCredentials()

Indicates whether GSSAPI authentication should only occur using an existing Kerberos session.

Returns:

true if GSSAPI authentication should only use an existing Kerberos session and should fail if the client does not have an existing session, or false if the client will be allowed to create a new session if one does not already exist.

setRequireCachedCredentials

public void setRequireCachedCredentials(boolean requireCachedCredentials)

Specifies whether an GSSAPI authentication should only occur using an existing Kerberos session.

Parameters:

requireCachedCredentials - Indicates whether an existing Kerberos session will be required for authentication. If true, then authentication will fail if the client does not already have an existing Kerberos session. This will be ignored if useTicketCache is false.

getTicketCachePath

@Nullable
public java.lang.String getTicketCachePath()

Retrieves the path to the Kerberos ticket cache file that should be used during authentication, if defined.

Returns:

The path to the Kerberos ticket cache file that should be used during authentication, or null if the default ticket cache file should be used.

setTicketCachePath

public void setTicketCachePath(@Nullable
                               java.lang.String ticketCachePath)

Specifies the path to the Kerberos ticket cache file that should be used during authentication.

Parameters:

ticketCachePath - The path to the Kerberos ticket cache file that should be used during authentication. It may be null if the default ticket cache file should be used.

renewTGT

public boolean renewTGT()

Indicates whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.

Returns:

true if the client should attempt to renew its ticket-granting ticket if the authentication is processed using an existing Kerberos session, or false if not.

setRenewTGT

public void setRenewTGT(boolean renewTGT)

Specifies whether to attempt to renew the client's ticket-granting ticket (TGT) if an existing Kerberos session is used to authenticate.

Parameters:

renewTGT - Indicates whether to attempt to renew the client's ticket-granting ticket if an existing Kerberos session is used to authenticate.

getIsInitiator

@Nullable
public java.lang.Boolean getIsInitiator()

Indicates whether the client should be configured so that it explicitly indicates whether it is the initiator or the acceptor.

Returns:

Boolean.TRUE if the client should explicitly indicate that it is the GSSAPI initiator, Boolean.FALSE if the client should explicitly indicate that it is the GSSAPI acceptor, or null if the client should not explicitly indicate either state (which is the default if the setIsInitiator(java.lang.Boolean) method has not been called).

setIsInitiator

public void setIsInitiator(@Nullable
                           java.lang.Boolean isInitiator)

Specifies whether the client should explicitly indicate whether it is the GSSAPI initiator or acceptor.

Parameters:

isInitiator - Indicates whether the client should be considered the GSSAPI initiator. A value of Boolean.TRUE means the client should explicitly indicate that it is the GSSAPI initiator. A value of Boolean.FALSE means the client should explicitly indicate that it is the GSSAPI acceptor. A value of null means that the client will not explicitly indicate one way or the other (although this behavior will only apply to Sun/Oracle-based implementations; on the IBM implementation, the client will always be the initiator unless explicitly configured otherwise).

getChannelBindingType

@NotNull
public GSSAPIChannelBindingType getChannelBindingType()

Retrieves the type of channel binding that should be used for the GSSAPI bind request.

Returns:

The type of channel binding that should be used for the GSSAPI bind request.

setChannelBindingType

public void setChannelBindingType(@Nullable
                                  GSSAPIChannelBindingType channelBindingType)

Specifies the type of channel binding that should be used for the GSSAPI bind request. Note that channel binding support is dependent upon the underlying JVM and may not be available in all cases.

Parameters:

channelBindingType - The type of channel binding that should be used for the GSSAPI bind request. It may be null or NONE if no channel binding should be used.

getSuppressedSystemProperties

@NotNull
public java.util.Set<java.lang.String> getSuppressedSystemProperties()

Retrieves a set of system properties that will not be altered by GSSAPI processing.

Returns:

A set of system properties that will not be altered by GSSAPI processing.

setSuppressedSystemProperties

public void setSuppressedSystemProperties(@Nullable
                                          java.util.Collection<java.lang.String> suppressedSystemProperties)

Specifies a set of system properties that will not be altered by GSSAPI processing. This should generally only be used in cases in which the specified system properties are known to already be set correctly for the desired authentication processing.

Parameters:

suppressedSystemProperties - A set of system properties that will not be altered by GSSAPI processing. It may be null or empty to indicate that no properties should be suppressed.

enableGSSAPIDebugging

public boolean enableGSSAPIDebugging()

Indicates whether JVM-level debugging should be enabled for GSSAPI bind processing. If this is enabled, then debug information may be written to standard error when performing GSSAPI processing that could be useful for debugging authentication problems.

Returns:

true if JVM-level debugging should be enabled for GSSAPI bind processing, or false if not.

setEnableGSSAPIDebugging

public void setEnableGSSAPIDebugging(boolean enableGSSAPIDebugging)

Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing. If this is enabled, then debug information may be written to standard error when performing GSSAPI processing that could be useful for debugging authentication problems.

Parameters:

enableGSSAPIDebugging - Specifies whether JVM-level debugging should be enabled for GSSAPI bind processing.

toString

@NotNull
public java.lang.String toString()

Retrieves a string representation of the GSSAPI bind request properties.

Overrides:

toString in class java.lang.Object

Returns:

A string representation of the GSSAPI bind request properties.

toString

public void toString(@NotNull
                     java.lang.StringBuilder buffer)

Appends a string representation of the GSSAPI bind request properties to the provided buffer.

Parameters:

buffer - The buffer to which the information should be appended.