• java通过kerberos认证并通过GSS-API获取kerberos服务票证


    java通过kerberos认证并通过GSS-API获取kerberos服务票证 

    1. @Component
    2. public class EsKerberosUtils {
    3. //主体用户
    4. @Value("${kerberos.principal}")
    5. private String kPrincipal;
    6. @Value("${java.security.krb5.realm}")
    7. private String jRealm;
    8. //kdc服务ip
    9. @Value("${java.security.krb5.kdc}")
    10. private String kdc;
    11. @Value("${kerberos.keytab}")
    12. private String keytab;
    13. public String getToken(){
    14. String kb = System.getProperty("user.dir")+ File.separator+"kerberos"+ File.separator+keytab;
    15. System.setProperty("java.security.krb5.realm", jRealm);
    16. System.setProperty("java.security.krb5.kdc", kdc);
    17. javax.security.auth.login.Configuration config = new javax.security.auth.login.Configuration() {
    18. @Override
    19. public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
    20. HashMap<String, Object> options = new HashMap<String, Object>() {
    21. {
    22. put("useKeyTab", "true");
    23. put("keyTab", kb);
    24. put("principal", kPrincipal);
    25. put("doNotPrompt", "true");
    26. put("storeKey", "true");
    27. put("isInitiator", "true");
    28. put("debug", "false");
    29. }
    30. };
    31. return new AppConfigurationEntry[]{
    32. new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
    33. AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)
    34. };
    35. }
    36. };
    37. Set<Principal> princ = new HashSet<Principal>(1);
    38. princ.add(new KerberosPrincipal(kPrincipal));
    39. Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>());
    40. LoginContext lc = null;
    41. try {
    42. lc = new LoginContext("Krb5Login", sub, null, config);
    43. lc.login();
    44. Subject serviceSubject = lc.getSubject();
    45. final Base64 base64 = new Base64(0);
    46. String token = Subject.doAs(serviceSubject, new PrivilegedExceptionAction<String>() {
    47. final Oid spnegoOid = new Oid("1.3.6.1.5.5.2");
    48. final Oid krb5MechOid = new Oid("1.2.840.113554.1.2.2");
    49. @Override
    50. public String run() throws Exception {
    51. GSSContext gssContext = null;
    52. GSSManager gssManager = GSSManager.getInstance();
    53. try {
    54. GSSName gssServerName = gssManager.createName(kPrincipal, GSSName.NT_USER_NAME);
    55. GSSCredential clientGssCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME,
    56. krb5MechOid, GSSCredential.INITIATE_ONLY);
    57. gssContext = gssManager.createContext(gssServerName.canonicalize(spnegoOid),
    58. spnegoOid,
    59. clientGssCreds,
    60. GSSContext.DEFAULT_LIFETIME);
    61. gssContext.requestCredDeleg(true);
    62. byte[] spnegoToken = new byte[0];
    63. spnegoToken = gssContext.initSecContext(spnegoToken, 0, spnegoToken.length);
    64. byte[] encodedToken = Base64.encodeBase64(spnegoToken);
    65. return new String(encodedToken, "UTF-8");
    66. } finally {
    67. if (gssContext != null) {
    68. gssContext.dispose();
    69. }
    70. }
    71. }
    72. });
    73. return token;
    74. } catch (LoginException e) {
    75. e.printStackTrace();
    76. } catch (PrivilegedActionException e) {
    77. e.printStackTrace();
    78. } catch (GSSException e) {
    79. e.printStackTrace();
    80. } catch (Exception e) {
    81. e.printStackTrace();
    82. }
    83. return null;
    84. }
    85. }

  • 相关阅读:
    【新学期、新Flag】快来参与活动、获取丰厚的奖励吧
    单片机设计_室内环境智能监测系统(STM32 OLED ESP8266 DHT11 MQ-2 加湿器)
    emqx broker安装
    Node.js
    springcloudalibaba 之seata
    阿里最新开源的这份“亿级流量”小册,涵盖了高并发的所有操作
    力扣每日一题49:字母异位词分组
    ORM 操作 MySQL
    PhotoZoom 8全新版免费手机图片放大工具
    ③【List】Redis常用数据类型: List [使用手册]
  • 原文地址:https://blog.csdn.net/yztezhl/article/details/126875221