edu.internet2.middleware.grouperActivemq.authn

Class GrouperActivemqKerberosAuthentication

java.lang.Object

edu.internet2.middleware.grouperActivemq.authn.GrouperActivemqKerberosAuthentication

public class GrouperActivemqKerberosAuthentication
extends Object

 basic kerberos authentication for grouper, settings are specified in grouper-ws.properties
 note: this can be used for rest and soap, though it is not a bastion of security:
  1. for soap, ws-security would be better since a ticket is passed instead of user/pass
  2. for rest, Im not sure there is another option
  3. the user/pass is transmitted in basic auth, so make sure SSL is on
  4. passing the user/pass is not how kerberos should work since kerberos passes tickets and not passes
  5. the user is authenticated to the kdc, but an ssl service is not invoked, which would be the next
  level of verification since it might be possible for the kdc to be spoofed to the grouper-ws
 
 

Constructor Summary

Constructors

Constructor and Description
GrouperActivemqKerberosAuthentication()

Method Summary

Modifier and Type	Method and Description
static boolean	authenticateKerberos(String principal, String password) see if a user and pass are correct with berberos
static void	main(String[] args)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GrouperActivemqKerberosAuthentication

public GrouperActivemqKerberosAuthentication()

Method Detail

main

public static void main(String[] args)
                 throws Exception

Parameters:

args -

Throws:

Exception

authenticateKerberos

public static boolean authenticateKerberos(String principal,
                                           String password)

see if a user and pass are correct with berberos

Parameters:

principal -

password -

Returns:

true for ok, false for not