Class WsGrouperKerberosAuthentication
java.lang.Object
edu.internet2.middleware.grouper.ws.security.WsGrouperKerberosAuthentication
- All Implemented Interfaces:
WsCustomAuthentication
basic kerberos authentication for grouper, settings are specified in grouper-ws.properties note: this can be used for rest and soap, though it is not a bastion of security: 1. for soap, ws-security would be better since a ticket is passed instead of user/pass 2. for rest, Im not sure there is another option 3. the user/pass is transmitted in basic auth, so make sure SSL is on 4. passing the user/pass is not how kerberos should work since kerberos passes tickets and not passes 5. the user is authenticated to the kdc, but an ssl service is not invoked, which would be the next level of verification since it might be possible for the kdc to be spoofed to the grouper-ws
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic booleanauthenticateKerberos(String principal, String password) see if a user and pass are correct with berberosstatic voidretrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest httpServletRequest) retrieve the current username (subjectId) from the request object.
-
Constructor Details
-
WsGrouperKerberosAuthentication
public WsGrouperKerberosAuthentication()
-
-
Method Details
-
main
- Parameters:
args-- Throws:
Exception
-
retrieveLoggedInSubjectId
public String retrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest httpServletRequest) throws RuntimeException Description copied from interface:WsCustomAuthenticationretrieve the current username (subjectId) from the request object.- Specified by:
retrieveLoggedInSubjectIdin interfaceWsCustomAuthentication- Returns:
- the logged in username (subjectId)
- Throws:
WsInvalidQueryException- if there is a problemRuntimeException- See Also:
-
authenticateKerberos
see if a user and pass are correct with berberos- Parameters:
principal-password-- Returns:
- true for ok, false for not
-