edu.internet2.middleware.grouper.ws.security
Class WsGrouperKerberosAuthentication
java.lang.Object
edu.internet2.middleware.grouper.ws.security.WsGrouperKerberosAuthentication
- All Implemented Interfaces:
- WsCustomAuthentication
public class WsGrouperKerberosAuthentication
- extends java.lang.Object
- implements WsCustomAuthentication
basic kerberos authentication for grouper, settings are specified in grouper-ws.properties
note: this can be used for rest and soap, though it is not a bastion of security:
1. for soap, ws-security would be better since a ticket is passed instead of user/pass
2. for rest, Im not sure there is another option
3. the user/pass is transmitted in basic auth, so make sure SSL is on
4. passing the user/pass is not how kerberos should work since kerberos passes tickets and not passes
5. the user is authenticated to the kdc, but an ssl service is not invoked, which would be the next
level of verification since it might be possible for the kdc to be spoofed to the grouper-ws
Method Summary |
static boolean |
authenticateKerberos(java.lang.String principal,
java.lang.String password)
see if a user and pass are correct with berberos |
static void |
main(java.lang.String[] args)
|
java.lang.String |
retrieveLoggedInSubjectId(HttpServletRequest httpServletRequest)
retrieve the current username (subjectId) from the request object. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
WsGrouperKerberosAuthentication
public WsGrouperKerberosAuthentication()
main
public static void main(java.lang.String[] args)
throws java.lang.Exception
- Parameters:
args
-
- Throws:
java.lang.Exception
retrieveLoggedInSubjectId
public java.lang.String retrieveLoggedInSubjectId(HttpServletRequest httpServletRequest)
throws java.lang.RuntimeException
- Description copied from interface:
WsCustomAuthentication
- retrieve the current username (subjectId) from the request object.
- Specified by:
retrieveLoggedInSubjectId
in interface WsCustomAuthentication
- Returns:
- the logged in username (subjectId)
- Throws:
WsInvalidQueryException
- if there is a problem
java.lang.RuntimeException
- See Also:
WsCustomAuthentication.retrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest)
authenticateKerberos
public static boolean authenticateKerberos(java.lang.String principal,
java.lang.String password)
- see if a user and pass are correct with berberos
- Parameters:
principal
- password
-
- Returns:
- true for ok, false for not