The list of methods to do Security are organized into topic(s).
void
addLoginCallbackMessage(Callback[] callbacks, String userId, String password) add Login Callback Message
int i = 0;
try {
for (i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
nc.setName(userId);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
...
boolean
canGetSubject() Test whether the caller has AuthPermission("getSubject").
try {
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new AuthPermission("getSubject"));
return true;
} catch (SecurityException e) {
return false;
void
checkDoAsPermission() check Do As Permission
SecurityManager manager = System.getSecurityManager();
if (manager != null) {
manager.checkPermission(DO_AS_PERMISSION);
boolean
checkPolicy(int flags, Map props) Determines whether a mechanism's characteristics, as defined in flags, fits the security policy properties found in props.
if (props == null) {
return true;
if ("true".equalsIgnoreCase((String) props.get(Sasl.POLICY_NOPLAINTEXT)) && (flags & NOPLAINTEXT) == 0) {
return false;
if ("true".equalsIgnoreCase((String) props.get(Sasl.POLICY_NOACTIVE)) && (flags & NOACTIVE) == 0) {
return false;
...
KerberosTicket
cloneKerberosTicket(KerberosTicket kerberosTicket) clone Kerberos Ticket
if (kerberosTicket != null) {
try {
return (deserializeKerberosTicket(serializeKerberosTicket(kerberosTicket)));
} catch (Exception e) {
throw new RuntimeException("Failed to clone KerberosTicket TGT!!", e);
return null;
...
String
convertLegacyToRFC2253(String dn) convert Legacy To RFC
int i = dn.toLowerCase().indexOf(" e=");
if (i < 0)
i = dn.toLowerCase().indexOf(",e=");
if (i > 0) {
dn = dn.substring(0, ++i) + "EMAILADDRESS" + dn.substring(++i);
return new X500Principal(dn).getName(X500Principal.RFC2253);
KerberosTicket
credsToTicket(Credentials serviceCreds) creds To Ticket
EncryptionKey sessionKey = serviceCreds.getSessionKey();
return new KerberosTicket(serviceCreds.getEncoded(),
new KerberosPrincipal(serviceCreds.getClient().getName()),
new KerberosPrincipal(serviceCreds.getServer().getName(), KerberosPrincipal.KRB_NT_SRV_INST),
sessionKey.getBytes(), sessionKey.getEType(), serviceCreds.getFlags(), serviceCreds.getAuthTime(),
serviceCreds.getStartTime(), serviceCreds.getEndTime(), serviceCreds.getRenewTill(),
serviceCreds.getClientAddresses());
String[]
filterMechs(String[] mechs, int[] policies, Map props) Given a list of mechanisms and their characteristics, select the subset that conforms to the policies defined in props.
if (props == null) {
return mechs.clone();
boolean[] passed = new boolean[mechs.length];
int count = 0;
for (int i = 0; i < mechs.length; i++) {
if (passed[i] = checkPolicy(policies[i], props)) {
++count;
...