2362N/A * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * The GSSUtilImplementation that knows how to work with the internals of 0N/A "auth.login.defaultCallbackHandler";
0N/A // NOTE: this method is only for creating Oid objects with 0N/A // known to be valid <code>oidStr</code> given it ignores 0N/A return "Kerberos V5";
0N/A * Note: The current impl only works with Sun's impl of 0N/A * GSSName and GSSCredential since it depends on package 0N/A debug(
"Created Subject with the following");
0N/A * Populates the set credentials with elements from gssCredentials. At 0N/A * the same time, it converts any subclasses of KerberosTicket 0N/A * into KerberosTicket instances and any subclasses of KerberosKey into 0N/A * KerberosKey instances. (It is not desirable to expose the customer 0N/A * to sun.security.jgss.krb5.Krb5InitCredential which extends 0N/A * KerberosTicket and sun.security.jgss.krb5.Kbr5AcceptCredential which 0N/A * extends KerberosKey.) 0N/A // Retrieve the internal cred out of SpNegoCredElement 0N/A (
"javax.security.auth.kerberos.KerberosTicket")) {
0N/A (
"javax.security.auth.kerberos.KerberosKey")) {
0N/A // Ignore non-KerberosTicket and non-KerberosKey elements 0N/A * Authenticate using the login module from the specified 0N/A * configuration entry. 0N/A * @param caller the caller of JAAS Login 0N/A * @param mech the mech to be used 0N/A * @return the authenticated subject 0N/A // get the default callback handler 0N/A // New instance of LoginConfigImpl must be created for each login, 0N/A // since the entry name is not passed as the first argument, but 0N/A // generated with caller and mech inside LoginConfigImpl 0N/A * Determines if the application doesn't mind if the mechanism obtains 0N/A * the required credentials from outside of the current Subject. Our 0N/A * Kerberos v5 mechanism would do a JAAS login on behalf of the 0N/A * application if this were the case. 0N/A * The application indicates this by explicitly setting the system 0N/A * property javax.security.auth.useSubjectCredsOnly to false. 0N/A // HTTP/SPNEGO doesn't use the standard JAAS framework. Instead, it 0N/A // uses the java.net.Authenticator style, therefore always return 0N/A * Don't use GetBooleanAction because the default value in the JRE 0N/A * (when this is unset) has to treated as true. 0N/A * This property has to be explicitly set to "false". Invalid 0N/A * values should be ignored and the default "true" assumed. 0N/A * Determines the SPNEGO interoperability mode with Microsoft; 0N/A * by default it is set to true. 0N/A * To disable it, the application indicates this by explicitly setting 0N/A * the system property sun.security.spnego.interop to false. 0N/A * Don't use GetBooleanAction because the default value in the JRE 0N/A * (when this is unset) has to treated as true. 0N/A * This property has to be explicitly set to "false". Invalid 0N/A * values should be ignored and the default "true" assumed. 0N/A * Searches the private credentials of current Subject with the 0N/A * specified criteria and returns the matching GSSCredentialSpi 0N/A * object out of Sun's impl of GSSCredential. Returns null if 0N/A * no Subject present or a Vector which contains 0 or more 0N/A * matching GSSCredentialSpi objects. 0N/A debug(
"Unexpected exception when searching Subject:");