View Javadoc

1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  package org.apache.http.impl.auth;
28  
29  import org.apache.http.Header;
30  import org.apache.http.HttpRequest;
31  import org.apache.http.annotation.NotThreadSafe;
32  import org.apache.http.auth.AuthenticationException;
33  import org.apache.http.auth.Credentials;
34  import org.apache.http.protocol.HttpContext;
35  import org.apache.http.util.Args;
36  import org.ietf.jgss.GSSException;
37  import org.ietf.jgss.Oid;
38  
39  /**
40   * KERBEROS authentication scheme.
41   *
42   * @since 4.2
43   */
44  @NotThreadSafe
45  public class KerberosScheme extends GGSSchemeBase {
46  
47      private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
48  
49      /**
50       * @since 4.4
51       */
52      public KerberosScheme(final boolean stripPort, final boolean useCanonicalHostname) {
53          super(stripPort, useCanonicalHostname);
54      }
55  
56      public KerberosScheme(final boolean stripPort) {
57          super(stripPort);
58      }
59  
60      public KerberosScheme() {
61          super();
62      }
63  
64      @Override
65      public String getSchemeName() {
66          return "Kerberos";
67      }
68  
69      /**
70       * Produces KERBEROS authorization Header based on token created by
71       * processChallenge.
72       *
73       * @param credentials not used by the KERBEROS scheme.
74       * @param request The request being authenticated
75       *
76       * @throws AuthenticationException if authentication string cannot
77       *   be generated due to an authentication failure
78       *
79       * @return KERBEROS authentication Header
80       */
81      @Override
82      public Header authenticate(
83              final Credentials credentials,
84              final HttpRequest request,
85              final HttpContext context) throws AuthenticationException {
86          return super.authenticate(credentials, request, context);
87      }
88  
89      @Override @SuppressWarnings("deprecation")
90      protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException {
91          return super.generateToken(input, authServer);
92      }
93  
94      @Override
95      protected byte[] generateToken(final byte[] input, final String authServer, final Credentials credentials) throws GSSException {
96          return generateGSSToken(input, new Oid(KERBEROS_OID), authServer, credentials);
97      }
98  
99      /**
100      * There are no valid parameters for KERBEROS authentication so this
101      * method always returns {@code null}.
102      *
103      * @return {@code null}
104      */
105     @Override
106     public String getParameter(final String name) {
107         Args.notNull(name, "Parameter name");
108         return null;
109     }
110 
111     /**
112      * The concept of an authentication realm is not supported by the Negotiate
113      * authentication scheme. Always returns {@code null}.
114      *
115      * @return {@code null}
116      */
117     @Override
118     public String getRealm() {
119         return null;
120     }
121 
122     /**
123      * Returns {@code true}. KERBEROS authentication scheme is connection based.
124      *
125      * @return {@code true}.
126      */
127     @Override
128     public boolean isConnectionBased() {
129         return true;
130     }
131 
132 }