Package com.kerb4j.client
Class SpnegoHttpURLConnection
java.lang.Object
com.kerb4j.client.SpnegoHttpURLConnection
This Class may be used by custom clients as a convenience when connecting
to a protected HTTP server.
This mechanism is an alternative to HTTP Basic Authentication where the HTTP server does not support Basic Auth but instead has SPNEGO support
A krb5.conf and a login.conf is required when using this class. Take a look at the spnego.sourceforge.net documentation for an example krb5.conf file. Also, you must provide a keytab file, or a username and password, or allowtgtsessionkey.
Example usage (username/password):
public static void main(final String[] args) throws Exception {
System.setProperty("java.security.krb5.conf", "krb5.conf");
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.auth.login.config", "login.conf");
SpnegoHttpURLConnection spnego = null;
try {
spnego = new SpnegoHttpURLConnection("spnego-client", "dfelix", "myp@s5");
spnego.connect(new URL("http://medusa:8080/index.jsp"));
System.out.println(spnego.getResponseCode());
} finally {
if (null != spnego) {
spnego.disconnect();
}
}
}
Alternatively, if the server supports HTTP Basic Authentication, this Class is NOT needed and instead you can do something like the following:
public static void main(final String[] args) throws Exception {
final String creds = "dfelix:myp@s5";
final String token = Base64.encodeImpl(creds.getBytes());
URL url = new URL("http://medusa:8080/index.jsp");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestProperty(Constants.AUTHZ_HEADER
, Constants.BASIC_HEADER + " " + token);
conn.connect();
System.out.println("Response Code:" + conn.getResponseCode());
}
To see a working example and instructions on how to use a keytab, take a look at the creating a client keytab example.
- Author:
- Darwin V. Felix
-
Constructor Summary
ConstructorsConstructorDescriptionSpnegoHttpURLConnection(SpnegoClient spnegoClient) SpnegoHttpURLConnection(String loginModuleName) Deprecated.SpnegoHttpURLConnection(String loginModuleName, String username, String password) Deprecated. -
Method Summary
Modifier and TypeMethodDescriptionvoidaddRequestProperty(String key, String value) Adds an HTTP Request property.Opens a communications link to the resource referenced by this URL, if such a connection has not already been established.connect(URL url, ByteArrayOutputStream dooutput) Opens a communications link to the resource referenced by this URL, if such a connection has not already been established.voidLogout and clear request properties.Returns an error stream that reads from this open connection.getHeaderField(int index) Get header value at specified index.getHeaderField(String name) Get header value by header name.getHeaderFieldKey(int index) Get header field key at specified index.Returns an input stream that reads from this open connection.Returns an output stream that writes to this open connection.intReturns HTTP Status code.Returns HTTP Status message.booleanReturns true if GSSContext has been established.voidrequestCredDeleg(boolean requestDelegation) Request that this GSSCredential be allowed for delegation.voidsetRequestMethod(String method) May override the default GET method.voidsetRequestProperty(String key, String value) Sets an HTTP Request property.
-
Constructor Details
-
SpnegoHttpURLConnection
Deprecated.Creates an instance where the LoginContext relies on a keytab file being specified by "java.security.auth.login.config" or where LoginContext relies on tgtsessionkey.- Parameters:
loginModuleName- loginModuleName- Throws:
LoginException- LoginException
-
SpnegoHttpURLConnection
@Deprecated public SpnegoHttpURLConnection(String loginModuleName, String username, String password) throws LoginException Deprecated.Creates an instance where the LoginContext does not require a keytab file. However, the "java.security.auth.login.config" property must still be set prior to instantiating this object.- Parameters:
loginModuleName- loginModuleNameusername- usernamepassword- password- Throws:
LoginException- LoginException
-
SpnegoHttpURLConnection
-
-
Method Details
-
connect
public HttpURLConnection connect(URL url) throws GSSException, PrivilegedActionException, IOException Opens a communications link to the resource referenced by this URL, if such a connection has not already been established.This implementation simply calls this objects connect(URL, ByteArrayOutputStream) method but passing in a null for the second argument.
- Parameters:
url- url- Returns:
- an HttpURLConnection object
- Throws:
GSSException- GSSExceptionPrivilegedActionException- PrivilegedActionExceptionIOException- IOException- See Also:
-
connect
public HttpURLConnection connect(URL url, ByteArrayOutputStream dooutput) throws GSSException, PrivilegedActionException, IOException Opens a communications link to the resource referenced by this URL, if such a connection has not already been established.- Parameters:
url- target URLdooutput- optional message/payload to send to server- Returns:
- an HttpURLConnection object
- Throws:
GSSException- GSSExceptionPrivilegedActionException- PrivilegedActionExceptionIOException- IOException- See Also:
-
disconnect
public void disconnect()Logout and clear request properties.- See Also:
-
isContextEstablished
public boolean isContextEstablished()Returns true if GSSContext has been established.- Returns:
- true if GSSContext has been established, false otherwise.
-
addRequestProperty
Adds an HTTP Request property.- Parameters:
key- request property namevalue- request propery value- See Also:
-
setRequestProperty
Sets an HTTP Request property.- Parameters:
key- request property namevalue- request property value- See Also:
-
getErrorStream
Returns an error stream that reads from this open connection.- Returns:
- error stream that reads from this open connection
- Throws:
IOException- IOException- See Also:
-
getHeaderField
Get header value at specified index.- Parameters:
index- index- Returns:
- header value at specified index
-
getHeaderField
Get header value by header name.- Parameters:
name- name header- Returns:
- header value
- See Also:
-
getHeaderFieldKey
Get header field key at specified index.- Parameters:
index- index- Returns:
- header field key at specified index
-
getInputStream
Returns an input stream that reads from this open connection.- Returns:
- input stream that reads from this open connection
- Throws:
IOException- IOException- See Also:
-
getOutputStream
Returns an output stream that writes to this open connection.- Returns:
- output stream that writes to this connections
- Throws:
IOException- IOException- See Also:
-
getResponseCode
Returns HTTP Status code.- Returns:
- HTTP Status Code
- Throws:
IOException- IOException- See Also:
-
getResponseMessage
Returns HTTP Status message.- Returns:
- HTTP Status Message
- Throws:
IOException- IOException- See Also:
-
requestCredDeleg
public void requestCredDeleg(boolean requestDelegation) Request that this GSSCredential be allowed for delegation.- Parameters:
requestDelegation- true to allow/request delegation
-
setRequestMethod
May override the default GET method.- Parameters:
method- method- See Also:
-