Class GSSAcceptorLoginModule

java.lang.Object
net.shibboleth.idp.authn.spnego.impl.GSSAcceptorLoginModule

public class GSSAcceptorLoginModule
extends Object
Kerberos login utility for the context acceptor, encapsulates a number of special options used to create a security context for the GSS acceptor, usually based on a keytab file.
  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.
    • krbModule

      @Nullable private LoginModule krbModule
      The JAAS login module to use.
    • state

      @Nonnull private Map<String,​String> state
      Hashtable to hold state of the JAAS login module.
    • options

      @Nonnull private Map<String,​String> options
      Options for the JAAS login module.
    • realm

      @Nonnull private KerberosRealmSettings realm
      The realm settings.
  • Constructor Details

    • GSSAcceptorLoginModule

      public GSSAcceptorLoginModule​(@Nonnull KerberosRealmSettings realmSettings, boolean refreshKrb5Config, @Nonnull @NotEmpty String loginModuleClassName)
      Constructor.
      Parameters:
      realmSettings - the settings of the realm
      refreshKrb5Config - whether to set the JAAS login module's option "refreshKrb5Config"
      loginModuleClassName - the JAAS login module to use
  • Method Details

    • login

      public Subject login() throws LoginException
      Execute the login and return a Subject for the acceptor identity.
      Returns:
      the GSS acceptor Subject
      Throws:
      LoginException - if an error occurs
    • logout

      public void logout() throws LoginException
      Perform a JAAS logout.
      Throws:
      LoginException - if an error occurs