Class GSSCredentialSecurityFactory.Builder
- java.lang.Object
-
- org.wildfly.security.mechanism.gssapi.GSSCredentialSecurityFactory.Builder
-
- Enclosing class:
- GSSCredentialSecurityFactory
public static class GSSCredentialSecurityFactory.Builder extends Object
A builder for GSS credential security factories.
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description GSSCredentialSecurityFactory.Builder
addMechanismOid(Oid oid)
Add anOid
for a mechanism theGSSCredential
should be usable with.SecurityFactory<GSSKerberosCredential>
build()
Construct a newGSSKerberosCredential
security factory instance.GSSCredentialSecurityFactory.Builder
setCheckKeyTab(boolean value)
Set if keytab file existence and principal presence in it should be checked on factory build.GSSCredentialSecurityFactory.Builder
setDebug(boolean debug)
Set if debug logging should be enabled for the JAAS authentication portion of obtaining theGSSCredential
GSSCredentialSecurityFactory.Builder
setFailCache(long seconds)
Set amount of seconds before new try to obtainGSSCredential
should be done if it has failed last time.GSSCredentialSecurityFactory.Builder
setIsServer(boolean isServer)
Set if the credential returned from the factory is representing the server side of the connection.GSSCredentialSecurityFactory.Builder
setKeyTab(File keyTab)
Set the keytab file to obtain the identity.GSSCredentialSecurityFactory.Builder
setMinimumRemainingLifetime(int minimumRemainingLifetime)
Once the factory has been called once it will cache the resultingGSSCredential
, this setting defines how much life it must have left in seconds for it to be re-used.GSSCredentialSecurityFactory.Builder
setObtainKerberosTicket(boolean obtainKerberosTicket)
Set if the KerberosTicket should also be obtained and associated with the Credential/GSSCredentialSecurityFactory.Builder
setOptions(Map<String,Object> options)
Set other configuration options forKrb5LoginModule
GSSCredentialSecurityFactory.Builder
setPrincipal(String principal)
Set the principal name for the initial authentication from the KeyTab.GSSCredentialSecurityFactory.Builder
setRequestLifetime(int requestLifetime)
Set the lifetime to request newly created credentials are valid for.GSSCredentialSecurityFactory.Builder
setWrapGssCredential(boolean value)
Set if the constructedGSSCredential
should be wrapped to prevent improper credential disposal or not.
-
-
-
Method Detail
-
setKeyTab
public GSSCredentialSecurityFactory.Builder setKeyTab(File keyTab)
Set the keytab file to obtain the identity.- Parameters:
keyTab
- the keytab file to obtain the identity.- Returns:
this
to allow chaining.
-
setIsServer
public GSSCredentialSecurityFactory.Builder setIsServer(boolean isServer)
Set if the credential returned from the factory is representing the server side of the connection.- Parameters:
isServer
- is the credential returned from the factory is representing the server side of the connection.- Returns:
this
to allow chaining.
-
setObtainKerberosTicket
public GSSCredentialSecurityFactory.Builder setObtainKerberosTicket(boolean obtainKerberosTicket)
Set if the KerberosTicket should also be obtained and associated with the Credential/- Parameters:
obtainKerberosTicket
- if the KerberosTicket should also be obtained and associated with the Credential/- Returns:
this
to allow chaining.
-
setMinimumRemainingLifetime
public GSSCredentialSecurityFactory.Builder setMinimumRemainingLifetime(int minimumRemainingLifetime)
Once the factory has been called once it will cache the resultingGSSCredential
, this setting defines how much life it must have left in seconds for it to be re-used.- Parameters:
minimumRemainingLifetime
- the time in seconds of life aGSSCredential
must have to be re-used.- Returns:
this
to allow chaining.
-
setRequestLifetime
public GSSCredentialSecurityFactory.Builder setRequestLifetime(int requestLifetime)
Set the lifetime to request newly created credentials are valid for.- Parameters:
requestLifetime
- the lifetime to request newly created credentials are valid for.- Returns:
this
to allow chaining.
-
addMechanismOid
public GSSCredentialSecurityFactory.Builder addMechanismOid(Oid oid)
Add anOid
for a mechanism theGSSCredential
should be usable with.- Parameters:
oid
- theOid
for the mechanism theGSSCredential
should be usable with.- Returns:
this
to allow chaining.
-
setPrincipal
public GSSCredentialSecurityFactory.Builder setPrincipal(String principal)
Set the principal name for the initial authentication from the KeyTab.- Parameters:
principal
- the principal name for the initial authentication from the KeyTab.- Returns:
this
to allow chaining.
-
setDebug
public GSSCredentialSecurityFactory.Builder setDebug(boolean debug)
Set if debug logging should be enabled for the JAAS authentication portion of obtaining theGSSCredential
- Parameters:
debug
- if debug logging should be enabled for the JAAS authentication portion of obtaining theGSSCredential
- Returns:
this
to allow chaining.
-
setWrapGssCredential
public GSSCredentialSecurityFactory.Builder setWrapGssCredential(boolean value)
Set if the constructedGSSCredential
should be wrapped to prevent improper credential disposal or not.- Parameters:
value
-true
if the constructedGSSCredential
should be wrapped;false
otherwise.- Returns:
this
to allow chaining.
-
setCheckKeyTab
public GSSCredentialSecurityFactory.Builder setCheckKeyTab(boolean value)
Set if keytab file existence and principal presence in it should be checked on factory build.- Parameters:
value
-true
if keytab file should be checked;false
otherwise.- Returns:
this
to allow chaining.
-
setOptions
public GSSCredentialSecurityFactory.Builder setOptions(Map<String,Object> options)
Set other configuration options forKrb5LoginModule
- Parameters:
options
- the configuration options which will be appended to options passed intoKrb5LoginModule
- Returns:
this
to allow chaining.
-
setFailCache
public GSSCredentialSecurityFactory.Builder setFailCache(long seconds)
Set amount of seconds before new try to obtainGSSCredential
should be done if it has failed last time. Allows to prevent long waiting to unavailable KDC on every authentication.- Parameters:
seconds
- amount of seconds to cache fail state of the credential factory; 0 if the cache should not be used.- Returns:
this
to allow chaining.
-
build
public SecurityFactory<GSSKerberosCredential> build() throws IOException
Construct a newGSSKerberosCredential
security factory instance.- Returns:
- the built factory instance
- Throws:
IOException
- when unable to use given KeyTab
-
-