Package org.wildfly.security.mechanism.gssapi

Class GSSCredentialSecurityFactory.Builder

    • Field Detail

      • built

        private boolean built

      • mechanismOids

        private List<Oid> mechanismOids

      • principal

        private String principal

      • keyTab

        private File keyTab

      • isServer

        private boolean isServer

      • obtainKerberosTicket

        private boolean obtainKerberosTicket

      • minimumRemainingLifetime

        private int minimumRemainingLifetime

      • requestLifetime

        private int requestLifetime

      • debug

        private boolean debug

      • wrapGssCredential

        private boolean wrapGssCredential

      • checkKeyTab

        private boolean checkKeyTab

      • lastFailTime

        private volatile long lastFailTime

      • failCache

        private long failCache

    • Constructor Detail

      • Builder

        Builder()

    • Method Detail

      • setKeyTab

        public GSSCredentialSecurityFactory.Builder setKeyTab​(File keyTab)
        Set the keytab file to obtain the identity.
        Parameters:
        keyTab - the keytab file to obtain the identity.
        Returns:
        this to allow chaining.

      • setIsServer

        public GSSCredentialSecurityFactory.Builder setIsServer​(boolean isServer)
        Set if the credential returned from the factory is representing the server side of the connection.
        Parameters:
        isServer - is the credential returned from the factory is representing the server side of the connection.
        Returns:
        this to allow chaining.

      • setObtainKerberosTicket

        public GSSCredentialSecurityFactory.Builder setObtainKerberosTicket​(boolean obtainKerberosTicket)
        Set if the KerberosTicket should also be obtained and associated with the Credential/
        Parameters:
        obtainKerberosTicket - if the KerberosTicket should also be obtained and associated with the Credential/
        Returns:
        this to allow chaining.

      • setMinimumRemainingLifetime

        public GSSCredentialSecurityFactory.Builder setMinimumRemainingLifetime​(int minimumRemainingLifetime)
        Once the factory has been called once it will cache the resulting GSSCredential, this setting defines how much life it must have left in seconds for it to be re-used.
        Parameters:
        minimumRemainingLifetime - the time in seconds of life a GSSCredential must have to be re-used.
        Returns:
        this to allow chaining.

      • setRequestLifetime

        public GSSCredentialSecurityFactory.Builder setRequestLifetime​(int requestLifetime)
        Set the lifetime to request newly created credentials are valid for.
        Parameters:
        requestLifetime - the lifetime to request newly created credentials are valid for.
        Returns:
        this to allow chaining.

      • setPrincipal

        public GSSCredentialSecurityFactory.Builder setPrincipal​(String principal)
        Set the principal name for the initial authentication from the KeyTab.
        Parameters:
        principal - the principal name for the initial authentication from the KeyTab.
        Returns:
        this to allow chaining.

      • setDebug

        public GSSCredentialSecurityFactory.Builder setDebug​(boolean debug)
        Set if debug logging should be enabled for the JAAS authentication portion of obtaining the GSSCredential
        Parameters:
        debug - if debug logging should be enabled for the JAAS authentication portion of obtaining the GSSCredential
        Returns:
        this to allow chaining.

      • setWrapGssCredential

        public GSSCredentialSecurityFactory.Builder setWrapGssCredential​(boolean value)
        Set if the constructed GSSCredential should be wrapped to prevent improper credential disposal or not.
        Parameters:
        value - true if the constructed GSSCredential should be wrapped; false otherwise.
        Returns:
        this to allow chaining.

      • setCheckKeyTab

        public GSSCredentialSecurityFactory.Builder setCheckKeyTab​(boolean value)
        Set if keytab file existence and principal presence in it should be checked on factory build.
        Parameters:
        value - true if keytab file should be checked; false otherwise.
        Returns:
        this to allow chaining.

      • setOptions

        public GSSCredentialSecurityFactory.Builder setOptions​(Map<String,​Object> options)
        Set other configuration options for Krb5LoginModule
        Parameters:
        options - the configuration options which will be appended to options passed into Krb5LoginModule
        Returns:
        this to allow chaining.

      • setFailCache

        public GSSCredentialSecurityFactory.Builder setFailCache​(long seconds)
        Set amount of seconds before new try to obtain GSSCredential should be done if it has failed last time. Allows to prevent long waiting to unavailable KDC on every authentication.
        Parameters:
        seconds - amount of seconds to cache fail state of the credential factory; 0 if the cache should not be used.
        Returns:
        this to allow chaining.

      • doPrivileged

        private static <T> T doPrivileged​(PrivilegedAction<T> action)

      • assertNotBuilt

        private void assertNotBuilt()