- All Implemented Interfaces:
Serializable
,Principal
public final class KerberosPrincipal extends Object implements Principal, Serializable
- Since:
- 1.4
- See Also:
- Serialized Form
-
Field Summary
Fields Modifier and Type Field Description static int
KRB_NT_ENTERPRISE
Enterprise name (alias)static int
KRB_NT_PRINCIPAL
user principal name type.static int
KRB_NT_SRV_HST
service with host name as instance (telnet, rcommands) name type.static int
KRB_NT_SRV_INST
service and other unique instance (krbtgt) name type.static int
KRB_NT_SRV_XHST
service with host as remaining components name type.static int
KRB_NT_UID
unique ID name type.static int
KRB_NT_UNKNOWN
unknown name type. -
Constructor Summary
Constructors Constructor Description KerberosPrincipal(String name)
Constructs aKerberosPrincipal
from the provided string input.KerberosPrincipal(String name, int nameType)
Constructs aKerberosPrincipal
from the provided string and name type input. -
Method Summary
Modifier and Type Method Description boolean
equals(Object other)
Compares the specified object with this principal for equality.String
getName()
The returned string corresponds to the single-string representation of a Kerberos Principal name as specified in Section 2.1 of RFC 1964.int
getNameType()
Returns the name type of theKerberosPrincipal
.String
getRealm()
Returns the realm component of this Kerberos principal.int
hashCode()
Returns a hash code for thisKerberosPrincipal
.String
toString()
Returns an informative textual representation of thisKerberosPrincipal
.
-
Field Details
-
KRB_NT_UNKNOWN
public static final int KRB_NT_UNKNOWNunknown name type.- See Also:
- Constant Field Values
-
KRB_NT_PRINCIPAL
public static final int KRB_NT_PRINCIPALuser principal name type.- See Also:
- Constant Field Values
-
KRB_NT_SRV_INST
public static final int KRB_NT_SRV_INSTservice and other unique instance (krbtgt) name type.- See Also:
- Constant Field Values
-
KRB_NT_SRV_HST
public static final int KRB_NT_SRV_HSTservice with host name as instance (telnet, rcommands) name type.- See Also:
- Constant Field Values
-
KRB_NT_SRV_XHST
public static final int KRB_NT_SRV_XHSTservice with host as remaining components name type.- See Also:
- Constant Field Values
-
KRB_NT_UID
public static final int KRB_NT_UIDunique ID name type.- See Also:
- Constant Field Values
-
KRB_NT_ENTERPRISE
public static final int KRB_NT_ENTERPRISEEnterprise name (alias)- Since:
- 13
- See Also:
- Constant Field Values
-
-
Constructor Details
-
KerberosPrincipal
Constructs aKerberosPrincipal
from the provided string input. The name type for this principal defaults toKRB_NT_PRINCIPAL
This string is assumed to contain a name in the format that is specified in Section 2.1.1. (Kerberos Principal Name Form) of RFC 1964 (for example, duke@FOO.COM, where duke represents a principal, and FOO.COM represents a realm).If the input name does not contain a realm, the default realm is used. The default realm can be specified either in a Kerberos configuration file or via the
java.security.krb5.realm
system property. For more information, see the Kerberos Requirements.Note that when this class or any other Kerberos-related class is initially loaded and initialized, it may read and cache the default realm from the Kerberos configuration file or via the java.security.krb5.realm system property (the value will be empty if no default realm is specified), such that any subsequent calls to set or change the default realm by setting the java.security.krb5.realm system property may be ignored.
Additionally, if a security manager is installed, a
ServicePermission
must be granted and the service principal of the permission must minimally be inside theKerberosPrincipal
's realm. For example, if the result ofnew KerberosPrincipal("user")
isuser@EXAMPLE.COM
, then aServicePermission
with service principalhost/www.example.com@EXAMPLE.COM
(and any action) must be granted.- Parameters:
name
- the principal name- Throws:
IllegalArgumentException
- if name is improperly formatted, if name is null, or if name does not contain the realm to use and the default realm is not specified in either a Kerberos configuration file or via the java.security.krb5.realm system property.SecurityException
- if a security manager is installed andname
does not contain the realm to use, and a properServicePermission
as described above is not granted.
-
KerberosPrincipal
Constructs aKerberosPrincipal
from the provided string and name type input. The string is assumed to contain a name in the format that is specified in Section 2.1 (Mandatory Name Forms) of RFC 1964. Valid name types are specified in Section 6.2 (Principal Names) of RFC 4120. The input name must be consistent with the provided name type. (for example, duke@FOO.COM, is a valid input string for the name type, KRB_NT_PRINCIPAL where duke represents a principal, and FOO.COM represents a realm).If the input name does not contain a realm, the default realm is used. The default realm can be specified either in a Kerberos configuration file or via the
java.security.krb5.realm
system property. For more information, see the Kerberos Requirements.Note that when this class or any other Kerberos-related class is initially loaded and initialized, it may read and cache the default realm from the Kerberos configuration file or via the java.security.krb5.realm system property (the value will be empty if no default realm is specified), such that any subsequent calls to set or change the default realm by setting the java.security.krb5.realm system property may be ignored.
Additionally, if a security manager is installed, a
ServicePermission
must be granted and the service principal of the permission must minimally be inside theKerberosPrincipal
's realm. For example, if the result ofnew KerberosPrincipal("user")
isuser@EXAMPLE.COM
, then aServicePermission
with service principalhost/www.example.com@EXAMPLE.COM
(and any action) must be granted.- Parameters:
name
- the principal namenameType
- the name type of the principal- Throws:
IllegalArgumentException
- if name is improperly formatted, if name is null, if the nameType is not supported, or if name does not contain the realm to use and the default realm is not specified in either a Kerberos configuration file or via the java.security.krb5.realm system property.SecurityException
- if a security manager is installed andname
does not contain the realm to use, and a properServicePermission
as described above is not granted.
-
-
Method Details
-
getRealm
Returns the realm component of this Kerberos principal.- Returns:
- the realm component of this Kerberos principal.
-
hashCode
public int hashCode()Returns a hash code for thisKerberosPrincipal
. The hash code is defined to be the result of the following calculation:hashCode = getName().hashCode();
- Specified by:
hashCode
in interfacePrincipal
- Overrides:
hashCode
in classObject
- Returns:
- a hash code for this
KerberosPrincipal
. - See Also:
Object.equals(java.lang.Object)
,System.identityHashCode(java.lang.Object)
-
equals
Compares the specified object with this principal for equality. Returns true if the given object is also aKerberosPrincipal
and the twoKerberosPrincipal
instances are equivalent. More formally twoKerberosPrincipal
instances are equal if the values returned bygetName()
are equal. -
getName
The returned string corresponds to the single-string representation of a Kerberos Principal name as specified in Section 2.1 of RFC 1964. -
getNameType
public int getNameType()Returns the name type of theKerberosPrincipal
. Valid name types are specified in Section 6.2 of RFC4120.- Returns:
- the name type.
-
toString
Returns an informative textual representation of thisKerberosPrincipal
.
-