Package org.wildfly.security.mechanism.gssapi

Class GSSCredentialSecurityFactory.Builder

java.lang.Object
org.wildfly.security.mechanism.gssapi.GSSCredentialSecurityFactory.Builder
Enclosing class:
GSSCredentialSecurityFactory
public static class GSSCredentialSecurityFactory.Builder extends Object
A builder for GSS credential security factories.

  • Method Details

    • setKeyTab

      public GSSCredentialSecurityFactory.Builder setKeyTab(File keyTab)
      Set the keytab file to obtain the identity.
      Parameters:
      keyTab - the keytab file to obtain the identity.
      Returns:
      this to allow chaining.

    • setIsServer

      public GSSCredentialSecurityFactory.Builder setIsServer(boolean isServer)
      Set if the credential returned from the factory is representing the server side of the connection.
      Parameters:
      isServer - is the credential returned from the factory is representing the server side of the connection.
      Returns:
      this to allow chaining.

    • setObtainKerberosTicket

      public GSSCredentialSecurityFactory.Builder setObtainKerberosTicket(boolean obtainKerberosTicket)
      Set if the KerberosTicket should also be obtained and associated with the Credential.
      Parameters:
      obtainKerberosTicket - if the KerberosTicket should also be obtained and associated with the Credential.
      Returns:
      this to allow chaining.

    • setMinimumRemainingLifetime

      public GSSCredentialSecurityFactory.Builder setMinimumRemainingLifetime(int minimumRemainingLifetime)
      Once the factory has been called once it will cache the resulting GSSCredential, this setting defines how much life it must have left in seconds for it to be re-used.
      Parameters:
      minimumRemainingLifetime - the time in seconds of life a GSSCredential must have to be re-used.
      Returns:
      this to allow chaining.

    • setRequestLifetime

      public GSSCredentialSecurityFactory.Builder setRequestLifetime(int requestLifetime)
      Set the lifetime to request newly created credentials are valid for.
      Parameters:
      requestLifetime - the lifetime to request newly created credentials are valid for.
      Returns:
      this to allow chaining.

    • addMechanismOid

      public GSSCredentialSecurityFactory.Builder addMechanismOid(Oid oid)
      Add an Oid for a mechanism the GSSCredential should be usable with.
      Parameters:
      oid - the Oid for the mechanism the GSSCredential should be usable with.
      Returns:
      this to allow chaining.

    • setPrincipal

      public GSSCredentialSecurityFactory.Builder setPrincipal(String principal)
      Set the principal name for the initial authentication from the KeyTab.
      Parameters:
      principal - the principal name for the initial authentication from the KeyTab.
      Returns:
      this to allow chaining.

    • setDebug

      public GSSCredentialSecurityFactory.Builder setDebug(boolean debug)
      Set if debug logging should be enabled for the JAAS authentication portion of obtaining the GSSCredential.
      Parameters:
      debug - if debug logging should be enabled for the JAAS authentication portion of obtaining the GSSCredential
      Returns:
      this to allow chaining.

    • setWrapGssCredential

      public GSSCredentialSecurityFactory.Builder setWrapGssCredential(boolean value)
      Set if the constructed GSSCredential should be wrapped to prevent improper credential disposal or not.
      Parameters:
      value - true if the constructed GSSCredential should be wrapped; false otherwise.
      Returns:
      this to allow chaining.

    • setCheckKeyTab

      public GSSCredentialSecurityFactory.Builder setCheckKeyTab(boolean value)
      Set if keytab file existence and principal presence in it should be checked on factory build.
      Parameters:
      value - true if keytab file should be checked; false otherwise.
      Returns:
      this to allow chaining.

    • setOptions

      public GSSCredentialSecurityFactory.Builder setOptions(Map<String,Object> options)
      Set other configuration options for Krb5LoginModule.
      Parameters:
      options - the configuration options which will be appended to options passed into Krb5LoginModule
      Returns:
      this to allow chaining.

    • setFailCache

      public GSSCredentialSecurityFactory.Builder setFailCache(long seconds)
      Set amount of seconds before new try to obtain GSSCredential should be done if it has failed last time. Allows to prevent long waiting to unavailable KDC on every authentication.
      Parameters:
      seconds - amount of seconds to cache fail state of the credential factory; 0 if the cache should not be used.
      Returns:
      this to allow chaining.

    • build

      public SecurityFactory<GSSKerberosCredential> build() throws IOException
      Construct a new GSSKerberosCredential security factory instance.
      Returns:
      the built factory instance
      Throws:
      IOException - when unable to use given KeyTab