Endpoint
and ServerEndpoint
that use Kerberos as the underlying
network security protocol to support security related invocation
constraints for remote requests.See: Description
Class | Description |
---|---|
KerberosEndpoint |
An
Endpoint implementation that uses Kerberos as the
underlying network security protocol to support security related
invocation constraints its caller specified for the corresponding
remote request. |
KerberosServerEndpoint |
A
ServerEndpoint implementation that uses Kerberos as the
underlying network security protocol to support security related
invocation constraints for remote requests. |
KerberosTrustVerifier |
Trust verifier for verifying the Jini extensible remote
invocation (Jini ERI) endpoints of type
KerberosEndpoint ,
and principals of type KerberosPrincipal . |
Endpoint
and ServerEndpoint
that use Kerberos as the underlying
network security protocol to support security related invocation
constraints for remote requests. The ServerEndpoint
abstraction is implemented by the KerberosServerEndpoint
, while the client side
Endpoint
abstraction is implemented by the KerberosEndpoint
.
The package also includes the KerberosTrustVerifier
for establishing trust
in remote proxies that use instances of the
KerberosEndpoint
, as well as principals of type KerberosPrincipal
.
This class uses the Jini extensible remote invocation (Jini ERI) multiplexing protocol to map outgoing requests to the underlying secure connection streams.
The secure connection streams in this provider are implemented using the Kerberos Version 5 GSS-API Mechanism, defined in RFC 1964, over socket connections between client and server endpoints.
Note that, because Kerberos inherently requires client authentication,
this transport provider does not support distributed garbage collection
(DGC); if DGC is enabled using BasicJeriExporter
,
all DGC remote calls through this provider will silently fail.
Supported Constraints
The endpoint classes in this package support at least the following
standard constraints:
Integrity.YES
Confidentiality
ClientAuthentication.YES
ConnectionAbsoluteTime
ConnectionRelativeTime
, trivially
on the server side, since this only takes effect on the client side
ServerAuthentication.YES
ClientMaxPrincipal
, when it
contains at least one KerberosPrincipal
ClientMaxPrincipalType
, when
it contains the KerberosPrincipal
class
ClientMinPrincipal
, when it
contains exactly one KerberosPrincipal
ClientMinPrincipalType
, when
it contains only the KerberosPrincipal
class
ServerMinPrincipal
, when it
contains exactly one KerberosPrincipal
Delegation
ConstraintAlternatives
, if the
elements all have the same actual class and at least one
element is supported