|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
This interface encapsulates a single GSS-API principal entity. The application obtains an implementation of this interface through one of the createName methods that exist in the GSSManager class. Conceptually a GSSName contains many representations of the entity or many primitive name elements, one for each supported underlying mechanism. In GSS terminology, a GSSName that contains an element from just one mechanism is called a Mechanism Name (MN).
Since different authentication mechanisms may employ different namespaces for identifying their principals, GSS-API's naming support is necessarily complex in multi-mechanism environments (or even in some single-mechanism environments where the underlying mechanism supports multiple namespaces). Different name formats and their definitions are identified with Oid's and some standard types are defind in this interface. The format of the names can be derived based on the unique Oid of its name type.
Included below are code examples utilizing the GSSName interface. The code below creates a GSSName, converts it to an MN, performs a comparison, obtains a printable representation of the name, exports it to a byte array and then re-imports to obtain a new GSSName.
GSSManager manager = GSSManager.getInstance(); // create a host based service name GSSName name = manager.createName("service@host", GSSName.NT_HOSTBASED_SERVICE); Oid krb5 = new Oid("1.2.840.113554.1.2.2"); GSSName mechName = name.canonicalize(krb5); // the above two steps are equivalent to the following GSSName mechName = manager.createName("service@host", GSSName.NT_HOSTBASED_SERVICE, krb5); // perform name comparison if (name.equals(mechName)) print("Names are equals."); // obtain textual representation of name and its printable // name type print(mechName.toString() + mechName.getStringNameType().toString()); // export and re-import the name byte [] exportName = mechName.export(); // create a new name object from the exported buffer GSSName newName = manager.createName(exportName, GSSName.NT_EXPORT_NAME);
Normative reference:
rfc2853.txt (June 2000)
Field Summary | |
static Oid |
NT_ANONYMOUS
Name type for representing an anonymous entity. |
static Oid |
NT_EXPORT_NAME
Name type used to indicate an exported name produced by the export method. |
static Oid |
NT_HOSTBASED_SERVICE
Oid indicating a host-based service name form. |
static Oid |
NT_MACHINE_UID_NAME
Name type to indicate a numeric user identifier corresponding to a user on a local system. |
static Oid |
NT_STRING_UID_NAME
Name type to indicate a string of digits representing the numeric user identifier of a user on a local system. |
static Oid |
NT_USER_NAME
Name type to indicate a named user on a local system. |
Method Summary | |
GSSName |
canonicalize(Oid mech)
Creates a name that is canonicalized for some mechanism. |
boolean |
equals(GSSName another)
Compares two GSSName objects to determine if they refer to the same entity. |
boolean |
equals(Object another)
Compares this GSSName object to another Object that might be a GSSName. |
byte[] |
export()
Returns a canonical contiguous byte representation of a mechanism name (MN), suitable for direct, byte by byte comparison by authorization functions. |
Oid |
getStringNameType()
Returns the name type of the printable representation of this name that can be obtained from the toString method. |
int |
hashCode()
Returns a hashcode value for this GSSName. |
boolean |
isAnonymous()
Tests if this name object represents an anonymous entity. |
boolean |
isMN()
Tests if this name object represents a Mechanism Name (MN). |
String |
toString()
Returns a textual representation of the GSSName object. |
Field Detail |
public static final Oid NT_HOSTBASED_SERVICE
public static final Oid NT_USER_NAME
public static final Oid NT_MACHINE_UID_NAME
public static final Oid NT_STRING_UID_NAME
public static final Oid NT_ANONYMOUS
public static final Oid NT_EXPORT_NAME
Method Detail |
public boolean equals(GSSName another) throws GSSException
another
- the GSSName to compare this name with.public boolean equals(Object another)
another
- the object to compare this name to.public int hashCode()
public GSSName canonicalize(Oid mech) throws GSSException
mech
- the oid for the mechanism for which the canonical form of the
name is requested.public byte[] export() throws GSSException
Returns a canonical contiguous byte representation of a mechanism name (MN), suitable for direct, byte by byte comparison by authorization functions. If the name is not an MN, implementations may throw a GSSException with the NAME_NOT_MN status code. If an implementation chooses not to throw an exception, it should use some system specific default mechanism to canonicalize the name and then export it. Structurally, an exported name object consists of a header containing an OID identifying the mechanism that authenticated the name, and a trailer containing the name itself, where the syntax of the trailer is defined by the individual mechanism specification. The format of the header of the output buffer is specified in RFC 2743.
The exported name is useful when used in large access control lists where the overhead of creating a GSSName object on each name and invoking the equals method on each name from the ACL may be prohibitive.
Exported names may be re-imported by using the byte array factory method GSSManager.createName and specifying the NT_EXPORT_NAME as the name type object identifier. The resulting GSSName name will also be a MN.
public String toString()
public Oid getStringNameType() throws GSSException
public boolean isAnonymous()
public boolean isMN()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |