Package net.jini.jeri.kerberos

Provides implementations of Endpoint and ServerEndpoint that use Kerberos as the underlying network security protocol to support security related invocation constraints for remote requests.

See: Description

Class Summary

Class	Description
KerberosEndpoint	An Endpoint implementation that uses Kerberos as the underlying network security protocol to support security related invocation constraints its caller specified for the corresponding remote request.
KerberosServerEndpoint	A ServerEndpoint implementation that uses Kerberos as the underlying network security protocol to support security related invocation constraints for remote requests.
KerberosTrustVerifier	Trust verifier for verifying the Jini extensible remote invocation (Jini ERI) endpoints of type KerberosEndpoint, and principals of type KerberosPrincipal.

Package net.jini.jeri.kerberos Description

Provides implementations of Endpoint and ServerEndpoint that use Kerberos as the underlying network security protocol to support security related invocation constraints for remote requests. The ServerEndpoint abstraction is implemented by the KerberosServerEndpoint, while the client side Endpoint abstraction is implemented by the KerberosEndpoint.

The package also includes the KerberosTrustVerifier for establishing trust in remote proxies that use instances of the KerberosEndpoint, as well as principals of type KerberosPrincipal.

This class uses the Jini extensible remote invocation (Jini ERI) multiplexing protocol to map outgoing requests to the underlying secure connection streams.

The secure connection streams in this provider are implemented using the Kerberos Version 5 GSS-API Mechanism, defined in RFC 1964, over socket connections between client and server endpoints.

Note that, because Kerberos inherently requires client authentication, this transport provider does not support distributed garbage collection (DGC); if DGC is enabled using BasicJeriExporter, all DGC remote calls through this provider will silently fail.

Supported Constraints

The endpoint classes in this package support at least the following standard constraints:

• Integrity.YES
• Confidentiality
• ClientAuthentication.YES
• ConnectionAbsoluteTime
• ConnectionRelativeTime, trivially on the server side, since this only takes effect on the client side
• ServerAuthentication.YES
• ClientMaxPrincipal, when it contains at least one KerberosPrincipal
• ClientMaxPrincipalType, when it contains the KerberosPrincipal class
• ClientMinPrincipal, when it contains exactly one KerberosPrincipal
• ClientMinPrincipalType, when it contains only the KerberosPrincipal class
• ServerMinPrincipal, when it contains exactly one KerberosPrincipal
• Delegation
• ConstraintAlternatives, if the elements all have the same actual class and at least one element is supported

Since:

2.0

Version:

2.0