Overview Package Class Use Tree Deprecated Index Help

Prev Class Next Class Frames NoFrames All Classes

Summary: Nested Field Constr Method Detail: Field Constr Method

javax.security.auth.kerberos

Class KerberosTicket

public class KerberosTicket extends Object implements Destroyable, Serializable, Refreshable

This class represents a Kerberos ticket. See the Kerberos authentication RFC for more information: RFC 1510.

Since: 1.4

Constructor Summary
KerberosTicket(byte[] asn1Encoding, KerberosPrincipal client, KerberosPrincipal server, byte[] key, int type, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] clientAddresses)
Create a new ticket given all the facts about it.
Method Summary
voiddestroy()
Destroy this ticket.
DategetAuthTime()
Return the authentication time for this ticket.
KerberosPrincipalgetClient()
Return the client principal for this ticket.
InetAddress[]getClientAddresses()
Return the allowable client addresses for this ticket.
byte[]getEncoded()
Return the encoded form of this ticket.
DategetEndTime()
Return the end time for this ticket.
boolean[]getFlags()
Return the flags for this ticket as a boolean array.
DategetRenewTill()
Return the renewal time for this ticket.
KerberosPrincipalgetServer()
Return the server principal for this ticket.
SecretKeygetSessionKey()
Return the secret key associated with this ticket.
DategetStartTime()
Return the start time for this ticket.
booleanisCurrent()
Return true if the ticket is currently valid.
booleanisDestroyed()
Return true if this ticket has been destroyed.
booleanisForwardable()
Return true if this ticket is forwardable.
booleanisForwarded()
Return true if this ticket has been forwarded.
booleanisInitial()
Return true if this ticket was granted by an application server, and not via a ticket-granting ticket.
booleanisPostdated()
Return true if this ticket was post-dated.
booleanisProxiable()
Return true if this ticket is proxiable.
booleanisProxy()
Return true if this ticket is a proxy ticket.
booleanisRenewable()
Return true if this ticket is renewable.
voidrefresh()
If the ticket is renewable, and the renewal time has not yet elapsed, attempt to renew the ticket.
StringtoString()

Constructor Detail

KerberosTicket

public KerberosTicket(byte[] asn1Encoding, KerberosPrincipal client, KerberosPrincipal server, byte[] key, int type, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] clientAddresses)
Create a new ticket given all the facts about it. Note that flags may be null or "short"; any flags not specified will be taken to be false. If the key is not renewable, then renewTill may be null. If authTime is null, then it is taken to be the same as startTime. If clientAddresses is null, then the ticket can be used anywhere.

Parameters: asn1Encoding the contents of the ticket, as ASN1 client the client principal server the server principal key the contents of the session key type the type of the key flags an array of flags, as specified by the RFC authTime when the client was authenticated startTime starting time at which the ticket is valid endTime ending time, after which the ticket is invalid renewTill for a rewewable ticket, the time before which it must be renewed clientAddresses a possibly-null array of addresses where this ticket may be used

Method Detail

destroy

public void destroy()
Destroy this ticket. This discards secret information. After this method is called, other methods will throw IllegalStateException.

getAuthTime

public final Date getAuthTime()
Return the authentication time for this ticket.

getClient

public final KerberosPrincipal getClient()
Return the client principal for this ticket.

getClientAddresses

public final InetAddress[] getClientAddresses()
Return the allowable client addresses for this ticket. This will return null if the ticket can be used anywhere.

getEncoded

public final byte[] getEncoded()
Return the encoded form of this ticket.

getEndTime

public final Date getEndTime()
Return the end time for this ticket.

getFlags

public final boolean[] getFlags()
Return the flags for this ticket as a boolean array. See the RFC to understand what the different entries mean.

getRenewTill

public final Date getRenewTill()
Return the renewal time for this ticket. For a non-renewable ticket, this will return null.

getServer

public final KerberosPrincipal getServer()
Return the server principal for this ticket.

getSessionKey

public final SecretKey getSessionKey()
Return the secret key associated with this ticket.

getStartTime

public final Date getStartTime()
Return the start time for this ticket.

isCurrent

public boolean isCurrent()
Return true if the ticket is currently valid. This is true if the system time is between the ticket's start and end times.

isDestroyed

public boolean isDestroyed()
Return true if this ticket has been destroyed.

isForwardable

public final boolean isForwardable()
Return true if this ticket is forwardable.

isForwarded

public final boolean isForwarded()
Return true if this ticket has been forwarded.

isInitial

public final boolean isInitial()
Return true if this ticket was granted by an application server, and not via a ticket-granting ticket.

isPostdated

public final boolean isPostdated()
Return true if this ticket was post-dated.

isProxiable

public final boolean isProxiable()
Return true if this ticket is proxiable.

isProxy

public final boolean isProxy()
Return true if this ticket is a proxy ticket.

isRenewable

public final boolean isRenewable()
Return true if this ticket is renewable.

refresh

public void refresh()
If the ticket is renewable, and the renewal time has not yet elapsed, attempt to renew the ticket.

Throws: RefreshFailedException if the renewal fails for any reason

toString

public String toString()

Overview Package Class Use Tree Deprecated Index Help

Prev Class Next Class Frames NoFrames All Classes

Summary: Nested Field Constr Method Detail: Field Constr Method