Code Monkey home page Code Monkey logo

demo-kerberos-in-java's Introduction

Kerberos in Java - demo

This project contains several small applications which demonstrates using Kerberos in Java.

The project has following parts:

  • KDC server based on Apache Kerby;
  • JAAS authentication - using Krb5LoginModule;
  • GSS-API/Kerberos authentication in Hazelcast Enterprise;
  • GSS-API/Kerberos Client/Server application with message protection.

Simple KDC

Package: cz.cacek.kerberos.kdc

Apache Kerby allows to simply configure and run embedded KDC.

See KerbyServerMain.java. When it's launched it regenerates krb5.conf file and also creates the service.keytab if necessary.

JAAS authentication - Krb5LoginModule

Package: cz.cacek.kerberos.jaas

Simple applications InitiatorAuthenticationMain AcceptorAuthenticationMain shows how to work with Oracle/OpenJDK Krb5LoginModule implementation (com.sun.security.auth.module.Krb5LoginModule).

The JAAS login configuration is defined in jaas.conf file.

The InitiatorAuthenticationMain needs KDC server running as it asks for TGT from it. On the other hand, the AcceptorAuthenticationMain initializes secrets from the keytab and it doesn't communicate to the KDC.

GSS-API authentication in Hazelcast Enterprise

Package: cz.cacek.kerberos.hazelcast

This demo shows how to simply use standard API and plug Kerberos Single-sign-on into a JAAS-enabled application.

Hazelcast IMDG is an open-source in-memory data grid. One of its most typical use-cases is a distributed cache. Hazelcast Enterprise is a paid version which adds several important features (off-heap memory, security, hot restart, ...). Hazelcast Enterprise doesn't support Kerberos authentication (in 4.0-BETA-2 version), but it does support JAAS authentication.

The demo introduces a simple login module GssApiLoginModule which uses the GSS-API to accept Kerberos tokens. When the authentication passes, it fills JAAS Subject with Principal types required by Hazelcast.

The new login module is configured on Hazelcast servers (members) to authenticate client connections. See HazelcastServerMain.

Clients need to configure valid GSS-API/Kerberos token to authenticate the connection into the Hazelcast cluster. See HazelcastClientMain.

The JAAS login configuration for this demo is also defined in the jaas.conf file.

The KDC has to be running to test this demo.

GSS-API/Kerberos Client/Server echo application with message protection

Package: cz.cacek.kerberos.jgss

Client/server demo application, which is able to provide one-way or mutual GSS-API/Kerberos authentication and message encryption. See GSSTestServer and GSSTestServer.

The client needs the KDC running.

demo-kerberos-in-java's People

Contributors

kwart avatar dependabot[bot] avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.