/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* Configuration source file for confirming Kerberos server */ import com.sun.jini.example.hello.ConfirmingILFactory; import com.sun.jini.example.hello.ServerPermission; import java.security.Permission; import java.util.Collections; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.login.LoginContext; import net.jini.constraint.BasicMethodConstraints; import net.jini.core.constraint.ClientAuthentication; import net.jini.core.constraint.Integrity; import net.jini.core.constraint.InvocationConstraint; import net.jini.core.constraint.InvocationConstraints; import net.jini.core.constraint.ServerAuthentication; import net.jini.core.constraint.ServerMinPrincipal; import net.jini.discovery.LookupDiscovery; import net.jini.jeri.BasicJeriExporter; import net.jini.jeri.BasicILFactory; import net.jini.jeri.kerberos.KerberosServerEndpoint; import net.jini.security.AuthenticationPermission; import net.jini.security.BasicProxyPreparer; import net.jini.security.proxytrust.ProxyTrustExporter; com.sun.jini.example.hello.Server { /* JAAS login */ loginContext = new LoginContext("com.sun.jini.example.hello.Server"); /* Identify principals */ private static serverUser = Collections.singleton( new KerberosPrincipal("${serverPrincipal}")); private static reggieUser = Collections.singleton( new KerberosPrincipal("${reggiePrincipal}")); /* Exporter for the server proxy */ exporter = /* Use proxy trust exporter */ new ProxyTrustExporter( /* main exporter */ new BasicJeriExporter( /* Use Kerberos transport */ KerberosServerEndpoint.getInstance(0), /* Confirm calls */ new ConfirmingILFactory( /* Require integrity for all methods */ new BasicMethodConstraints( new InvocationConstraints(Integrity.YES, null)), /* Require ServerPermission */ ServerPermission.class)), /* bootstrap exporter */ new BasicJeriExporter( /* Use Kerberos transport */ KerberosServerEndpoint.getInstance(0), new BasicILFactory( /* Require integrity for all methods */ new BasicMethodConstraints( new InvocationConstraints(Integrity.YES, null)), /* Require ServerPermission */ ServerPermission.class))); private groups = new String[] { "krb.hello.example.jini.sun.com" }; discoveryManager = new LookupDiscovery(groups, this); }//end com.sun.jini.example.hello.Server /* Configuration block for the lookup discovery utility */ net.jini.discovery.LookupDiscovery { private serviceLookupConstraints = new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[]{ Integrity.YES, ClientAuthentication.YES, ServerAuthentication.YES, new ServerMinPrincipal( com.sun.jini.example.hello.Server.reggieUser) }, null)); static registrarPreparer = new BasicProxyPreparer( true, serviceLookupConstraints, new Permission[] { new AuthenticationPermission( com.sun.jini.example.hello.Server.serverUser, com.sun.jini.example.hello.Server.reggieUser, "connect") }); }//end net.jini.discovery.LookupDiscovery /* Configuration block for the join manager */ net.jini.lookup.JoinManager { static registrarPreparer = net.jini.discovery.LookupDiscovery.registrarPreparer; static registrationPreparer = net.jini.discovery.LookupDiscovery.registrarPreparer; static serviceLeasePreparer = net.jini.discovery.LookupDiscovery.registrarPreparer; }//end net.jini.lookup.JoinManager