使用Spnego解密kerberos票 [英] Decrypt kerberos ticket using Spnego

问题描述

我正在使用spnego（ http://spnego.sourceforge.net ）进行JBoss下的kerberos身份验证。

I'm using spnego ( http://spnego.sourceforge.net ) for kerberos authentication under JBoss.

我需要解密kerberos票证才能访问包含PAC数据的授权数据。需要PAC数据来决定将哪些角色授予用户。

I need to decrypt kerberos ticket to access the authorization-data which will containt PAC data. The PAC data is needed to decide which roles are to be granted to user.

如何访问和解密kerberos票证？我在网上搜索了一些例子，但没有付出努力。

How to access and decrypt kerberos ticket? I've searched net for examples, but without effort.

推荐答案

这些人有完整的PAC解码实现：

These guys have a full PAC decoding implementation:

http://jaaslounge.sourceforge.net/

您可以像这样使用令牌解析器：

You can use the token parser like this:

HttpServletRequest request = (HttpServletRequest) req;
String header = request.getHeader("Authorization");
byte[] base64Token = header.substring(10).getBytes("UTF-8");
byte[] spnegoHeader = Base64.decode(base64Token);

SpnegoInitToken spnegoToken = new SpnegoInitToken(spnegoHeader);

如果要解密基础Kerberos票证，您将需要跳过一些箍。不确定是否需要。

You're going to need to jump though some hoops if you want to decrypt the underlying Kerberos ticket. Not sure if you need that.

拨款

这篇关于使用Spnego解密kerberos票的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！