120 * cache that contains user's TGT. |
120 * cache that contains user's TGT. |
121 * If this is set, {@code useTicketCache} |
121 * If this is set, {@code useTicketCache} |
122 * must also be set to true; Otherwise a configuration error will |
122 * must also be set to true; Otherwise a configuration error will |
123 * be returned.</dd> |
123 * be returned.</dd> |
124 * <dt>{@code renewTGT}:</dt> |
124 * <dt>{@code renewTGT}:</dt> |
125 * <dd>Set this to true, if you want to renew |
125 * <dd>Set this to true, if you want to renew the TGT when it's more than |
126 * the TGT. If this is set, {@code useTicketCache} must also be |
126 * half-way expired (the time until expiration is less than the time |
|
127 * since start time). If this is set, {@code useTicketCache} must also be |
127 * set to true; otherwise a configuration error will be returned.</dd> |
128 * set to true; otherwise a configuration error will be returned.</dd> |
128 * <dt>{@code doNotPrompt}:</dt> |
129 * <dt>{@code doNotPrompt}:</dt> |
129 * <dd>Set this to true if you do not want to be |
130 * <dd>Set this to true if you do not want to be |
130 * prompted for the password |
131 * prompted for the password |
131 * if credentials can not be obtained from the cache, the keytab, |
132 * if credentials can not be obtained from the cache, the keytab, |
647 System.out.println("Acquire TGT from Cache"); |
648 System.out.println("Acquire TGT from Cache"); |
648 cred = Credentials.acquireTGTFromCache |
649 cred = Credentials.acquireTGTFromCache |
649 (principal, ticketCacheName); |
650 (principal, ticketCacheName); |
650 |
651 |
651 if (cred != null) { |
652 if (cred != null) { |
652 // check to renew credentials |
653 if (renewTGT && isOld(cred)) { |
|
654 // renew if ticket is old. |
|
655 Credentials newCred = renewCredentials(cred); |
|
656 if (newCred != null) { |
|
657 cred = newCred; |
|
658 } |
|
659 } |
653 if (!isCurrent(cred)) { |
660 if (!isCurrent(cred)) { |
654 if (renewTGT) { |
661 // credentials have expired |
655 cred = renewCredentials(cred); |
662 cred = null; |
656 } else { |
663 if (debug) |
657 // credentials have expired |
664 System.out.println("Credentials are" + |
658 cred = null; |
665 " no longer valid"); |
659 if (debug) |
|
660 System.out.println("Credentials are" + |
|
661 " no longer valid"); |
|
662 } |
|
663 } |
666 } |
664 } |
667 } |
665 |
668 |
666 if (cred != null) { |
669 if (cred != null) { |
667 // get the principal name from the ticket cache |
670 // get the principal name from the ticket cache |
966 + " - principal cannot be * when isInitiator is true"); |
969 + " - principal cannot be * when isInitiator is true"); |
967 } |
970 } |
968 } |
971 } |
969 } |
972 } |
970 |
973 |
971 private boolean isCurrent(Credentials creds) |
974 private static boolean isCurrent(Credentials creds) |
972 { |
975 { |
973 Date endTime = creds.getEndTime(); |
976 Date endTime = creds.getEndTime(); |
974 if (endTime != null) { |
977 if (endTime != null) { |
975 return (System.currentTimeMillis() <= endTime.getTime()); |
978 return (System.currentTimeMillis() <= endTime.getTime()); |
976 } |
979 } |
977 return true; |
980 return true; |
|
981 } |
|
982 |
|
983 private static boolean isOld(Credentials creds) |
|
984 { |
|
985 Date endTime = creds.getEndTime(); |
|
986 if (endTime != null) { |
|
987 Date authTime = creds.getAuthTime(); |
|
988 long now = System.currentTimeMillis(); |
|
989 if (authTime != null) { |
|
990 // pass the mid between auth and end |
|
991 return now - authTime.getTime() > endTime.getTime() - now; |
|
992 } else { |
|
993 // will expire in less than 2 hours |
|
994 return now <= endTime.getTime() - 1000*3600*2L; |
|
995 } |
|
996 } |
|
997 return false; |
978 } |
998 } |
979 |
999 |
980 private Credentials renewCredentials(Credentials creds) |
1000 private Credentials renewCredentials(Credentials creds) |
981 { |
1001 { |
982 Credentials lcreds; |
1002 Credentials lcreds; |