@Exported public interface ExtendedGSSContext extends GSSContext
org.ietf.jgss.GSSContext,
 such as querying context-specific attributes.DEFAULT_LIFETIME, INDEFINITE_LIFETIME| Modifier and Type | Method and Description | 
|---|---|
| boolean | getDelegPolicyState()Returns the delegation policy response. | 
| Object | inquireSecContext(InquireType type)Return the mechanism-specific attribute associated with  type. | 
| void | requestDelegPolicy(boolean state)Requests that the delegation policy be respected. | 
acceptSecContext, acceptSecContext, dispose, export, getAnonymityState, getConfState, getCredDelegState, getDelegCred, getIntegState, getLifetime, getMech, getMIC, getMIC, getMutualAuthState, getReplayDetState, getSequenceDetState, getSrcName, getTargName, getWrapSizeLimit, initSecContext, initSecContext, isEstablished, isInitiator, isProtReady, isTransferable, requestAnonymity, requestConf, requestCredDeleg, requestInteg, requestLifetime, requestMutualAuth, requestReplayDet, requestSequenceDet, setChannelBinding, unwrap, unwrap, verifyMIC, verifyMIC, wrap, wrapObject inquireSecContext(InquireType type) throws GSSException
type.
 KRB5_GET_TKT_FLAGS:
 the returned object is a boolean array for the service ticket flags,
 which is long enough to contain all true bits. This means if
 the user wants to get the n'th bit but the length of the
 returned array is less than n, it is regarded as false.
 KRB5_GET_SESSION_KEY:
 the returned object is an instance of Key,
 which has the following properties:
    KRB5_GET_AUTHZ_DATA:
 the returned object is an array of
 AuthorizationDataEntry, or null if the
 optional field is missing in the service ticket.
 KRB5_GET_AUTHTIME:
 the returned object is a String object in the standard KerberosTime
 format defined in RFC 4120 5.2.3
 InquireSecContextPermission
 with the name type.mech must be granted. Otherwise, this could
 result in a SecurityException.Example:
      GSSContext ctxt = m.createContext(...)
      // Establishing the context
      if (ctxt instanceof ExtendedGSSContext) {
          ExtendedGSSContext ex = (ExtendedGSSContext)ctxt;
          try {
              Key key = (key)ex.inquireSecContext(
                      InquireType.KRB5_GET_SESSION_KEY);
              // read key info
          } catch (GSSException gsse) {
              // deal with exception
          }
      }
 type - the type of the attribute requestedGSSException - containing  the following
 major error codes:
   GSSException.BAD_MECH if the mechanism
   does not support this method,
   GSSException.UNAVAILABLE if the
   type specified is not supported,
   GSSException.NO_CONTEXT if the
   security context is invalid,
   GSSException.FAILURE for other
   unspecified failures.SecurityException - if a security manager exists and a proper
   InquireSecContextPermission is not granted.InquireSecContextPermissionvoid requestDelegPolicy(boolean state)
                 throws GSSException
initSecContext.
 
 When this flag is false, delegation will only be tried when the
 credentials delegation flag
 is true.
 
 When this flag is true but the
 credentials delegation flag
 is false, delegation will be only tried if the delegation policy permits
 delegation.
 
 When both this flag and the
 credentials delegation flag
 are true, delegation will be always tried. However, if the delegation
 policy does not permit delegation, the value of
 getDelegPolicyState() will be false, even
 if delegation is performed successfully.
 
 In any case, if the delegation is not successful, the value returned
 by GSSContext.getCredDelegState() is false, and the value
 returned by getDelegPolicyState() is also false.
 
 Not all mechanisms support delegation policy. Therefore, the
 application should check to see if the request was honored with the
 getDelegPolicyState method. When
 delegation policy is not supported, requestDelegPolicy
 should return silently without throwing an exception.
 
Note: for the Kerberos 5 mechanism, the delegation policy is expressed through the OK-AS-DELEGATE flag in the service ticket. When it's true, the KDC permits delegation to the target server. In a cross-realm environment, in order for delegation be permitted, all cross-realm TGTs on the authentication path must also have the OK-AS-DELAGATE flags set.
state - true if the policy should be respectedGSSException - containing the following
 major error codes:
   GSSException.FAILUREboolean getDelegPolicyState()
requestDelegPolicy(boolean).
 Copyright © 2000, 2017, Oracle and/or its affiliates.  All rights reserved.