IBM JGSS application programming steps

 

There are multiple steps required to develop a JGSS application, including using transport tokens, creating the necessary JGSS objects, establishing and deleting context, and using per-message services.

Operations in a JGSS application follow the Generic Security Service Application Programming Interface (GSS-API) operational model. For information about concepts important to JGSS operations, see JGSS concepts.

 

JGSS transport tokens

Some of the important JGSS operations generate tokens in the form of Java™ byte arrays. It is the responsibility of the application to forward the tokens from one JGSS peer to the other. JGSS does not constrain in any way the protocol that the application uses for transporting tokens. Applications may transport JGSS tokens together with other application (that is, non-JGSS) data. However, JGSS operations accept and use only JGSS-specific tokens.

 

Sequence of operations in a JGSS application

JGSS operations require certain programming constructs that use in the order listed below. Each of the steps applies to both the initiator and the acceptor.

The information includes snippets of example code that illustrate using the high-level JGSS APIs and assume that your application imports the org.ietf.jgss package. Although many of the high-level APIs are overloaded, the snippets show only the most commonly used forms of those methods. Of course, use the API mehods that best suit your needs.

  1. Creating a GSSManager
    The GSSManager abstract class serves as a factory for creating JGSS objects.
  2. Creating a GSSName
    GSSName represents the identity of a GSS-API principal. A GSSName may contain many representations of the principal, one for each supported underlying mechanism. A GSSName that contains only one name representation is called a Mechanism Name (MN).
  3. Creating a GSSCredential
    A GSSCredential contains all the cryptographic information necessary to create a context on behalf of a principal and can contain credential information for multiple mechanisms.
  4. Creating GSSContext
    IBM JGSS supports two methods provided by GSSManager for creating a context. These methods are a method used by the context initiator and a method used by the acceptor.
  5. Requesting optional JGSS security services
    Your application can request any of several optional security services. IBM JGSS supports several services.
  6. Establishing JGSS context
    The two communicating peers must establish a security context over which they can use per-message services.
  7. Using JGSS per-message services
    After establishing a security context, two communicating peers can exchange secure messages over the established context.
  8. Deleting JGSS context
    A peer deletes a context when the context is no longer needed. In JGSS operations, each peer unilaterally decides when to delete a context and does not need to inform its peer.

 

Parent topic:

Developing IBM JGSS applications
Related reference
Using JAAS with your JGSS application