Java SE offers a rich set of APIs and features for developing secure Java applications and services. The exercise sessions listed here can help you to use the Java SE GSS APIs to build applications that authenticate their users, to communicate securely with other applications and services, and help you to configure your applications in a Kerberos environment to achieve Single Sign-On. In addition, you will also learn how to use stronger encryption algorithms in a Kerberos environment, and how to use Java GSS mechanisms such as SPNEGO to secure the association.
Please download, install and configure the software listed below:
%JAVA_HOME%environment variable to point to the installation directory of the JDK.
This session includes six lessons. Each part contains one or more coding exercises:
Make sure you have verified the following configuration settings before proceding to the first Exercise:
JAVA_HOMEenvironment variable to point to the JDK installation directory
$JAVA_HOME/bin(Solaris/Linux) in the
Please work through these exercises in sequence:
Kerberos accounts are set up on the Key Distribution Center
(KDC). Each entry in the Kerberos database contains a Kerberos
principal. You should create a host-based principal for
the machine that you will be running the servers (e.g.,
host/j1hol-001") and a client principal (e.g.,
test") for accessing the servers.
For Solaris, please refer to following documentation on how to setup Kerberos principals.
For Windows, please refer to Microsoft documentation. Here are some pointers.
The exercises assume that the operating system has been
configured to use the correct Kerberos server. This configuration
typically requires administration privileges. If you cannot
configure the operating system, then you can use a Kerberos
configuration file with your
java command by using
-Djava.security.krb5.conf option. Here is an
example of how to invoke one of the commands from the exercises to
% java -Djava.security.auth.login.config=jaas-krb5.conf\ -Djava.security.krb5.conf=krb5.conf Jaas client