You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/03/08 02:01:38 UTC
directory-kerberos git commit: DIRKRB-128 KrbClient supports both TCP
and UDP, trying TCP first
Repository: directory-kerberos
Updated Branches:
refs/heads/master 0dfab643e -> daa4ba59c
DIRKRB-128 KrbClient supports both TCP and UDP, trying TCP first
Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/daa4ba59
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/daa4ba59
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/daa4ba59
Branch: refs/heads/master
Commit: daa4ba59ca62f840880d6f4de46bcdb270a44d67
Parents: 0dfab64
Author: Drankye <dr...@gmail.com>
Authored: Sun Mar 8 09:00:39 2015 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Sun Mar 8 09:00:39 2015 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kerb/client/KrbClient.java | 102 +++++++++++++++----
.../kerby/kerberos/kerb/client/KrbConfig.java | 42 +++++++-
.../kerberos/kerb/client/KrbConfigKey.java | 3 +
.../kerby/kerberos/kerb/server/KdcTest.java | 11 +-
.../kerby/kerberos/kerb/server/KdcTestBase.java | 39 +++++--
.../kerberos/kerb/server/OnlyTcpKdcTest.java | 35 +++++++
.../kerberos/kerb/server/TcpAndUdpKdcTest.java | 35 +++++++
.../kerby/kerberos/kerb/server/KdcConfig.java | 30 +++++-
.../kerberos/kerb/server/KdcConfigKey.java | 2 +
.../kerby/kerberos/kerb/server/KdcServer.java | 32 +++++-
10 files changed, 293 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
index 5c0b360..55a18db 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
@@ -23,23 +23,22 @@ import org.apache.kerby.event.Event;
import org.apache.kerby.event.EventHub;
import org.apache.kerby.event.EventWaiter;
import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.KrbErrorException;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.event.KrbClientEvent;
import org.apache.kerby.kerberos.kerb.client.event.KrbClientEventType;
import org.apache.kerby.kerberos.kerb.client.request.*;
import org.apache.kerby.kerberos.kerb.common.KrbErrorUtil;
import org.apache.kerby.kerberos.kerb.common.KrbStreamingDecoder;
-import org.apache.kerby.kerberos.kerb.KrbErrorException;
-import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.spec.common.KrbError;
import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
import org.apache.kerby.token.KerbToken;
-import org.apache.kerby.transport.Connector;
+import org.apache.kerby.transport.Network;
import org.apache.kerby.transport.Transport;
import org.apache.kerby.transport.event.TransportEvent;
import org.apache.kerby.transport.event.TransportEventType;
-import org.apache.kerby.transport.tcp.TcpConnector;
import java.io.IOException;
import java.security.PrivateKey;
@@ -58,10 +57,22 @@ public class KrbClient {
private KrbHandler krbHandler;
private KrbContext context;
- private KrbConfig config;
+ private String kdcHost;
+ private int kdcTcpPort;
+ private Boolean allowUdp;
+ private int kdcUdpPort;
+ private KrbConfig krbConfig;
+
+ /**
+ * Default constructor.
+ */
+ public KrbClient() {
+ this(new KrbConfig());
+ }
/**
- *
+ * Construct a KrbClient with host and port. The port can be TCP, UDP or
+ * both, but TCP will try first.
* @param kdcHost
* @param kdcPort
*/
@@ -69,13 +80,18 @@ public class KrbClient {
this(new KrbConfig());
setKdcHost(kdcHost);
- setKdcPort(kdcPort);
+ setKdcTcpPort(kdcPort);
+ setKdcUdpPort(kdcPort);
}
- public KrbClient(KrbConfig config) {
- this.config = config;
+ /**
+ * Construct with prepared KrbConfig
+ * @param krbConfig
+ */
+ public KrbClient(KrbConfig krbConfig) {
+ this.krbConfig = krbConfig;
this.context = new KrbContext();
- context.init(config);
+ context.init(krbConfig);
}
/**
@@ -86,20 +102,64 @@ public class KrbClient {
context.setKdcRealm(realm);
}
+ private String getKdcHost() {
+ if (kdcHost != null) {
+ return kdcHost;
+ }
+ return krbConfig.getKdcHost();
+ }
+
+ private int getKdcTcpPort() {
+ if (kdcTcpPort > 0) {
+ return kdcTcpPort;
+ }
+ return krbConfig.getKdcTcpPort();
+ }
+
+ private boolean allowUdp() {
+ if (allowUdp != null) {
+ return allowUdp;
+ }
+ return krbConfig.allowKdcUdp();
+ }
+
+ private int getKdcUdpPort() {
+ if (kdcUdpPort > 0) {
+ return kdcUdpPort;
+ }
+ return krbConfig.getKdcUdpPort();
+ }
+
/**
- *
+ * Set KDC host.
* @param kdcHost
*/
public void setKdcHost(String kdcHost) {
- context.setKdcHost(kdcHost);
+ this.kdcHost = kdcHost;
}
/**
- *
- * @param kdcPort
+ * Set KDC tcp port.
+ * @param kdcTcpPort
+ */
+ public void setKdcTcpPort(int kdcTcpPort) {
+ this.kdcTcpPort = kdcTcpPort;
+ }
+
+ /**
+ * Set to allow UDP or not.
+ * @param allowUdp
+ */
+ public void setAllowUdp(boolean allowUdp) {
+ this.allowUdp = allowUdp;
+ }
+
+ /**
+ * Set KDC udp port. Only makes sense when allowUdp is set.
+ * @param kdcUdpPort
*/
- public void setKdcPort(int kdcPort) {
- context.setKdcPort(kdcPort);
+ public void setKdcUdpPort(int kdcUdpPort) {
+ this.kdcUdpPort = kdcUdpPort;
}
/**
@@ -117,8 +177,9 @@ public class KrbClient {
this.eventHub = new EventHub();
eventHub.register(krbHandler);
- Connector connector = new TcpConnector(new KrbStreamingDecoder());
- eventHub.register(connector);
+ Network network = new Network();
+ network.setStreamingDecoder(new KrbStreamingDecoder());
+ eventHub.register(network);
eventWaiter = eventHub.waitEvent(
TransportEventType.NEW_TRANSPORT,
@@ -128,7 +189,10 @@ public class KrbClient {
eventHub.start();
- connector.connect(context.getKdcHost(), context.getKdcPort());
+ network.tcpConnect(getKdcHost(), getKdcTcpPort());
+ if (allowUdp()) {
+ network.udpConnect(getKdcHost(), getKdcUdpPort());
+ }
Event event = eventWaiter.waitEvent(TransportEventType.NEW_TRANSPORT);
transport = ((TransportEvent) event).getTransport();
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
index e523c12..9317424 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
@@ -40,15 +40,55 @@ public class KrbConfig {
return conf.getBoolean(KrbConfigKey.KRB_DEBUG);
}
+ /**
+ * Get KDC host name
+ * @return
+ */
public String getKdcHost() {
return conf.getString(KrbConfigKey.KDC_HOST);
}
- public short getKdcPort() {
+ /**
+ * Get KDC port, as both TCP and UDP ports
+ * @return
+ */
+ public int getKdcPort() {
Integer kdcPort = conf.getInt(KrbConfigKey.KDC_PORT);
return kdcPort.shortValue();
}
+ /**
+ * Get KDC TCP port
+ * @return
+ */
+ public int getKdcTcpPort() {
+ Integer kdcPort = conf.getInt(KrbConfigKey.KDC_TCP_PORT);
+ if (kdcPort > 0) {
+ return kdcPort.shortValue();
+ }
+ return getKdcPort();
+ }
+
+ /**
+ * Is to allow UDP for KDC
+ * @return true to allow UDP, false otherwise
+ */
+ public boolean allowKdcUdp() {
+ return conf.getBoolean(KrbConfigKey.KDC_ALLOW_UDP);
+ }
+
+ /**
+ * Get KDC UDP port
+ * @return
+ */
+ public int getKdcUdpPort() {
+ Integer kdcPort = conf.getInt(KrbConfigKey.KDC_UDP_PORT);
+ if (kdcPort > 0) {
+ return kdcPort.shortValue();
+ }
+ return getKdcPort();
+ }
+
public String getKdcRealm() {
return conf.getString(KrbConfigKey.KDC_REALM);
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
index 111cc67..bbd3623 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
@@ -25,6 +25,9 @@ public enum KrbConfigKey implements SectionConfigKey {
KRB_DEBUG(true),
KDC_HOST("localhost"),
KDC_PORT(8015),
+ KDC_ALLOW_UDP(true),
+ KDC_UDP_PORT(8016),
+ KDC_TCP_PORT(8015),
KDC_DOMAIN("example.com"),
KDC_REALM("EXAMPLE.COM"),
TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
index f16fa08..dff0f6f 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
@@ -25,7 +25,7 @@ import org.junit.Test;
import static org.assertj.core.api.Assertions.assertThat;
-public class KdcTest extends KdcTestBase {
+public abstract class KdcTest extends KdcTestBase {
private String password = "123456";
@@ -35,16 +35,17 @@ public class KdcTest extends KdcTestBase {
kdcServer.createPrincipal(clientPrincipal, password);
}
- @Test
- public void testKdc() throws Exception {
+ protected void performKdcTest() throws Exception {
kdcServer.start();
assertThat(kdcServer.isStarted()).isTrue();
krbClnt.init();
- TgtTicket tgt = krbClnt.requestTgtTicket(clientPrincipal, password, null);
+ TgtTicket tgt = krbClnt.requestTgtTicket(clientPrincipal,
+ password, null);
assertThat(tgt).isNotNull();
- ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+ ServiceTicket tkt = krbClnt.requestServiceTicket(tgt,
+ serverPrincipal, null);
assertThat(tkt).isNotNull();
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
index 19f7fe3..900b7f4 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -33,26 +33,39 @@ public abstract class KdcTestBase {
protected String serverPrincipal;
protected String hostname = "localhost";
- protected int tcpPort;
- protected int udpPort;
+ protected int tcpPort = -1;
+ protected int udpPort = -1;
protected TestKdcServer kdcServer;
protected KrbClient krbClnt;
+ protected boolean allowUdp() {
+ return true;
+ }
+
@Before
public void setUp() throws Exception {
+ tcpPort = getServerPort();
+
+ if (allowUdp()) {
+ udpPort = getServerPort();
+ }
+
setUpKdcServer();
setUpClient();
}
protected void setUpKdcServer() throws Exception {
- tcpPort = getServerPort();
- udpPort = getServerPort();
-
kdcServer = new TestKdcServer();
kdcServer.setKdcHost(hostname);
- kdcServer.setKdcTcpPort(tcpPort);
- kdcServer.setKdcUdpPort(udpPort);
+ if (tcpPort > 0) {
+ kdcServer.setKdcTcpPort(tcpPort);
+ }
+ kdcServer.setAllowUdp(allowUdp());
+ if (udpPort > 0) {
+ kdcServer.setKdcUdpPort(udpPort);
+ }
+
kdcServer.init();
kdcRealm = kdcServer.getKdcRealm();
@@ -63,7 +76,17 @@ public abstract class KdcTestBase {
}
protected void setUpClient() throws Exception {
- krbClnt = new KrbClient(hostname, tcpPort);
+ krbClnt = new KrbClient();
+
+ krbClnt.setKdcHost(hostname);
+ if (tcpPort > 0) {
+ krbClnt.setKdcTcpPort(tcpPort);
+ }
+ krbClnt.setAllowUdp(allowUdp());
+ if (udpPort > 0) {
+ krbClnt.setKdcUdpPort(udpPort);
+ }
+
krbClnt.setTimeout(5);
krbClnt.setKdcRealm(kdcServer.getKdcRealm());
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
new file mode 100644
index 0000000..e7e956b
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.junit.Test;
+
+public class OnlyTcpKdcTest extends KdcTest {
+
+ @Override
+ protected boolean allowUdp() {
+ return false;
+ }
+
+ @Test
+ public void testKdc() throws Exception {
+ performKdcTest();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
new file mode 100644
index 0000000..673eeb4
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.junit.Test;
+
+public class TcpAndUdpKdcTest extends KdcTest {
+
+ @Override
+ protected boolean allowUdp() {
+ return true;
+ }
+
+ @Test
+ public void testKdc() throws Exception {
+ performKdcTest();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
index 083a706..a3a4703 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -61,14 +61,36 @@ public class KdcConfig {
return conf.getString(KdcConfigKey.KDC_HOST);
}
+ public int getKdcPort() {
+ Integer kdcPort = KrbConfHelper.getIntUnderSection(conf,
+ KdcConfigKey.KDC_PORT);
+ return kdcPort.intValue();
+ }
+
public int getKdcTcpPort() {
- Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_TCP_PORT);
- return kdcTcpPort.intValue();
+ Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(conf,
+ KdcConfigKey.KDC_TCP_PORT);
+ if (kdcTcpPort > 0) {
+ return kdcTcpPort.intValue();
+ }
+ return getKdcPort();
+ }
+
+ /**
+ * Is to allow UDP for KDC
+ * @return true to allow UDP, false otherwise
+ */
+ public boolean allowKdcUdp() {
+ return conf.getBoolean(KdcConfigKey.KDC_ALLOW_UDP);
}
public int getKdcUdpPort() {
- Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_UDP_PORT);
- return kdcUdpPort.intValue();
+ Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(conf,
+ KdcConfigKey.KDC_UDP_PORT);
+ if (kdcUdpPort > 0) {
+ return kdcUdpPort.intValue();
+ }
+ return getKdcPort();
}
public String getKdcRealm() {
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
index 0a1cbdf..6792d06 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -26,6 +26,8 @@ public enum KdcConfigKey implements SectionConfigKey {
WORK_DIR,
KDC_SERVICE_NAME("Kerby_KDC_Server"),
KDC_HOST("127.0.0.1"),
+ KDC_PORT(8015, "kdcdefaults"),
+ KDC_ALLOW_UDP(true, "kdcdefaults"),
KDC_UDP_PORT(8016, "kdcdefaults"),
KDC_TCP_PORT(8015, "kdcdefaults"),
KDC_DOMAIN("example.com"),
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/daa4ba59/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
index 4e723d9..a454290 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
@@ -29,6 +29,7 @@ import java.io.File;
public class KdcServer {
private String kdcHost;
private int kdcTcpPort;
+ private Boolean allowUdp;
private int kdcUdpPort;
private String kdcRealm;
@@ -98,6 +99,13 @@ public class KdcServer {
return kdcConfig.getKdcTcpPort();
}
+ private boolean allowUdp() {
+ if (allowUdp != null) {
+ return allowUdp;
+ }
+ return kdcConfig.allowKdcUdp();
+ }
+
private int getKdcUdpPort() {
if (kdcUdpPort > 0) {
return kdcUdpPort;
@@ -109,14 +117,34 @@ public class KdcServer {
this.kdcHost = kdcHost;
}
+ /**
+ * Set to allow UDP or not.
+ * @param allowUdp
+ */
+ public void setAllowUdp(boolean allowUdp) {
+ this.allowUdp = allowUdp;
+ }
+
+ /**
+ * Set KDC tcp port.
+ * @param kdcTcpPort
+ */
public void setKdcTcpPort(int kdcTcpPort) {
this.kdcTcpPort = kdcTcpPort;
}
+ /**
+ * Set KDC udp port. Only makes sense when allowUdp is set.
+ * @param kdcUdpPort
+ */
public void setKdcUdpPort(int kdcUdpPort) {
this.kdcUdpPort = kdcUdpPort;
}
+ /**
+ * Set KDC realm.
+ * @param realm
+ */
public void setKdcRealm(String realm) {
this.kdcRealm = realm;
}
@@ -138,7 +166,9 @@ public class KdcServer {
eventHub.start();
network.tcpListen(getKdcHost(), getKdcTcpPort());
- network.udpListen(getKdcHost(), getKdcUdpPort());
+ if (allowUdp()) {
+ network.udpListen(getKdcHost(), getKdcUdpPort());
+ }
}
private void prepareHandler() {