Creating GSSContext

IBM® JGSS supports two methods provided by GSSManager for creating a context.

These methods are:

Note: GSSManager provides a third method for creating a context that involves recreating previously exported contexts. However, because IBM JGSS Kerberos V5 mechanism does not support the use of exported contexts, IBM JGSS does not support this method.

Your application cannot use an initiator context for context acceptance, nor can it use an acceptor context for context initiation. Both supported methods for creating a context require a credential as input. When the value of the credential is null, JGSS uses the default credential.

Examples: Using GSSContext

The following example creates a context with which the principal (foo) can initiate a context with the peer (superSecureServer) on the host (securityCentral). The example specifies the peer as superSecureServer@securityCentral. The created context is valid for the default period:

GSSName serverName = manager.createName("superSecureServer@securityCentral",
                                        GSSName.NT_HOSTBASED_SERVICE, krb5Mech);
GSSContext fooContext = manager.createContext(serverName, krb5Mech, fooCreds, 
                                             GSSCredential.DEFAULT_LIFETIME);

The following example creates a context for superSecureServer in order to accept contexts initiated by any peer:

GSSContext serverAcceptorContext = manager.createContext(serverCreds);

Note that your application can create and simultaneously use both types of contexts.

Parent topic: IBM JGSS application programming steps
Previous topic: Creating a GSSCredential
Next topic: Requesting optional security services