public boolean isAnonymous() { return getKdcOptions().isFlagSet(KdcOption.REQUEST_ANONYMOUS); }
public boolean isAnonymous() { return getKdcOptions().isFlagSet(KdcOption.REQUEST_ANONYMOUS); }
if (kdcRequest.getKdcOptions().isFlagSet(KdcOption.REQUEST_ANONYMOUS) && !KrbUtil.pricipalCompareIgnoreRealm(clientPrincial, anonymousPrincipal)) { String errMsg = "Pkinit request not signed, but client not anonymous.";
if (kdcRequest.getKdcOptions().isFlagSet(KdcOption.REQUEST_ANONYMOUS) && !KrbUtil.pricipalCompareIgnoreRealm(clientPrincial, anonymousPrincipal)) { String errMsg = "Pkinit request not signed, but client not anonymous.";
if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.FORWARDABLE)) { if (!config.isForwardableAllowed()) { LOG.warn("Forward is not allowed."); if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.PROXIABLE)) { if (!config.isProxiableAllowed()) { LOG.warn("Proxy is not allowed."); if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.ALLOW_POSTDATE)) { if (!config.isPostdatedAllowed()) { LOG.warn("Post date is not allowed."); && !kdcOptions.isFlagSet(KdcOption.POSTDATED)) { throw new KrbException(KrbErrorCode.KDC_ERR_CANNOT_POSTDATE); if (kdcOptions.isFlagSet(KdcOption.POSTDATED)) { if (!config.isPostdatedAllowed()) { throw new KrbException(KrbErrorCode.KDC_ERR_POLICY); if (kdcOptions.isFlagSet(KdcOption.RENEWABLE_OK)) { kdcOptions.setFlag(KdcOption.RENEWABLE); if (kdcOptions.isFlagSet(KdcOption.RENEWABLE)) { if (!config.isRenewableAllowed()) { throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.FORWARDABLE)) { if (!config.isForwardableAllowed()) { LOG.warn("Forward is not allowed."); if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.PROXIABLE)) { if (!config.isProxiableAllowed()) { LOG.warn("Proxy is not allowed."); if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.ALLOW_POSTDATE)) { if (!config.isPostdatedAllowed()) { LOG.warn("Post date is not allowed."); && !kdcOptions.isFlagSet(KdcOption.POSTDATED)) { throw new KrbException(KrbErrorCode.KDC_ERR_CANNOT_POSTDATE); if (kdcOptions.isFlagSet(KdcOption.POSTDATED)) { if (!config.isPostdatedAllowed()) { throw new KrbException(KrbErrorCode.KDC_ERR_POLICY); if (kdcOptions.isFlagSet(KdcOption.RENEWABLE_OK)) { kdcOptions.setFlag(KdcOption.RENEWABLE); if (kdcOptions.isFlagSet(KdcOption.RENEWABLE)) { if (!config.isRenewableAllowed()) { throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);