Examples with KerberosDetails - org.alfresco.jlan.server.auth.kerberos.KerberosDetails

Example 1 with KerberosDetails

use of org.alfresco.jlan.server.auth.kerberos.KerberosDetails in project alfresco-remote-api by Alfresco.

the class BaseKerberosAuthenticationFilter method doKerberosLogon.

/**
 * Perform a Kerberos login and return an SPNEGO response
 *
 * @param negToken NegTokenInit
 * @param req HttpServletRequest
 * @param resp HttpServletResponse
 * @param httpSess HttpSession
 * @return NegTokenTarg
 */
private final NegTokenTarg doKerberosLogon(NegTokenInit negToken, HttpServletRequest req, HttpServletResponse resp, HttpSession httpSess) {
    // Authenticate the user
    KerberosDetails krbDetails = null;
    String userName = null;
    NegTokenTarg negTokenTarg = null;
    try {
        // Run the session setup as a privileged action
        SessionSetupPrivilegedAction sessSetupAction = new SessionSetupPrivilegedAction(m_accountName, negToken.getMechtoken());
        Object result = Subject.doAs(m_loginContext.getSubject(), sessSetupAction);
        if (result != null) {
            // Access the Kerberos response
            krbDetails = (KerberosDetails) result;
            userName = m_stripKerberosUsernameSuffix ? krbDetails.getUserName() : krbDetails.getSourceName();
            // Create the NegTokenTarg response blob
            negTokenTarg = new NegTokenTarg(SPNEGO.AcceptCompleted, OID.KERBEROS5, krbDetails.getResponseToken());
            if (negTokenTarg != null) {
                // Create and store the user authentication context
                SessionUser user = createUserEnvironment(httpSess, userName);
                if (getLogger().isDebugEnabled())
                    getLogger().debug("User " + user.getUserName() + " logged on via Kerberos");
            }
        } else {
            if (getLogger().isDebugEnabled())
                getLogger().debug("No SPNEGO response, Kerberos logon failed");
        }
    } catch (AuthenticationException ex) {
        // Pass on validation failures
        if (getLogger().isDebugEnabled())
            getLogger().debug("Failed to validate user " + userName, ex);
        throw ex;
    } catch (Exception ex) {
        if (getLogger().isDebugEnabled())
            getLogger().debug("Kerberos logon error", ex);
    }
    return negTokenTarg;
}

Also used : KerberosDetails(org.alfresco.jlan.server.auth.kerberos.KerberosDetails) SessionUser(org.alfresco.repo.SessionUser) NegTokenTarg(org.alfresco.jlan.server.auth.spnego.NegTokenTarg) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) SessionSetupPrivilegedAction(org.alfresco.jlan.server.auth.kerberos.SessionSetupPrivilegedAction) LoginException(javax.security.auth.login.LoginException) ServletException(javax.servlet.ServletException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException)

Aggregations

IOException (java.io.IOException)1 UnknownHostException (java.net.UnknownHostException)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 LoginException (javax.security.auth.login.LoginException)1 ServletException (javax.servlet.ServletException)1 KerberosDetails (org.alfresco.jlan.server.auth.kerberos.KerberosDetails)1 SessionSetupPrivilegedAction (org.alfresco.jlan.server.auth.kerberos.SessionSetupPrivilegedAction)1 NegTokenTarg (org.alfresco.jlan.server.auth.spnego.NegTokenTarg)1 SessionUser (org.alfresco.repo.SessionUser)1 AuthenticationException (org.alfresco.repo.security.authentication.AuthenticationException)1