Examples with SessionSetupPrivilegedAction - org.alfresco.jlan.server.auth.kerberos.SessionSetupPrivilegedAction

Example 1 with SessionSetupPrivilegedAction

use of org.alfresco.jlan.server.auth.kerberos.SessionSetupPrivilegedAction in project alfresco-remote-api by Alfresco.

the class BaseKerberosAuthenticationFilter method doKerberosLogon.

/**
 * Perform a Kerberos login and return an SPNEGO response
 *
 * @param negToken NegTokenInit
 * @param req HttpServletRequest
 * @param resp HttpServletResponse
 * @param httpSess HttpSession
 * @return NegTokenTarg
 */
private final NegTokenTarg doKerberosLogon(NegTokenInit negToken, HttpServletRequest req, HttpServletResponse resp, HttpSession httpSess) {
    // Authenticate the user
    KerberosDetails krbDetails = null;
    String userName = null;
    NegTokenTarg negTokenTarg = null;
    try {
        // Run the session setup as a privileged action
        SessionSetupPrivilegedAction sessSetupAction = new SessionSetupPrivilegedAction(m_accountName, negToken.getMechtoken());
        Object result = Subject.doAs(m_loginContext.getSubject(), sessSetupAction);
        if (result != null) {
            // Access the Kerberos response
            krbDetails = (KerberosDetails) result;
            userName = m_stripKerberosUsernameSuffix ? krbDetails.getUserName() : krbDetails.getSourceName();
            // Create the NegTokenTarg response blob
            negTokenTarg = new NegTokenTarg(SPNEGO.AcceptCompleted, OID.KERBEROS5, krbDetails.getResponseToken());
            if (negTokenTarg != null) {
                // Create and store the user authentication context
                SessionUser user = createUserEnvironment(httpSess, userName);
                if (getLogger().isTraceEnabled()) {
                    getLogger().trace("User " + AuthenticationUtil.maskUsername(user.getUserName()) + " logged on via Kerberos");
                }
            }
        } else {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("No SPNEGO response, Kerberos logon failed");
            }
        }
    } catch (AuthenticationException ex) {
        // Pass on validation failures
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Failed to validate user " + AuthenticationUtil.maskUsername(userName), ex);
        }
        throw ex;
    } catch (Exception ex) {
        // Log the error
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Kerberos logon error", ex);
        }
    }
    return negTokenTarg;
}

Also used : KerberosDetails(org.alfresco.jlan.server.auth.kerberos.KerberosDetails) SessionUser(org.alfresco.repo.SessionUser) NegTokenTarg(org.alfresco.jlan.server.auth.spnego.NegTokenTarg) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) SessionSetupPrivilegedAction(org.alfresco.jlan.server.auth.kerberos.SessionSetupPrivilegedAction) LoginException(javax.security.auth.login.LoginException) ServletException(javax.servlet.ServletException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException)

Aggregations

IOException (java.io.IOException)1 UnknownHostException (java.net.UnknownHostException)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 LoginException (javax.security.auth.login.LoginException)1 ServletException (javax.servlet.ServletException)1 KerberosDetails (org.alfresco.jlan.server.auth.kerberos.KerberosDetails)1 SessionSetupPrivilegedAction (org.alfresco.jlan.server.auth.kerberos.SessionSetupPrivilegedAction)1 NegTokenTarg (org.alfresco.jlan.server.auth.spnego.NegTokenTarg)1 SessionUser (org.alfresco.repo.SessionUser)1 AuthenticationException (org.alfresco.repo.security.authentication.AuthenticationException)1