Search in sources :

Example 66 with GSSCredential

use of org.ietf.jgss.GSSCredential in project keycloak by keycloak.

the class KerberosCredDelegServlet method doGet.

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    String ldapData = null;
    if (req.getRequestURI().endsWith(CRED_DELEG_TEST_PATH)) {
        try {
            // Retrieve kerberos credential from accessToken and deserialize it
            KeycloakPrincipal keycloakPrincipal = (KeycloakPrincipal) req.getUserPrincipal();
            String serializedGssCredential = (String) keycloakPrincipal.getKeycloakSecurityContext().getToken().getOtherClaims().get(KerberosConstants.GSS_DELEGATION_CREDENTIAL);
            GSSCredential gssCredential = KerberosSerializationUtils.deserializeCredential(serializedGssCredential);
            // First try to invoke without gssCredential. It should fail
            try {
                invokeLdap(null);
                throw new RuntimeException("Not expected to authenticate to LDAP without credential");
            } catch (NamingException nse) {
                System.out.println("Expected exception: " + nse.getMessage());
            }
            ldapData = invokeLdap(gssCredential);
        } catch (KerberosSerializationUtils.KerberosSerializationException kse) {
            System.err.println("KerberosSerializationUtils.KerberosSerializationException: " + kse.getMessage());
            ldapData = "ERROR";
        } catch (Exception e) {
            e.printStackTrace();
            resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }
    }
    resp.setContentType("text/html");
    PrintWriter pw = resp.getWriter();
    pw.printf("<html><head><title>%s</title></head><body>", "Kerberos Test");
    pw.printf("Kerberos servlet secured content<br>");
    if (ldapData != null) {
        pw.printf("LDAP Data: " + ldapData + "<br>");
    }
    pw.print("</body></html>");
    pw.flush();
}
Also used : GSSCredential(org.ietf.jgss.GSSCredential) KerberosSerializationUtils(org.keycloak.common.util.KerberosSerializationUtils) NamingException(javax.naming.NamingException) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) NamingException(javax.naming.NamingException) KeycloakPrincipal(org.keycloak.KeycloakPrincipal) PrintWriter(java.io.PrintWriter)

Aggregations

GSSCredential (org.ietf.jgss.GSSCredential)66 GSSManager (org.ietf.jgss.GSSManager)38 Oid (org.ietf.jgss.Oid)36 GSSName (org.ietf.jgss.GSSName)34 GSSException (org.ietf.jgss.GSSException)33 GSSContext (org.ietf.jgss.GSSContext)28 Subject (javax.security.auth.Subject)22 Principal (java.security.Principal)19 PrivilegedActionException (java.security.PrivilegedActionException)19 IOException (java.io.IOException)9 LoginContext (javax.security.auth.login.LoginContext)9 LoginException (javax.security.auth.login.LoginException)9 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)8 KerberosCredentials (org.apache.http.auth.KerberosCredentials)7 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)6 SaslException (javax.security.sasl.SaslException)6 SPNegoSchemeFactory (org.apache.http.impl.auth.SPNegoSchemeFactory)4 BasicCredentialsProvider (org.apache.http.impl.client.BasicCredentialsProvider)4 Test (org.junit.Test)4 ExtendedGSSContext (com.sun.security.jgss.ExtendedGSSContext)3