Examples with GSSException - org.ietf.jgss.GSSException

Example 56 with GSSException

use of org.ietf.jgss.GSSException in project tomcat70 by apache.

the class RealmBase method authenticate.

/**
 * {@inheritDoc}
 */
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
    if (gssContext.isEstablished()) {
        GSSName gssName = null;
        try {
            gssName = gssContext.getSrcName();
        } catch (GSSException e) {
            log.warn(sm.getString("realmBase.gssNameFail"), e);
        }
        if (gssName != null) {
            String name = gssName.toString();
            if (isStripRealmForGss()) {
                int i = name.indexOf('@');
                if (i > 0) {
                    // Zero so we don;t leave a zero length name
                    name = name.substring(0, i);
                }
            }
            GSSCredential gssCredential = null;
            if (storeCreds && gssContext.getCredDelegState()) {
                try {
                    gssCredential = gssContext.getDelegCred();
                } catch (GSSException e) {
                    if (log.isDebugEnabled()) {
                        log.debug(sm.getString("realmBase.delegatedCredentialFail", name), e);
                    }
                }
            }
            return getPrincipal(name, gssCredential);
        }
    } else {
        log.error(sm.getString("realmBase.gssContextNotEstablished"));
    }
    // Fail in all other cases
    return null;
}

Also used : GSSName(org.ietf.jgss.GSSName) GSSException(org.ietf.jgss.GSSException) GSSCredential(org.ietf.jgss.GSSCredential) SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)

Example 57 with GSSException

use of org.ietf.jgss.GSSException in project tomcat70 by apache.

the class CombinedRealm method authenticate.

/**
 * {@inheritDoc}
 */
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
    if (gssContext.isEstablished()) {
        Principal authenticatedUser = null;
        String username = null;
        GSSName name = null;
        try {
            name = gssContext.getSrcName();
        } catch (GSSException e) {
            log.warn(sm.getString("realmBase.gssNameFail"), e);
            return null;
        }
        username = name.toString();
        for (Realm realm : realms) {
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("combinedRealm.authStart", username, realm.getInfo()));
            }
            authenticatedUser = realm.authenticate(gssContext, storeCreds);
            if (authenticatedUser == null) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("combinedRealm.authFail", username, realm.getInfo()));
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("combinedRealm.authSuccess", username, realm.getInfo()));
                }
                break;
            }
        }
        return authenticatedUser;
    }
    // Fail in all other cases
    return null;
}

Also used : GSSName(org.ietf.jgss.GSSName) GSSException(org.ietf.jgss.GSSException) Realm(org.apache.catalina.Realm) Principal(java.security.Principal)

Example 58 with GSSException

use of org.ietf.jgss.GSSException in project polymap4-core by Polymap4.

the class SpnegoHttpServlet method service.

@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    final HttpServletRequest httpRequest = req;
    final SpnegoHttpServletResponse spnegoResponse = new SpnegoHttpServletResponse(resp);
    // client/caller principal
    final SpnegoPrincipal principal;
    try {
        principal = this.authenticator.authenticate(httpRequest, spnegoResponse);
    } catch (GSSException gsse) {
        log.info("HTTP Authorization Header=" + httpRequest.getHeader(Constants.AUTHZ_HEADER));
        throw new ServletException(gsse);
    }
    // context/auth loop not yet complete
    if (spnegoResponse.isStatusSet()) {
        return;
    }
    // assert
    if (null == principal) {
        log.info("Principal was null.");
        spnegoResponse.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, true);
        return;
    } else {
        log.info("principal=" + principal);
    // spnegoResponse.sendRedirect( "http://google.de" );
    // chain.doFilter( new SpnegoHttpServletRequest( httpRequest, principal ), response );
    }
}

Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) GSSException(org.ietf.jgss.GSSException)

Example 59 with GSSException

use of org.ietf.jgss.GSSException in project Payara by payara.

the class GSSUtils method importName.

/*
     * Import the exported name from the mechanism independent exported name.
     */
public static byte[] importName(Oid oid, byte[] externalName) throws GSSException {
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Attempting to import mechanism independent name");
        _logger.log(Level.FINE, dumpHex(externalName));
    }
    GSSException e = new GSSException(GSSException.BAD_NAME);
    if (externalName[0] != 0x04)
        throw e;
    if (externalName[1] != 0x01)
        throw e;
    int mechoidlen = ((externalName[2]) << 8) + (externalName[3] & 0xff);
    if (_logger.isLoggable(Level.FINE))
        _logger.log(Level.FINE, "Mech OID length = " + mechoidlen);
    if (externalName.length < (4 + mechoidlen + 4))
        throw e;
    /*
         * get the mechanism OID and verify it is the same as oid passed as an argument.
         */
    byte[] deroid = new byte[mechoidlen];
    System.arraycopy(externalName, 4, deroid, 0, mechoidlen);
    Oid oid1 = getOID(deroid);
    if (!oid1.equals((Object) oid))
        throw e;
    int pos = 4 + mechoidlen;
    int namelen = ((externalName[pos]) << 24) + ((externalName[pos + 1]) << 16) + ((externalName[pos + 2]) << 8) + ((externalName[pos + 3]));
    // start of the mechanism specific exported name
    pos += 4;
    if (externalName.length != (4 + mechoidlen + 4 + namelen))
        throw e;
    byte[] name = new byte[externalName.length - pos];
    System.arraycopy(externalName, pos, name, 0, externalName.length - pos);
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Mechanism specific name:");
        _logger.log(Level.FINE, dumpHex(name));
        _logger.log(Level.FINE, "Successfully imported mechanism independent name");
    }
    return name;
}

Also used : GSSException(org.ietf.jgss.GSSException) Oid(org.ietf.jgss.Oid)

Example 60 with GSSException

use of org.ietf.jgss.GSSException in project Payara by payara.

the class GSSUtils method verifyTokenHeader.

/*
     * Verfies the header of a mechanism independent token. The header must be as specified in RFC 2743,
     * section 3.1. The header must contain an object identifier specified by the first parameter. If
     * the header is well formed, then the starting position of the mechanism specific token within the
     * token is returned. If the header is mal formed, then an exception is thrown.
     */
private static int verifyTokenHeader(Oid oid, byte[] token) throws GSSException {
    int index = 0;
    _logger.log(Level.FINE, "Attempting to verify tokenheader in the mechanism independent token.");
    // verify header
    if (token[index++] != 0x60)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN);
    // derOID length + token length
    int toklen = readDERLength(token, index);
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Mech OID length + Mech specific length = " + toklen);
    }
    index += getDERLengthSize(toklen);
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Mechanism OID index : " + index);
    }
    if (token[index] != 0x06)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN);
    // add first two bytes to the MECH_OID_LEN
    int oidlen = token[index + 1] + 2;
    byte[] buf = new byte[oidlen];
    System.arraycopy(token, index, buf, 0, oidlen);
    Oid mechoid = getOID(buf);
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Comparing mech OID in token with the expected mech OID");
        _logger.log(Level.FINE, "mech OID: " + dumpHex(getDER(mechoid)));
        _logger.log(Level.FINE, "expected mech OID: " + dumpHex(getDER(oid)));
    }
    if (!mechoid.equals((Object) oid)) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "mech OID in token does not match expected mech OID");
        }
        throw new GSSException(GSSException.DEFECTIVE_TOKEN);
    }
    int mechoidlen = getDER(oid).length;
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Mechanism specific token index : " + index + mechoidlen);
        _logger.log(Level.FINE, "Successfully verified header in the mechanism independent token.");
    }
    // starting position of mech specific token
    return (index + mechoidlen);
}

Also used : GSSException(org.ietf.jgss.GSSException) Oid(org.ietf.jgss.Oid)

Aggregations

GSSException (org.ietf.jgss.GSSException)78 GSSName (org.ietf.jgss.GSSName)39 Oid (org.ietf.jgss.Oid)35 GSSManager (org.ietf.jgss.GSSManager)33 GSSCredential (org.ietf.jgss.GSSCredential)31 GSSContext (org.ietf.jgss.GSSContext)30 PrivilegedActionException (java.security.PrivilegedActionException)24 LoginException (javax.security.auth.login.LoginException)20 Subject (javax.security.auth.Subject)18 Principal (java.security.Principal)16 IOException (java.io.IOException)11 LoginContext (javax.security.auth.login.LoginContext)8 SaslException (javax.security.sasl.SaslException)8 UnknownHostException (java.net.UnknownHostException)5 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)4 ServletException (javax.servlet.ServletException)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 URISyntaxException (java.net.URISyntaxException)3 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)3 SaslClient (javax.security.sasl.SaslClient)3