Example 36 with GSSManager
use of org.ietf.jgss.GSSManager in project cxf by apache.
the class AbstractSpnegoAuthSupplier method getToken.
/**
* Create and return a service ticket token for a given service principal
* name
*
* @param authPolicy
* @param spn
* @return service ticket token
* @throws GSSException
* @throws LoginException
*/
private byte[] getToken(AuthorizationPolicy authPolicy, String spn, Oid oid, Message message) throws GSSException, LoginException {
GSSCredential delegatedCred = (GSSCredential) message.getContextualProperty(GSSCredential.class.getName());
Subject subject = null;
if (authPolicy != null && delegatedCred == null) {
String contextName = authPolicy.getAuthorization();
if (contextName == null) {
contextName = "";
}
if (!(StringUtils.isEmpty(authPolicy.getUserName()) && StringUtils.isEmpty(contextName) && loginConfig == null)) {
CallbackHandler callbackHandler = getUsernamePasswordHandler(authPolicy.getUserName(), authPolicy.getPassword());
LoginContext lc = new LoginContext(contextName, null, callbackHandler, loginConfig);
lc.login();
subject = lc.getSubject();
}
}
GSSManager manager = GSSManager.getInstance();
GSSName serverName = manager.createName(spn, serviceNameType);
GSSContext context = manager.createContext(serverName.canonicalize(oid), oid, delegatedCred, GSSContext.DEFAULT_LIFETIME);
context.requestCredDeleg(isCredDelegationRequired(message));
// If the delegated cred is not null then we only need the context to
// immediately return a ticket based on this credential without attempting
// to log on again
final byte[] token = new byte[0];
if (delegatedCred != null) {
return context.initSecContext(token, 0, token.length);
}
decorateSubject(subject);
try {
return Subject.doAs(subject, new CreateServiceTicketAction(context, token));
} catch (PrivilegedActionException e) {
if (e.getCause() instanceof GSSException) {
throw (GSSException) e.getCause();
}
LOG.log(Level.SEVERE, "initSecContext", e);
return null;
}
}
Also used :
GSSName(org.ietf.jgss.GSSName)
NamePasswordCallbackHandler(org.apache.cxf.interceptor.security.NamePasswordCallbackHandler)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
LoginContext(javax.security.auth.login.LoginContext)
GSSException(org.ietf.jgss.GSSException)
GSSCredential(org.ietf.jgss.GSSCredential)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSManager(org.ietf.jgss.GSSManager)
GSSContext(org.ietf.jgss.GSSContext)
Subject(javax.security.auth.Subject)
Aggregations
GSSManager (org.ietf.jgss.GSSManager)36
GSSName (org.ietf.jgss.GSSName)29
Oid (org.ietf.jgss.Oid)25
GSSException (org.ietf.jgss.GSSException)21
GSSContext (org.ietf.jgss.GSSContext)20
GSSCredential (org.ietf.jgss.GSSCredential)17
Subject (javax.security.auth.Subject)12
PrivilegedActionException (java.security.PrivilegedActionException)10
Principal (java.security.Principal)8
IOException (java.io.IOException)5
LoginContext (javax.security.auth.login.LoginContext)5
LoginException (javax.security.auth.login.LoginException)4
SaslException (javax.security.sasl.SaslException)4
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)3
SaslServer (javax.security.sasl.SaslServer)3
AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)3
Test (org.junit.Test)3
FileOutputStream (java.io.FileOutputStream)2
URISyntaxException (java.net.URISyntaxException)2
