Search in sources :

Example 1 with NegotiationContext

use of org.jboss.security.negotiation.common.NegotiationContext in project teiid by teiid.

the class JBossSecurityHelper method negotiateGssLogin.

@Override
public GSSResult negotiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException {
    SecurityDomainContext securityDomainContext = getSecurityDomainContext(securityDomain);
    if (securityDomainContext != null) {
        AuthenticationManager authManager = securityDomainContext.getAuthenticationManager();
        if (authManager != null) {
            Object previous = null;
            NegotiationContext context = new NegotiationContext();
            context.setRequestMessage(new KerberosMessage(Constants.KERBEROS_V5, serviceTicket));
            try {
                context.associate();
                // $NON-NLS-1$
                SecurityContext securityContext = createSecurityContext(securityDomain, new SimplePrincipal("temp"), null, new Subject());
                previous = associateSecurityContext(securityContext);
                Subject subject = new Subject();
                boolean isValid = authManager.isValid(null, null, subject);
                if (isValid) {
                    Principal principal = null;
                    for (Principal p : subject.getPrincipals()) {
                        principal = p;
                        break;
                    }
                    Object sc = createSecurityContext(securityDomain, principal, null, subject);
                    // $NON-NLS-1$
                    LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Logon successful though GSS API" });
                    GSSResult result = buildGSSResult(context, securityDomain, true);
                    result.setSecurityContext(sc);
                    result.setUserName(principal.getName());
                    return result;
                }
                // $NON-NLS-1$
                LoginException le = (LoginException) securityContext.getData().get("org.jboss.security.exception");
                if (le != null) {
                    if (le.getMessage().equals("Continuation Required.")) {
                        // $NON-NLS-1$
                        return buildGSSResult(context, securityDomain, false);
                    }
                    throw le;
                }
            } finally {
                associateSecurityContext(previous);
                context.clear();
            }
        }
    }
    // $NON-NLS-1$
    throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, "GSS Auth", securityDomain));
}
Also used : AuthenticationManager(org.jboss.security.AuthenticationManager) GSSResult(org.teiid.security.GSSResult) KerberosMessage(org.jboss.security.negotiation.spnego.KerberosMessage) SecurityContext(org.jboss.security.SecurityContext) LoginException(javax.security.auth.login.LoginException) NegotiationContext(org.jboss.security.negotiation.common.NegotiationContext) SecurityDomainContext(org.jboss.as.security.plugins.SecurityDomainContext) SimplePrincipal(org.jboss.security.SimplePrincipal) Subject(javax.security.auth.Subject) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal)

Aggregations

Principal (java.security.Principal)1 Subject (javax.security.auth.Subject)1 LoginException (javax.security.auth.login.LoginException)1 SecurityDomainContext (org.jboss.as.security.plugins.SecurityDomainContext)1 AuthenticationManager (org.jboss.security.AuthenticationManager)1 SecurityContext (org.jboss.security.SecurityContext)1 SimplePrincipal (org.jboss.security.SimplePrincipal)1 NegotiationContext (org.jboss.security.negotiation.common.NegotiationContext)1 KerberosMessage (org.jboss.security.negotiation.spnego.KerberosMessage)1 GSSResult (org.teiid.security.GSSResult)1