use of org.jboss.security.negotiation.spnego.KerberosMessage in project teiid by teiid.
the class JBossSecurityHelper method negotiateGssLogin.
@Override
public GSSResult negotiateGssLogin(String securityDomain, byte[] serviceTicket) throws LoginException {
SecurityDomainContext securityDomainContext = getSecurityDomainContext(securityDomain);
if (securityDomainContext != null) {
AuthenticationManager authManager = securityDomainContext.getAuthenticationManager();
if (authManager != null) {
Object previous = null;
NegotiationContext context = new NegotiationContext();
context.setRequestMessage(new KerberosMessage(Constants.KERBEROS_V5, serviceTicket));
try {
context.associate();
// $NON-NLS-1$
SecurityContext securityContext = createSecurityContext(securityDomain, new SimplePrincipal("temp"), null, new Subject());
previous = associateSecurityContext(securityContext);
Subject subject = new Subject();
boolean isValid = authManager.isValid(null, null, subject);
if (isValid) {
Principal principal = null;
for (Principal p : subject.getPrincipals()) {
principal = p;
break;
}
Object sc = createSecurityContext(securityDomain, principal, null, subject);
// $NON-NLS-1$
LogManager.logDetail(LogConstants.CTX_SECURITY, new Object[] { "Logon successful though GSS API" });
GSSResult result = buildGSSResult(context, securityDomain, true);
result.setSecurityContext(sc);
result.setUserName(principal.getName());
return result;
}
// $NON-NLS-1$
LoginException le = (LoginException) securityContext.getData().get("org.jboss.security.exception");
if (le != null) {
if (le.getMessage().equals("Continuation Required.")) {
// $NON-NLS-1$
return buildGSSResult(context, securityDomain, false);
}
throw le;
}
} finally {
associateSecurityContext(previous);
context.clear();
}
}
}
// $NON-NLS-1$
throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50072, "GSS Auth", securityDomain));
}
Aggregations