ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1206208 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/spnego/ main/resources/org/apache/ws/security/ test/java/org/apache/ws/security/message/token/
Date Fri, 25 Nov 2011 15:18:40 GMT
Author: coheigea
Date: Fri Nov 25 15:18:39 2011
New Revision: 1206208

URL: http://svn.apache.org/viewvc?rev=1206208&view=rev
Log:
Added initial support for SPNEGO

Added:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java
Modified:
    webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java

Added: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java?rev=1206208&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
(added)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
Fri Nov 25 15:18:39 2011
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.spnego;
+
+import java.security.PrivilegedAction;
+
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+
+/**
+ * This class represents a PrivilegedAction implementation to obtain a (SPNEGO) service ticket
from a 
+ * Kerberos Key Distribution Center.
+ */
+public class SpnegoClientAction implements PrivilegedAction<byte[]> {
+    private static org.apache.commons.logging.Log log =
+        org.apache.commons.logging.LogFactory.getLog(SpnegoClientAction.class);
+    
+    private String serviceName;
+    private GSSContext secContext;
+    
+    public SpnegoClientAction(String serviceName) {
+        this.serviceName = serviceName;
+    }
+    
+    public byte[] run() {
+        try {
+            if (secContext == null) {
+                GSSManager gssManager = GSSManager.getInstance();
+                Oid oid = new Oid("1.3.6.1.5.5.2");
+                
+                GSSName gssService = gssManager.createName(serviceName, GSSName.NT_HOSTBASED_SERVICE);
+                secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);
+                
+                secContext.requestMutualAuth(Boolean.FALSE);
+                secContext.requestCredDeleg(Boolean.FALSE);
+            }
+        
+            byte[] token = new byte[0];
+            return secContext.initSecContext(token, 0, token.length);
+        } catch (GSSException e) {
+            if (log.isDebugEnabled()) {
+                log.debug("Error in obtaining a Kerberos token", e);
+            }
+        }
+
+        return null;
+    }
+    
+    public GSSContext getContext() {
+        return secContext;
+    }
+    
+}

Added: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java?rev=1206208&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java (added)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java Fri
Nov 25 15:18:39 2011
@@ -0,0 +1,143 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.spnego;
+
+import java.security.Principal;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.ws.security.WSSecurityException;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.MessageProp;
+
+/**
+ * SPNEGO Token.
+ */
+public class SpnegoToken {
+    
+    private static final org.apache.commons.logging.Log LOG = 
+        org.apache.commons.logging.LogFactory.getLog(SpnegoToken.class);
+    
+    private GSSContext secContext;
+    private byte[] token;
+
+    /**
+     * Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in
this
+     * BinarySecurityToken.
+     * @param jaasLoginModuleName the JAAS Login Module name to use
+     * @param callbackHandler a CallbackHandler instance to retrieve a password (optional)
+     * @param serviceName the desired Kerberized service
+     * @throws WSSecurityException
+     */
+    public void retrieveServiceTicket(
+        String jaasLoginModuleName, 
+        CallbackHandler callbackHandler,
+        String serviceName
+    ) throws WSSecurityException {
+        // Get a TGT from the KDC using JAAS
+        LoginContext loginContext = null;
+        try {
+            if (callbackHandler == null) {
+                loginContext = new LoginContext(jaasLoginModuleName);
+            } else {
+                loginContext = new LoginContext(jaasLoginModuleName, callbackHandler);
+            }
+            loginContext.login();
+        } catch (LoginException ex) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug(ex.getMessage(), ex);
+            }
+            throw new WSSecurityException(
+                WSSecurityException.FAILURE,
+                "kerberosLoginError", 
+                new Object[] {ex.getMessage()}
+            );
+        }
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Successfully authenticated to the TGT");
+        }
+        
+        Subject clientSubject = loginContext.getSubject();
+        Set<Principal> clientPrincipals = clientSubject.getPrincipals();
+        if (clientPrincipals.isEmpty()) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILURE, 
+                "kerberosLoginError", 
+                new Object[] {"No Client principals found after login"}
+            );
+        }
+        
+        // Get the service ticket
+        SpnegoClientAction action = new SpnegoClientAction(serviceName);
+        token = (byte[])Subject.doAs(clientSubject, action);
+        if (token == null) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILURE, "kerberosServiceTicketError"
+            );
+        }
+        
+        secContext = action.getContext();
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Successfully retrieved a service ticket");
+        }
+        
+    }
+    
+    /**
+     * Get the SPNEGO token that was created in retrieveServiceTicket().
+     */
+    public byte[] getToken() {
+        return token;
+    }
+    
+    /**
+     * Unwrap a key
+     */
+    public byte[] unwrapKey(byte[] secret) throws WSSecurityException {
+        MessageProp mProp = new MessageProp(0, true);
+        try {
+            return secContext.unwrap(secret, 0, secret.length, mProp);
+        } catch (GSSException e) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Error in cleaning up a GSS context", e);
+            }
+            throw new WSSecurityException(
+                WSSecurityException.FAILURE, "spnegoKeyError"
+            );
+        }
+    }
+    
+    public void clear() {
+        token = null;
+        try {
+            secContext.dispose();
+        } catch (GSSException e) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Error in cleaning up a GSS context", e);
+            }
+        }
+    }
+    
+}

Modified: webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties?rev=1206208&r1=1206207&r2=1206208&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties (original)
+++ webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties Fri
Nov 25 15:18:39 2011
@@ -102,4 +102,5 @@ invalidKeySize=Invalid keysize
 
 kerberosLoginError=An error occurred in trying to obtain a TGT: {0}
 kerberosServiceTicketError=An error occurred in trying to obtain a service ticket
-kerberosTicketValidationError=An error occured in trying to validate a ticket
\ No newline at end of file
+kerberosTicketValidationError=An error occurred in trying to validate a ticket
+spnegoKeyError=An error occurred in trying to unwrap a SPNEGO key
\ No newline at end of file

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java?rev=1206208&r1=1206207&r2=1206208&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java
Fri Nov 25 15:18:39 2011
@@ -28,6 +28,7 @@ import org.apache.ws.security.common.SOA
 import org.apache.ws.security.message.WSSecEncrypt;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.spnego.SpnegoToken;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
 // import org.apache.ws.security.validate.KerberosTokenDecoderImpl;
@@ -106,6 +107,22 @@ public class KerberosTest extends org.ju
     }
     
     /**
+     * Get a SPNEGO token.
+     */
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testSpnego() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        SpnegoToken spnegoToken = new SpnegoToken();
+        spnegoToken.retrieveServiceTicket("alice", null, "bob@service.ws.apache.org");
+        assertNotNull(spnegoToken.getToken());
+    }
+    
+    /**
      * Various unit tests for a kerberos client
      */
     @org.junit.Test



Mime
View raw message