ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1622474 - in /webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security: message/token/ spnego/ validate/
Date Thu, 04 Sep 2014 13:19:52 GMT
Author: coheigea
Date: Thu Sep  4 13:19:52 2014
New Revision: 1622474

URL: http://svn.apache.org/r1622474
Log:
Consolidating Kerberos + SPNEGO code


Conflicts:
	src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java
	src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
	ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java

Modified:
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosClientExceptionAction.java
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceAction.java
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceContext.java
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceExceptionAction.java
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosClientExceptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosClientExceptionAction.java?rev=1622474&r1=1622473&r2=1622474&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosClientExceptionAction.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosClientExceptionAction.java
Thu Sep  4 13:19:52 2014
@@ -49,48 +49,63 @@ public class KerberosClientExceptionActi
     private static final String IBM_JGSS_INQUIRE_TYPE_CLASS = "com.ibm.security.jgss.InquireType";
     private static final String IBM_JGSS_EXT_GSSCTX_CLASS = "com.ibm.security.jgss.ExtendedGSSContext";
 
+    private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+    private static final String JGSS_SPNEGO_TICKET_OID = "1.3.6.1.5.5.2";
+    
     private Principal clientPrincipal;
     private String serviceName;
     private boolean isUsernameServiceNameForm;
     private boolean requestCredDeleg;
     private GSSCredential delegatedCredential;
+    private boolean spnego;
+    private boolean mutualAuth;
 
     public KerberosClientExceptionAction(Principal clientPrincipal, String serviceName, 
                                          boolean isUsernameServiceNameForm, boolean requestCredDeleg)
{
-        this(clientPrincipal, serviceName, isUsernameServiceNameForm, requestCredDeleg, null);
+        this(clientPrincipal, serviceName, isUsernameServiceNameForm, 
+             requestCredDeleg, null, false, false);
     }
     
     public KerberosClientExceptionAction(Principal clientPrincipal, String serviceName, 
                                          boolean isUsernameServiceNameForm, boolean requestCredDeleg,
-                                         GSSCredential delegatedCredential) {
+                                         GSSCredential delegatedCredential,
+                                         boolean spnego, boolean mutualAuth) {
         this.clientPrincipal = clientPrincipal;
         this.serviceName = serviceName;
         this.isUsernameServiceNameForm = isUsernameServiceNameForm;
         this.requestCredDeleg = requestCredDeleg;
         this.delegatedCredential = delegatedCredential;
+        this.spnego = spnego;
+        this.mutualAuth = mutualAuth;
     }
     
     public KerberosContext run() throws GSSException, WSSecurityException {
         GSSManager gssManager = GSSManager.getInstance();
 
-        Oid kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
-        
+        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm

+                                                   ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
+        Oid oid = null;
         GSSCredential credentials = delegatedCredential;
-        if (credentials == null) {
-            GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
-            credentials = 
-                gssManager.createCredential(
-                    gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
-                );
+        if (spnego) {
+            oid = new Oid(JGSS_SPNEGO_TICKET_OID);
+        } else {
+            oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+            
+            if (credentials == null) {
+                GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
+                credentials = 
+                    gssManager.createCredential(
+                        gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY
+                    );
+            }
         }
 
-        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm
? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
         GSSContext secContext =
             gssManager.createContext(
-                gssService, kerberos5Oid, credentials, GSSContext.DEFAULT_LIFETIME
+                gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME
             );
 
-        secContext.requestMutualAuth(false);
+        secContext.requestMutualAuth(mutualAuth);
         secContext.requestCredDeleg(requestCredDeleg);
 
         byte[] token = new byte[0];

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java?rev=1622474&r1=1622473&r2=1622474&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosSecurity.java
Thu Sep  4 13:19:52 2014
@@ -198,7 +198,7 @@ public class KerberosSecurity extends Bi
         KerberosClientExceptionAction action = 
             new KerberosClientExceptionAction(clientPrincipals.iterator().next(), serviceName,

                                               isUsernameServiceNameForm, requestCredDeleg,
-                                              delegatedCredential);
+                                              delegatedCredential, false, false);
         KerberosContext krbCtx = null;
         try {
             krbCtx = (KerberosContext) Subject.doAs(clientSubject, action);

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceAction.java?rev=1622474&r1=1622473&r2=1622474&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceAction.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceAction.java
Thu Sep  4 13:19:52 2014
@@ -46,7 +46,8 @@ public class KerberosServiceAction imple
     public Principal run() {
         try {
             KerberosServiceExceptionAction action = 
-                new KerberosServiceExceptionAction(this.ticket, this.serviceName, this.isUsernameServiceNameForm);
           
+                new KerberosServiceExceptionAction(this.ticket, this.serviceName, 
+                                                   this.isUsernameServiceNameForm, false);
           
             KerberosServiceContext krbServiceCtx = action.run();            
             return krbServiceCtx.getPrincipal();
         } catch (Exception e) {

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceContext.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceContext.java?rev=1622474&r1=1622473&r2=1622474&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceContext.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceContext.java
Thu Sep  4 13:19:52 2014
@@ -21,6 +21,7 @@ package org.apache.ws.security.message.t
 import java.security.Key;
 import java.security.Principal;
 
+import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 
 
@@ -29,6 +30,8 @@ public class KerberosServiceContext {
     private Principal principal;
     private Key sessionKey;
     private GSSCredential delegationCredential;
+    private GSSContext gssContext;
+    private byte[] kerberosToken;
     
     /**
      * @return the principal
@@ -65,5 +68,21 @@ public class KerberosServiceContext {
     public void setDelegationCredential(GSSCredential delegationCredential) {
         this.delegationCredential = delegationCredential;
     }
+
+    public GSSContext getGssContext() {
+        return gssContext;
+    }
+
+    public void setGssContext(GSSContext gssContext) {
+        this.gssContext = gssContext;
+    }
+
+    public byte[] getKerberosToken() {
+        return kerberosToken;
+    }
+
+    public void setKerberosToken(byte[] kerberosToken) {
+        this.kerberosToken = kerberosToken;
+    }
     
 }

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceExceptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceExceptionAction.java?rev=1622474&r1=1622473&r2=1622474&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceExceptionAction.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/KerberosServiceExceptionAction.java
Thu Sep  4 13:19:52 2014
@@ -51,17 +51,21 @@ public class KerberosServiceExceptionAct
     private static final String EXTENDED_JGSS_CONTEXT_INQUIRE_TYPE_KRB5_GET_SESSION_KEY =
"KRB5_GET_SESSION_KEY";
 
     private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+    private static final String JGSS_SPNEGO_TICKET_OID = "1.3.6.1.5.5.2";
 
     private static final String KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID = "kerberosTicketValidationError";
 
     private byte[] ticket;
     private String serviceName;
     private boolean isUsernameServiceNameForm;
+    private boolean spnego;
 
-    public KerberosServiceExceptionAction(byte[] ticket, String serviceName, boolean isUsernameServiceNameForm)
{
+    public KerberosServiceExceptionAction(byte[] ticket, String serviceName, boolean isUsernameServiceNameForm,
+                                          boolean spnego) {
         this.ticket = ticket;
         this.serviceName = serviceName;
         this.isUsernameServiceNameForm = isUsernameServiceNameForm;
+        this.spnego = spnego;
     }
 
 
@@ -72,19 +76,25 @@ public class KerberosServiceExceptionAct
 
         GSSManager gssManager = GSSManager.getInstance();
 
-        Oid kerberos5Oid = new Oid(JGSS_KERBEROS_TICKET_OID);
-        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm
? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
-        GSSCredential credentials = 
-            gssManager.createCredential(
-                gssService, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.ACCEPT_ONLY
-            );
+        GSSContext secContext = null;
+        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm

+                                                   ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
+        if (spnego) {
+            Oid oid = new Oid(JGSS_SPNEGO_TICKET_OID);
+            secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);
+        } else {
+            Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+            GSSCredential credentials = 
+                gssManager.createCredential(
+                    gssService, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.ACCEPT_ONLY
+                );
+            secContext = gssManager.createContext(credentials);
+        }
 
         KerberosServiceContext krbServiceCtx = null;
-        GSSContext secContext = null;
 
         try{
-            secContext = gssManager.createContext(credentials);
-            secContext.acceptSecContext(ticket, 0, ticket.length);
+            byte[] returnedToken = secContext.acceptSecContext(ticket, 0, ticket.length);
 
             krbServiceCtx = new KerberosServiceContext();         
             
@@ -94,6 +104,8 @@ public class KerberosServiceExceptionAct
             
             GSSName clientName = secContext.getSrcName();
             krbServiceCtx.setPrincipal(new KerberosPrincipal(clientName.toString()));
+            krbServiceCtx.setGssContext(secContext);
+            krbServiceCtx.setKerberosToken(returnedToken);
             
             if (!isJava5Or6 && (isOracleJavaVendor || isIBMJavaVendor)) {
                 try {
@@ -133,7 +145,7 @@ public class KerberosServiceExceptionAct
                 }      
             }            
         } finally {
-            if (null != secContext) {
+            if (null != secContext && !spnego) {
                 secContext.dispose();    
             }
         }               

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java?rev=1622474&r1=1622473&r2=1622474&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java
Thu Sep  4 13:19:52 2014
@@ -20,6 +20,7 @@
 package org.apache.ws.security.spnego;
 
 import java.security.Principal;
+import java.security.PrivilegedActionException;
 import java.util.Set;
 
 import javax.security.auth.Subject;
@@ -28,7 +29,12 @@ import javax.security.auth.login.LoginCo
 import javax.security.auth.login.LoginException;
 
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.message.token.KerberosClientExceptionAction;
+import org.apache.ws.security.message.token.KerberosContext;
+import org.apache.ws.security.message.token.KerberosServiceContext;
+import org.apache.ws.security.message.token.KerberosServiceExceptionAction;
 import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.MessageProp;
 
@@ -43,8 +49,10 @@ public class SpnegoTokenContext {
     private GSSContext secContext;
     private byte[] token;
     private boolean mutualAuth;
-    private SpnegoClientAction clientAction = new DefaultSpnegoClientAction();
-    private SpnegoServiceAction serviceAction = new DefaultSpnegoServiceAction();
+    private SpnegoClientAction clientAction;
+    private SpnegoServiceAction serviceAction;
+    private GSSCredential delegationCredential;
+    private Principal spnegoPrincipal;
 
     /**
      * Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in
this
@@ -59,6 +67,49 @@ public class SpnegoTokenContext {
         CallbackHandler callbackHandler,
         String serviceName
     ) throws WSSecurityException {
+        retrieveServiceTicket(jaasLoginModuleName, callbackHandler, serviceName, false);
+    }
+    
+    
+    /**
+     * Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in
this
+     * BinarySecurityToken.
+     * @param jaasLoginModuleName the JAAS Login Module name to use
+     * @param callbackHandler a CallbackHandler instance to retrieve a password (optional)
+     * @param serviceName the desired Kerberized service
+     * @param serviceNameForm 
+     * @throws WSSecurityException
+     */
+    public void retrieveServiceTicket(
+        String jaasLoginModuleName, 
+        CallbackHandler callbackHandler,
+        String serviceName,
+        boolean isUsernameServiceNameForm
+    ) throws WSSecurityException {
+        retrieveServiceTicket(jaasLoginModuleName, callbackHandler, serviceName, 
+                              isUsernameServiceNameForm, false, null);
+    }
+    
+    /**
+     * Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in
this
+     * BinarySecurityToken.
+     * @param jaasLoginModuleName the JAAS Login Module name to use
+     * @param callbackHandler a CallbackHandler instance to retrieve a password (optional)
+     * @param serviceName the desired Kerberized service
+     * @param serviceNameForm 
+     * @param requestCredDeleg Whether to request credential delegation or not
+     * @param delegationCredential The delegation credential to use
+     * @throws WSSecurityException
+     */
+    public void retrieveServiceTicket(
+        String jaasLoginModuleName, 
+        CallbackHandler callbackHandler,
+        String serviceName,
+        boolean isUsernameServiceNameForm,
+        boolean requestCredDeleg,
+        GSSCredential delegationCredential
+    ) throws WSSecurityException {
+        
         // Get a TGT from the KDC using JAAS
         LoginContext loginContext = null;
         try {
@@ -94,16 +145,49 @@ public class SpnegoTokenContext {
         }
         
         // Get the service ticket
-        clientAction.setServiceName(serviceName);
-        clientAction.setMutualAuth(mutualAuth);
-        token = (byte[])Subject.doAs(clientSubject, clientAction);
-        if (token == null) {
-            throw new WSSecurityException(
-                WSSecurityException.FAILURE, "kerberosServiceTicketError"
-            );
+        if (clientAction != null) {
+            clientAction.setServiceName(serviceName);
+            clientAction.setMutualAuth(mutualAuth);
+            token = Subject.doAs(clientSubject, clientAction);
+            if (token == null) {
+                throw new WSSecurityException(
+                    WSSecurityException.FAILURE, "kerberosServiceTicketError"
+                );
+            }
+            
+            secContext = clientAction.getContext();
+        } else {
+            KerberosClientExceptionAction action = 
+                new KerberosClientExceptionAction(null, serviceName, 
+                                                  isUsernameServiceNameForm, 
+                                                  requestCredDeleg,
+                                                  delegationCredential,
+                                                  true,
+                                                  mutualAuth);
+            KerberosContext krbCtx = null;
+            try {
+                krbCtx = (KerberosContext) Subject.doAs(clientSubject, action);
+    
+                token = krbCtx.getKerberosToken();
+                if (token == null) {
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILURE, "kerberosServiceTicketError"
+                    );
+                }
+                
+                secContext = krbCtx.getGssContext();
+            } catch (PrivilegedActionException e) {
+                Throwable cause = e.getCause();
+                if (cause instanceof WSSecurityException) {
+                    throw (WSSecurityException) cause;
+                } else {
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILURE, "kerberosServiceTicketError", new Object[]
{}, cause
+                    );
+                }
+            }
         }
         
-        secContext = clientAction.getContext();
         if (LOG.isDebugEnabled()) {
             LOG.debug("Successfully retrieved a service ticket");
         }
@@ -124,6 +208,16 @@ public class SpnegoTokenContext {
         String serviceName,
         byte[] ticket
     ) throws WSSecurityException {
+        validateServiceTicket(jaasLoginModuleName, callbackHandler, serviceName, ticket,
false);
+    }
+    
+    public void validateServiceTicket(
+        String jaasLoginModuleName, 
+        CallbackHandler callbackHandler,
+        String serviceName,
+        byte[] ticket,
+        boolean isUsernameServiceNameForm
+    ) throws WSSecurityException {
         // Get a TGT from the KDC using JAAS
         LoginContext loginContext = null;
         try {
@@ -164,15 +258,44 @@ public class SpnegoTokenContext {
         }
 
         // Validate the ticket
-        serviceAction.setTicket(ticket);
-        serviceAction.setServiceName(service);
-        token = (byte[])Subject.doAs(subject, serviceAction);
+        if (serviceAction != null) {
+            serviceAction.setTicket(ticket);
+            serviceAction.setServiceName(service);
+            token = Subject.doAs(subject, serviceAction);
+            secContext = serviceAction.getContext();
+        } else {
+            KerberosServiceExceptionAction action = 
+                new KerberosServiceExceptionAction(ticket, service, 
+                                                   isUsernameServiceNameForm, true);
+            KerberosServiceContext krbCtx = null;
+            try {
+                krbCtx = (KerberosServiceContext) Subject.doAs(subject, action);
+    
+                token = krbCtx.getKerberosToken();
+                if (token == null) {
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILURE, "kerberosServiceTicketError"
+                    );
+                }
+                
+                secContext = krbCtx.getGssContext();
+                delegationCredential = krbCtx.getDelegationCredential();
+                spnegoPrincipal = krbCtx.getPrincipal();
+            } catch (PrivilegedActionException e) {
+                Throwable cause = e.getCause();
+                if (cause instanceof WSSecurityException) {
+                    throw (WSSecurityException) cause;
+                } else {
+                    throw new WSSecurityException(
+                         WSSecurityException.FAILURE, "kerberosServiceTicketError", new Object[]
{}, cause
+                    );
+                }
+            }
+        }
         
-        secContext = serviceAction.getContext();
         if (LOG.isDebugEnabled()) {
             LOG.debug("Successfully validated a service ticket");
         }
-
     }
     
     /**
@@ -250,6 +373,8 @@ public class SpnegoTokenContext {
     public void clear() {
         token = null;
         mutualAuth = false;
+        delegationCredential = null;
+        spnegoPrincipal = null;
         try {
             secContext.dispose();
         } catch (GSSException e) {
@@ -258,5 +383,13 @@ public class SpnegoTokenContext {
             }
         }
     }
-    
+
+    public GSSCredential getDelegationCredential() {
+        return delegationCredential;
+    }
+
+    public Principal getSpnegoPrincipal() {
+        return spnegoPrincipal;
+    }
+
 }

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java?rev=1622474&r1=1622473&r2=1622474&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
Thu Sep  4 13:19:52 2014
@@ -47,6 +47,7 @@ public class KerberosTokenValidator impl
     private String contextName;
     private KerberosTokenDecoder kerberosTokenDecoder;
     private boolean isUsernameServiceNameForm;
+    private boolean spnego;
 
     /**
      * Get the JAAS Login context name to use.
@@ -203,7 +204,9 @@ public class KerberosTokenValidator impl
         }
 
         // Validate the ticket
-        KerberosServiceExceptionAction action = new KerberosServiceExceptionAction(token,
service, isUsernameServiceNameForm());
+        KerberosServiceExceptionAction action = 
+            new KerberosServiceExceptionAction(token, service, 
+                                               isUsernameServiceNameForm(), spnego);
         KerberosServiceContext krbServiceCtx = null;
         try {
             krbServiceCtx = (KerberosServiceContext)Subject.doAs(subject, action);
@@ -287,5 +290,12 @@ public class KerberosTokenValidator impl
     public void setUsernameServiceNameForm(boolean isUsernameServiceNameForm) {
         this.isUsernameServiceNameForm = isUsernameServiceNameForm;
     }
-    
+
+    public boolean isSpnego() {
+        return spnego;
+    }
+
+    public void setSpnego(boolean spnego) {
+        this.spnego = spnego;
+    }
 }



Mime
View raw message