1 package org
.argeo
.cms
.internal
.http
.client
;
4 import java
.security
.PrivilegedExceptionAction
;
5 import java
.util
.ArrayList
;
7 import javax
.security
.auth
.Subject
;
8 import javax
.security
.auth
.login
.LoginContext
;
10 import org
.apache
.commons
.httpclient
.Credentials
;
11 import org
.apache
.commons
.httpclient
.HttpClient
;
12 import org
.apache
.commons
.httpclient
.HttpMethod
;
13 import org
.apache
.commons
.httpclient
.auth
.AuthPolicy
;
14 import org
.apache
.commons
.httpclient
.auth
.AuthScheme
;
15 import org
.apache
.commons
.httpclient
.auth
.AuthenticationException
;
16 import org
.apache
.commons
.httpclient
.auth
.CredentialsProvider
;
17 import org
.apache
.commons
.httpclient
.auth
.MalformedChallengeException
;
18 import org
.apache
.commons
.httpclient
.methods
.GetMethod
;
19 import org
.apache
.commons
.httpclient
.params
.DefaultHttpParams
;
20 import org
.apache
.commons
.httpclient
.params
.HttpParams
;
21 import org
.argeo
.cms
.auth
.RemoteAuthUtils
;
23 /** Implementation of the SPNEGO auth scheme. */
24 public class SpnegoAuthScheme
implements AuthScheme
{
25 // private final static Log log = LogFactory.getLog(SpnegoAuthScheme.class);
27 public static final String NAME
= "Negotiate";
28 // private final static Oid KERBEROS_OID;
31 // KERBEROS_OID = new Oid("1.3.6.1.5.5.2");
32 // } catch (GSSException e) {
33 // throw new IllegalStateException("Cannot create Kerberos OID", e);
37 private final static String DEFAULT_KERBEROS_SERVICE
= "HTTP";
39 private boolean complete
= false;
43 public void processChallenge(String challenge
) throws MalformedChallengeException
{
44 // if(tokenStr!=null){
45 // log.error("Received challenge while there is a token. Failing.");
52 public String
getSchemeName() {
57 public String
getParameter(String name
) {
62 public String
getRealm() {
67 public String
getID() {
72 public boolean isConnectionBased() {
77 public boolean isComplete() {
82 public String
authenticate(Credentials credentials
, String method
, String uri
) throws AuthenticationException
{
83 // log.debug("authenticate " + method + " " + uri);
85 throw new UnsupportedOperationException();
89 public String
authenticate(Credentials credentials
, HttpMethod method
) throws AuthenticationException
{
90 // GSSContext context = null;
93 hostname
= method
.getURI().getHost();
94 String tokenStr
= RemoteAuthUtils
.getGssToken(null, DEFAULT_KERBEROS_SERVICE
, hostname
);
95 return "Negotiate " + tokenStr
;
96 } catch (Exception e1
) {
98 throw new AuthenticationException("Cannot authenticate " + method
, e1
);
100 // String serverPrinc = DEFAULT_KERBEROS_SERVICE + "@" + hostname;
103 // // Get service's principal name
104 // GSSManager manager = GSSManager.getInstance();
105 // GSSName serverName = manager.createName(serverPrinc, GSSName.NT_HOSTBASED_SERVICE, KERBEROS_OID);
107 // // Get the context for authentication
108 // context = manager.createContext(serverName, KERBEROS_OID, null, GSSContext.DEFAULT_LIFETIME);
109 // // context.requestMutualAuth(true); // Request mutual authentication
110 // // context.requestConf(true); // Request confidentiality
111 // context.requestCredDeleg(true);
113 // byte[] token = new byte[0];
115 // // token is ignored on the first call
116 // token = context.initSecContext(token, 0, token.length);
118 // // Send a token to the server if one was generated by
120 // if (token != null) {
121 // tokenStr = Base64.getEncoder().encodeToString(token);
124 // } catch (GSSException e) {
126 // throw new AuthenticationException("Cannot authenticate to " + serverPrinc, e);
130 public static void main(String
[] args
) {
131 String principal
= System
.getProperty("javax.security.auth.login.name");
132 if (args
.length
== 0 || principal
== null) {
133 System
.err
.println("usage: java -Djavax.security.auth.login.name=<principal@REALM> "
134 + SpnegoAuthScheme
.class.getName() + " <url>");
138 String url
= args
[0];
140 URL jaasUrl
= SpnegoAuthScheme
.class.getResource("jaas.cfg");
141 System
.setProperty("java.security.auth.login.config", jaasUrl
.toExternalForm());
143 LoginContext lc
= new LoginContext("SINGLE_USER");
146 AuthPolicy
.registerAuthScheme(SpnegoAuthScheme
.NAME
, SpnegoAuthScheme
.class);
147 HttpParams params
= DefaultHttpParams
.getDefaultParams();
148 ArrayList
<String
> schemes
= new ArrayList
<>();
149 schemes
.add(SpnegoAuthScheme
.NAME
);
150 params
.setParameter(AuthPolicy
.AUTH_SCHEME_PRIORITY
, schemes
);
151 params
.setParameter(CredentialsProvider
.PROVIDER
, new HttpCredentialProvider());
153 int responseCode
= Subject
.doAs(lc
.getSubject(), new PrivilegedExceptionAction
<Integer
>() {
154 public Integer
run() throws Exception
{
155 HttpClient httpClient
= new HttpClient();
156 return httpClient
.executeMethod(new GetMethod(url
));
159 System
.out
.println("Reponse code: " + responseCode
);
160 } catch (Exception e
) {