1 package org
.argeo
.cms
.internal
.http
.client
;
5 import java
.security
.PrivilegedExceptionAction
;
6 import java
.util
.ArrayList
;
7 import java
.util
.Base64
;
9 import javax
.security
.auth
.Subject
;
10 import javax
.security
.auth
.login
.LoginContext
;
12 import org
.apache
.commons
.httpclient
.Credentials
;
13 import org
.apache
.commons
.httpclient
.HttpClient
;
14 import org
.apache
.commons
.httpclient
.HttpMethod
;
15 import org
.apache
.commons
.httpclient
.URIException
;
16 import org
.apache
.commons
.httpclient
.auth
.AuthPolicy
;
17 import org
.apache
.commons
.httpclient
.auth
.AuthScheme
;
18 import org
.apache
.commons
.httpclient
.auth
.AuthenticationException
;
19 import org
.apache
.commons
.httpclient
.auth
.CredentialsProvider
;
20 import org
.apache
.commons
.httpclient
.auth
.MalformedChallengeException
;
21 import org
.apache
.commons
.httpclient
.methods
.GetMethod
;
22 import org
.apache
.commons
.httpclient
.params
.DefaultHttpParams
;
23 import org
.apache
.commons
.httpclient
.params
.HttpParams
;
24 import org
.apache
.commons
.logging
.Log
;
25 import org
.apache
.commons
.logging
.LogFactory
;
26 import org
.ietf
.jgss
.GSSContext
;
27 import org
.ietf
.jgss
.GSSException
;
28 import org
.ietf
.jgss
.GSSManager
;
29 import org
.ietf
.jgss
.GSSName
;
30 import org
.ietf
.jgss
.Oid
;
32 /** Implementation of the SPNEGO auth scheme. */
33 public class SpnegoAuthScheme
implements AuthScheme
{
34 private final static Log log
= LogFactory
.getLog(SpnegoAuthScheme
.class);
36 public static final String NAME
= "Negotiate";
37 private final static Oid KERBEROS_OID
;
40 KERBEROS_OID
= new Oid("1.3.6.1.5.5.2");
41 } catch (GSSException e
) {
42 throw new IllegalStateException("Cannot create Kerberos OID", e
);
46 private boolean complete
= false;
48 private String tokenStr
;
51 public void processChallenge(String challenge
) throws MalformedChallengeException
{
52 // if(tokenStr!=null){
53 // log.error("Received challenge while there is a token. Failing.");
60 public String
getSchemeName() {
65 public String
getParameter(String name
) {
70 public String
getRealm() {
75 public String
getID() {
80 public boolean isConnectionBased() {
85 public boolean isComplete() {
90 public String
authenticate(Credentials credentials
, String method
, String uri
) throws AuthenticationException
{
91 // log.debug("authenticate " + method + " " + uri);
93 throw new UnsupportedOperationException();
97 public String
authenticate(Credentials credentials
, HttpMethod method
) throws AuthenticationException
{
98 GSSContext context
= null;
99 String tokenStr
= null;
102 hostname
= method
.getURI().getHost();
103 } catch (URIException e1
) {
104 throw new IllegalStateException("Cannot authenticate", e1
);
106 String serverPrinc
= "HTTP@" + hostname
;
109 // Get service's principal name
110 GSSManager manager
= GSSManager
.getInstance();
111 GSSName serverName
= manager
.createName(serverPrinc
, GSSName
.NT_HOSTBASED_SERVICE
, KERBEROS_OID
);
113 // Get the context for authentication
114 context
= manager
.createContext(serverName
, KERBEROS_OID
, null, GSSContext
.DEFAULT_LIFETIME
);
115 // context.requestMutualAuth(true); // Request mutual authentication
116 // context.requestConf(true); // Request confidentiality
117 context
.requestCredDeleg(true);
119 byte[] token
= new byte[0];
121 // token is ignored on the first call
122 token
= context
.initSecContext(token
, 0, token
.length
);
124 // Send a token to the server if one was generated by
127 tokenStr
= Base64
.getEncoder().encodeToString(token
);
130 return "Negotiate " + tokenStr
;
131 } catch (GSSException e
) {
133 throw new AuthenticationException("Cannot authenticate to " + serverPrinc
, e
);
137 private void doAuthenticate(URI uri
){
141 public static void main(String
[] args
) {
142 if (args
.length
== 0) {
143 System
.err
.println("usage: java " + SpnegoAuthScheme
.class.getName() + " <url>");
147 String url
= args
[0];
149 URL jaasUrl
= SpnegoAuthScheme
.class.getResource("jaas.cfg");
150 System
.setProperty("java.security.auth.login.config", jaasUrl
.toExternalForm());
152 LoginContext lc
= new LoginContext("SINGLE_USER");
155 AuthPolicy
.registerAuthScheme(SpnegoAuthScheme
.NAME
, SpnegoAuthScheme
.class);
156 HttpParams params
= DefaultHttpParams
.getDefaultParams();
157 ArrayList
<String
> schemes
= new ArrayList
<>();
158 schemes
.add(SpnegoAuthScheme
.NAME
);
159 params
.setParameter(AuthPolicy
.AUTH_SCHEME_PRIORITY
, schemes
);
160 params
.setParameter(CredentialsProvider
.PROVIDER
, new SpnegoCredentialProvider());
162 int responseCode
= Subject
.doAs(lc
.getSubject(), new PrivilegedExceptionAction
<Integer
>() {
163 public Integer
run() throws Exception
{
164 HttpClient httpClient
= new HttpClient();
165 return httpClient
.executeMethod(new GetMethod(url
));
168 System
.out
.println("Reponse code: " + responseCode
);
169 } catch (Exception e
) {