1 package org
.argeo
.slc
.cms
.httpclient3
;
4 import java
.security
.PrivilegedExceptionAction
;
5 import java
.util
.ArrayList
;
7 import javax
.security
.auth
.Subject
;
8 import javax
.security
.auth
.login
.LoginContext
;
10 import org
.apache
.commons
.httpclient
.Credentials
;
11 import org
.apache
.commons
.httpclient
.HttpClient
;
12 import org
.apache
.commons
.httpclient
.HttpMethod
;
13 import org
.apache
.commons
.httpclient
.auth
.AuthPolicy
;
14 import org
.apache
.commons
.httpclient
.auth
.AuthScheme
;
15 import org
.apache
.commons
.httpclient
.auth
.AuthenticationException
;
16 import org
.apache
.commons
.httpclient
.auth
.CredentialsProvider
;
17 import org
.apache
.commons
.httpclient
.auth
.MalformedChallengeException
;
18 import org
.apache
.commons
.httpclient
.methods
.GetMethod
;
19 import org
.apache
.commons
.httpclient
.params
.DefaultHttpParams
;
20 import org
.apache
.commons
.httpclient
.params
.HttpMethodParams
;
21 import org
.apache
.commons
.httpclient
.params
.HttpParams
;
22 import org
.argeo
.cms
.auth
.RemoteAuthUtils
;
24 //// Register client-side SPNEGO auth scheme
25 //AuthPolicy.registerAuthScheme(SpnegoAuthScheme.NAME, SpnegoAuthScheme.class);
26 //HttpParams params = DefaultHttpParams.getDefaultParams();
27 //ArrayList<String> schemes = new ArrayList<>();
28 //schemes.add(SpnegoAuthScheme.NAME);// SPNEGO preferred
29 //// schemes.add(AuthPolicy.BASIC);// incompatible with Basic
30 //params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
31 //params.setParameter(CredentialsProvider.PROVIDER, new HttpCredentialProvider());
32 //params.setParameter(HttpMethodParams.COOKIE_POLICY, KernelConstants.COOKIE_POLICY_BROWSER_COMPATIBILITY);
33 //// params.setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
37 /** Implementation of the SPNEGO auth scheme. */
38 public class SpnegoAuthScheme
implements AuthScheme
{
39 // private final static Log log = LogFactory.getLog(SpnegoAuthScheme.class);
41 public static final String NAME
= "Negotiate";
42 // private final static Oid KERBEROS_OID;
45 // KERBEROS_OID = new Oid("1.3.6.1.5.5.2");
46 // } catch (GSSException e) {
47 // throw new IllegalStateException("Cannot create Kerberos OID", e);
51 private final static String DEFAULT_KERBEROS_SERVICE
= "HTTP";
53 private boolean complete
= false;
57 public void processChallenge(String challenge
) throws MalformedChallengeException
{
58 // if(tokenStr!=null){
59 // log.error("Received challenge while there is a token. Failing.");
66 public String
getSchemeName() {
71 public String
getParameter(String name
) {
76 public String
getRealm() {
81 public String
getID() {
86 public boolean isConnectionBased() {
91 public boolean isComplete() {
96 public String
authenticate(Credentials credentials
, String method
, String uri
) throws AuthenticationException
{
97 // log.debug("authenticate " + method + " " + uri);
99 throw new UnsupportedOperationException();
103 public String
authenticate(Credentials credentials
, HttpMethod method
) throws AuthenticationException
{
104 // GSSContext context = null;
107 hostname
= method
.getURI().getHost();
108 String tokenStr
= RemoteAuthUtils
.createGssToken(null, DEFAULT_KERBEROS_SERVICE
, hostname
);
109 return "Negotiate " + tokenStr
;
110 } catch (Exception e1
) {
112 throw new AuthenticationException("Cannot authenticate " + method
, e1
);
114 // String serverPrinc = DEFAULT_KERBEROS_SERVICE + "@" + hostname;
117 // // Get service's principal name
118 // GSSManager manager = GSSManager.getInstance();
119 // GSSName serverName = manager.createName(serverPrinc, GSSName.NT_HOSTBASED_SERVICE, KERBEROS_OID);
121 // // Get the context for authentication
122 // context = manager.createContext(serverName, KERBEROS_OID, null, GSSContext.DEFAULT_LIFETIME);
123 // // context.requestMutualAuth(true); // Request mutual authentication
124 // // context.requestConf(true); // Request confidentiality
125 // context.requestCredDeleg(true);
127 // byte[] token = new byte[0];
129 // // token is ignored on the first call
130 // token = context.initSecContext(token, 0, token.length);
132 // // Send a token to the server if one was generated by
134 // if (token != null) {
135 // tokenStr = Base64.getEncoder().encodeToString(token);
138 // } catch (GSSException e) {
140 // throw new AuthenticationException("Cannot authenticate to " + serverPrinc, e);
144 public static void main(String
[] args
) {
145 String principal
= System
.getProperty("javax.security.auth.login.name");
146 if (args
.length
== 0 || principal
== null) {
147 System
.err
.println("usage: java -Djavax.security.auth.login.name=<principal@REALM> "
148 + SpnegoAuthScheme
.class.getName() + " <url>");
152 String url
= args
[0];
154 URL jaasUrl
= SpnegoAuthScheme
.class.getResource("jaas.cfg");
155 System
.setProperty("java.security.auth.login.config", jaasUrl
.toExternalForm());
157 LoginContext lc
= new LoginContext("SINGLE_USER");
160 AuthPolicy
.registerAuthScheme(SpnegoAuthScheme
.NAME
, SpnegoAuthScheme
.class);
161 HttpParams params
= DefaultHttpParams
.getDefaultParams();
162 ArrayList
<String
> schemes
= new ArrayList
<>();
163 schemes
.add(SpnegoAuthScheme
.NAME
);
164 params
.setParameter(AuthPolicy
.AUTH_SCHEME_PRIORITY
, schemes
);
165 params
.setParameter(CredentialsProvider
.PROVIDER
, new HttpCredentialProvider());
167 int responseCode
= Subject
.doAs(lc
.getSubject(), new PrivilegedExceptionAction
<Integer
>() {
168 public Integer
run() throws Exception
{
169 HttpClient httpClient
= new HttpClient();
170 return httpClient
.executeMethod(new GetMethod(url
));
173 System
.out
.println("Reponse code: " + responseCode
);
174 } catch (Exception e
) {