-
- protected CallbackHandler extractHttpAuth(final HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
- String authHeader = httpRequest.getHeader(HttpUtils.HEADER_AUTHORIZATION);
- if (authHeader != null) {
- StringTokenizer st = new StringTokenizer(authHeader);
- if (st.hasMoreTokens()) {
- String basic = st.nextToken();
- if (basic.equalsIgnoreCase("Basic")) {
- try {
- // TODO manipulate char[]
- String credentials = new String(Base64.decodeBase64(st.nextToken()), "UTF-8");
- // log.debug("Credentials: " + credentials);
- int p = credentials.indexOf(":");
- if (p != -1) {
- final String login = credentials.substring(0, p).trim();
- final char[] password = credentials.substring(p + 1).trim().toCharArray();
- return new CallbackHandler() {
- public void handle(Callback[] callbacks) {
- for (Callback cb : callbacks) {
- if (cb instanceof NameCallback)
- ((NameCallback) cb).setName(login);
- else if (cb instanceof PasswordCallback)
- ((PasswordCallback) cb).setPassword(password);
- else if (cb instanceof HttpRequestCallback) {
- ((HttpRequestCallback) cb).setRequest(httpRequest);
- ((HttpRequestCallback) cb).setResponse(httpResponse);
- }
- }
- }
- };
- } else {
- throw new CmsException("Invalid authentication token");
- }
- } catch (Exception e) {
- throw new CmsException("Couldn't retrieve authentication", e);
- }
- } else if (basic.equalsIgnoreCase("Negotiate")) {
- // FIXME generalise
- String _targetName = "HTTP/mostar.desktop.argeo.pro";
- String spnegoToken = st.nextToken();
- byte[] authToken = Base64.decodeBase64(spnegoToken);
- GSSManager manager = GSSManager.getInstance();
- try {
- Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
- GSSName gssName = manager.createName(_targetName, null);
- GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME,
- krb5Oid, GSSCredential.ACCEPT_ONLY);
- GSSContext gContext = manager.createContext(serverCreds);
-
- if (gContext == null) {
- log.debug("SpnegoUserRealm: failed to establish GSSContext");
- } else {
- while (!gContext.isEstablished()) {
- byte[] outToken = gContext.acceptSecContext(authToken, 0, authToken.length);
- String outTokenStr = Base64.encodeBase64String(outToken);
- httpResponse.setHeader("WWW-Authenticate", "Negotiate " + outTokenStr);
- }
- if (gContext.isEstablished()) {
- String clientName = gContext.getSrcName().toString();
- String role = clientName.substring(clientName.indexOf('@') + 1);
-
- log.debug("SpnegoUserRealm: established a security context");
- log.debug("Client Principal is: " + gContext.getSrcName());
- log.debug("Server Principal is: " + gContext.getTargName());
- log.debug("Client Default Role: " + role);
-
- // TODO log in
- }
- }
-
- } catch (GSSException gsse) {
- log.warn(gsse, gsse);
- }
-
- }
- }
- }
- return null;
- }
-