+ private void askForWwwAuth(HttpServletRequest request, HttpServletResponse response) {
+ response.setStatus(401);
+ response.setHeader(HEADER_WWW_AUTHENTICATE, "basic realm=\"" + httpAuthRealm + "\"");
+
+ // SPNEGO
+ // response.setHeader(HEADER_WWW_AUTHENTICATE, "Negotiate");
+ // response.setDateHeader("Date", System.currentTimeMillis());
+ // response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
+ // 60 * 60 * 1000));
+ // response.setHeader("Accept-Ranges", "bytes");
+ // response.setHeader("Connection", "Keep-Alive");
+ // response.setHeader("Keep-Alive", "timeout=5, max=97");
+ // response.setContentType("text/html; charset=UTF-8");
+
+ }
+
+ private CallbackHandler extractHttpAuth(final HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
+ String authHeader = httpRequest.getHeader(HEADER_AUTHORIZATION);
+ if (authHeader != null) {
+ StringTokenizer st = new StringTokenizer(authHeader);
+ if (st.hasMoreTokens()) {
+ String basic = st.nextToken();
+ if (basic.equalsIgnoreCase("Basic")) {
+ try {
+ // TODO manipulate char[]
+ String credentials = new String(Base64.decodeBase64(st.nextToken()), "UTF-8");
+ // log.debug("Credentials: " + credentials);
+ int p = credentials.indexOf(":");
+ if (p != -1) {
+ final String login = credentials.substring(0, p).trim();
+ final char[] password = credentials.substring(p + 1).trim().toCharArray();
+ return new CallbackHandler() {
+ public void handle(Callback[] callbacks) {
+ for (Callback cb : callbacks) {
+ if (cb instanceof NameCallback)
+ ((NameCallback) cb).setName(login);
+ else if (cb instanceof PasswordCallback)
+ ((PasswordCallback) cb).setPassword(password);
+ else if (cb instanceof HttpRequestCallback) {
+ ((HttpRequestCallback) cb).setRequest(httpRequest);
+ ((HttpRequestCallback) cb).setResponse(httpResponse);
+ }
+ }
+ }
+ };
+ } else {
+ throw new CmsException("Invalid authentication token");
+ }
+ } catch (Exception e) {
+ throw new CmsException("Couldn't retrieve authentication", e);
+ }
+ } else if (basic.equalsIgnoreCase("Negotiate")) {
+ // FIXME generalise
+ String _targetName = "HTTP/mostar.desktop.argeo.pro";
+ String spnegoToken = st.nextToken();
+ byte[] authToken = Base64.decodeBase64(spnegoToken);
+ GSSManager manager = GSSManager.getInstance();
+ try {
+ Oid krb5Oid = new Oid("1.3.6.1.5.5.2"); // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
+ GSSName gssName = manager.createName(_targetName, null);
+ GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME,
+ krb5Oid, GSSCredential.ACCEPT_ONLY);
+ GSSContext gContext = manager.createContext(serverCreds);
+
+ if (gContext == null) {
+ log.debug("SpnegoUserRealm: failed to establish GSSContext");
+ } else {
+ while (!gContext.isEstablished()) {
+ byte[] outToken = gContext.acceptSecContext(authToken, 0, authToken.length);
+ String outTokenStr = Base64.encodeBase64String(outToken);
+ httpResponse.setHeader("WWW-Authenticate", "Negotiate " + outTokenStr);
+ }
+ if (gContext.isEstablished()) {
+ String clientName = gContext.getSrcName().toString();
+ String role = clientName.substring(clientName.indexOf('@') + 1);
+
+ log.debug("SpnegoUserRealm: established a security context");
+ log.debug("Client Principal is: " + gContext.getSrcName());
+ log.debug("Server Principal is: " + gContext.getTargName());
+ log.debug("Client Default Role: " + role);
+
+ // TODO log in
+ }
+ }
+
+ } catch (GSSException gsse) {
+ log.warn(gsse, gsse);
+ }
+
+ }
+ }
+ }
+ return null;
+ }
+
+ private class RepositoriesStc implements ServiceTrackerCustomizer<Repository, Repository> {