package org.argeo.cms.auth;
-import java.lang.reflect.Method;
import java.util.Map;
import javax.security.auth.Subject;
import org.argeo.api.cms.CmsLog;
import org.argeo.cms.internal.runtime.CmsContextImpl;
import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
+
+import com.sun.security.jgss.GSSUtil;
/** SPNEGO login */
public class SpnegoLoginModule implements LoginModule {
gssContext = checkToken(spnegoToken);
if (gssContext == null)
return false;
- else
+ else {
+// if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)) {
+// try {
+// GSSName name = gssContext.getSrcName();
+// String username = name.toString();
+// // TODO deal with connecting service
+// // TODO generate IPA DN?
+// username = username.substring(0, username.lastIndexOf('@'));
+// sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
+// } catch (GSSException e) {
+// throw new IllegalStateException("Cannot retrieve SPNEGO name", e);
+// }
+// }
return true;
+ }
// try {
// String clientName = gssContext.getSrcName().toString();
// String role = clientName.substring(clientName.indexOf('@') + 1);
return false;
try {
- Class<?> gssUtilsClass = Class.forName("com.sun.security.jgss.GSSUtil");
- Method createSubjectMethod = gssUtilsClass.getMethod("createSubject", GSSName.class, GSSCredential.class);
+// Class<?> gssUtilsClass = Class.forName("com.sun.security.jgss.GSSUtil");
+// Method createSubjectMethod = gssUtilsClass.getMethod("createSubject", GSSName.class, GSSCredential.class);
Subject gssSubject;
if (gssContext.getCredDelegState())
- gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(),
- gssContext.getDelegCred());
+ gssSubject = (Subject) GSSUtil.createSubject(gssContext.getSrcName(), gssContext.getDelegCred());
else
- gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(), null);
+ gssSubject = (Subject) GSSUtil.createSubject(gssContext.getSrcName(), null);
subject.getPrincipals().addAll(gssSubject.getPrincipals());
subject.getPrivateCredentials().addAll(gssSubject.getPrivateCredentials());
return true;