1 package org
.argeo
.cms
.auth
;
3 import java
.lang
.reflect
.Method
;
6 import javax
.security
.auth
.Subject
;
7 import javax
.security
.auth
.callback
.CallbackHandler
;
8 import javax
.security
.auth
.login
.LoginException
;
9 import javax
.security
.auth
.spi
.LoginModule
;
11 import org
.apache
.commons
.logging
.Log
;
12 import org
.apache
.commons
.logging
.LogFactory
;
13 import org
.argeo
.cms
.internal
.kernel
.Activator
;
14 import org
.ietf
.jgss
.GSSContext
;
15 import org
.ietf
.jgss
.GSSCredential
;
16 import org
.ietf
.jgss
.GSSException
;
17 import org
.ietf
.jgss
.GSSManager
;
18 import org
.ietf
.jgss
.GSSName
;
20 public class SpnegoLoginModule
implements LoginModule
{
21 private final static Log log
= LogFactory
.getLog(SpnegoLoginModule
.class);
23 private Subject subject
;
24 private Map
<String
, Object
> sharedState
= null;
26 private GSSContext gssContext
= null;
28 @SuppressWarnings("unchecked")
30 public void initialize(Subject subject
, CallbackHandler callbackHandler
, Map
<String
, ?
> sharedState
,
31 Map
<String
, ?
> options
) {
32 this.subject
= subject
;
33 this.sharedState
= (Map
<String
, Object
>) sharedState
;
37 public boolean login() throws LoginException
{
38 byte[] spnegoToken
= (byte[]) sharedState
.get(CmsAuthUtils
.SHARED_STATE_SPNEGO_TOKEN
);
39 if (spnegoToken
== null)
41 gssContext
= checkToken(spnegoToken
);
42 if (gssContext
== null)
45 String clientName
= gssContext
.getSrcName().toString();
46 String role
= clientName
.substring(clientName
.indexOf('@') + 1);
48 log
.debug("SpnegoUserRealm: established a security context");
49 log
.debug("Client Principal is: " + gssContext
.getSrcName());
50 log
.debug("Server Principal is: " + gssContext
.getTargName());
51 log
.debug("Client Default Role: " + role
);
52 } catch (GSSException e
) {
53 // TODO Auto-generated catch block
63 public boolean commit() throws LoginException
{
64 if (gssContext
== null)
68 Class
<?
> gssUtilsClass
= Class
.forName("com.sun.security.jgss.GSSUtil");
69 Method createSubjectMethod
= gssUtilsClass
.getMethod("createSubject", GSSName
.class, GSSCredential
.class);
70 Subject gssSubject
= (Subject
) createSubjectMethod
.invoke(null, gssContext
.getSrcName(),
71 gssContext
.getDelegCred());
72 subject
.getPrincipals().addAll(gssSubject
.getPrincipals());
73 subject
.getPrivateCredentials().addAll(gssSubject
.getPrivateCredentials());
75 } catch (Exception e
) {
76 // TODO Auto-generated catch block
84 public boolean abort() throws LoginException
{
85 // TODO Auto-generated method stub
90 public boolean logout() throws LoginException
{
91 // TODO Auto-generated method stub
95 private GSSContext
checkToken(byte[] authToken
) {
96 GSSManager manager
= GSSManager
.getInstance();
98 GSSContext gContext
= manager
.createContext(Activator
.getAcceptorCredentials());
100 if (gContext
== null) {
101 log
.debug("SpnegoUserRealm: failed to establish GSSContext");
103 if (gContext
.isEstablished())
105 byte[] outToken
= gContext
.acceptSecContext(authToken
, 0, authToken
.length
);
106 if (outToken
!= null)
107 sharedState
.put(CmsAuthUtils
.SHARED_STATE_SPNEGO_OUT_TOKEN
, outToken
);
108 if (gContext
.isEstablished())
112 } catch (GSSException gsse
) {
113 log
.warn(gsse
, gsse
);