1 package org
.argeo
.cms
.internal
.http
.client
;
4 import java
.security
.PrivilegedExceptionAction
;
5 import java
.util
.ArrayList
;
6 import java
.util
.Base64
;
8 import javax
.security
.auth
.Subject
;
9 import javax
.security
.auth
.login
.LoginContext
;
11 import org
.apache
.commons
.httpclient
.Credentials
;
12 import org
.apache
.commons
.httpclient
.HttpClient
;
13 import org
.apache
.commons
.httpclient
.HttpMethod
;
14 import org
.apache
.commons
.httpclient
.URIException
;
15 import org
.apache
.commons
.httpclient
.auth
.AuthPolicy
;
16 import org
.apache
.commons
.httpclient
.auth
.AuthScheme
;
17 import org
.apache
.commons
.httpclient
.auth
.AuthenticationException
;
18 import org
.apache
.commons
.httpclient
.auth
.CredentialsProvider
;
19 import org
.apache
.commons
.httpclient
.auth
.MalformedChallengeException
;
20 import org
.apache
.commons
.httpclient
.methods
.GetMethod
;
21 import org
.apache
.commons
.httpclient
.params
.DefaultHttpParams
;
22 import org
.apache
.commons
.httpclient
.params
.HttpParams
;
23 import org
.argeo
.cms
.internal
.kernel
.NodeHttp
;
24 import org
.ietf
.jgss
.GSSContext
;
25 import org
.ietf
.jgss
.GSSException
;
26 import org
.ietf
.jgss
.GSSManager
;
27 import org
.ietf
.jgss
.GSSName
;
28 import org
.ietf
.jgss
.Oid
;
30 /** Implementation of the SPNEGO auth scheme. */
31 public class SpnegoAuthScheme
implements AuthScheme
{
32 // private final static Log log = LogFactory.getLog(SpnegoAuthScheme.class);
34 public static final String NAME
= "Negotiate";
35 private final static Oid KERBEROS_OID
;
38 KERBEROS_OID
= new Oid("1.3.6.1.5.5.2");
39 } catch (GSSException e
) {
40 throw new IllegalStateException("Cannot create Kerberos OID", e
);
44 private boolean complete
= false;
48 public void processChallenge(String challenge
) throws MalformedChallengeException
{
49 // if(tokenStr!=null){
50 // log.error("Received challenge while there is a token. Failing.");
57 public String
getSchemeName() {
62 public String
getParameter(String name
) {
67 public String
getRealm() {
72 public String
getID() {
77 public boolean isConnectionBased() {
82 public boolean isComplete() {
87 public String
authenticate(Credentials credentials
, String method
, String uri
) throws AuthenticationException
{
88 // log.debug("authenticate " + method + " " + uri);
90 throw new UnsupportedOperationException();
94 public String
authenticate(Credentials credentials
, HttpMethod method
) throws AuthenticationException
{
95 GSSContext context
= null;
96 String tokenStr
= null;
99 hostname
= method
.getURI().getHost();
100 } catch (URIException e1
) {
101 throw new IllegalStateException("Cannot authenticate", e1
);
103 String serverPrinc
= NodeHttp
.DEFAULT_SERVICE
+ "@" + hostname
;
106 // Get service's principal name
107 GSSManager manager
= GSSManager
.getInstance();
108 GSSName serverName
= manager
.createName(serverPrinc
, GSSName
.NT_HOSTBASED_SERVICE
, KERBEROS_OID
);
110 // Get the context for authentication
111 context
= manager
.createContext(serverName
, KERBEROS_OID
, null, GSSContext
.DEFAULT_LIFETIME
);
112 // context.requestMutualAuth(true); // Request mutual authentication
113 // context.requestConf(true); // Request confidentiality
114 context
.requestCredDeleg(true);
116 byte[] token
= new byte[0];
118 // token is ignored on the first call
119 token
= context
.initSecContext(token
, 0, token
.length
);
121 // Send a token to the server if one was generated by
124 tokenStr
= Base64
.getEncoder().encodeToString(token
);
127 return "Negotiate " + tokenStr
;
128 } catch (GSSException e
) {
130 throw new AuthenticationException("Cannot authenticate to " + serverPrinc
, e
);
134 public static void main(String
[] args
) {
135 if (args
.length
== 0) {
136 System
.err
.println("usage: java " + SpnegoAuthScheme
.class.getName() + " <url>");
140 String url
= args
[0];
142 URL jaasUrl
= SpnegoAuthScheme
.class.getResource("jaas.cfg");
143 System
.setProperty("java.security.auth.login.config", jaasUrl
.toExternalForm());
145 LoginContext lc
= new LoginContext("SINGLE_USER");
148 AuthPolicy
.registerAuthScheme(SpnegoAuthScheme
.NAME
, SpnegoAuthScheme
.class);
149 HttpParams params
= DefaultHttpParams
.getDefaultParams();
150 ArrayList
<String
> schemes
= new ArrayList
<>();
151 schemes
.add(SpnegoAuthScheme
.NAME
);
152 params
.setParameter(AuthPolicy
.AUTH_SCHEME_PRIORITY
, schemes
);
153 params
.setParameter(CredentialsProvider
.PROVIDER
, new HttpCredentialProvider());
155 int responseCode
= Subject
.doAs(lc
.getSubject(), new PrivilegedExceptionAction
<Integer
>() {
156 public Integer
run() throws Exception
{
157 HttpClient httpClient
= new HttpClient();
158 return httpClient
.executeMethod(new GetMethod(url
));
161 System
.out
.println("Reponse code: " + responseCode
);
162 } catch (Exception e
) {