Working SPNEGO clients.

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / SpnegoLoginModule.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
index 2dbad96d28d592bcb007d7e186ea6223c054f62c..dad0dad4be64a0600fd3d3298e6a3e5c8761efa4 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
@@ -1,6 +1,5 @@
 package org.argeo.cms.auth;
 
-import java.lang.reflect.Method;
 import java.util.Map;
 
 import javax.security.auth.Subject;
@@ -11,10 +10,10 @@ import javax.security.auth.spi.LoginModule;
 import org.argeo.api.cms.CmsLog;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
 import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
+
+import com.sun.security.jgss.GSSUtil;
 
 /** SPNEGO login */
 public class SpnegoLoginModule implements LoginModule {
@@ -41,8 +40,21 @@ public class SpnegoLoginModule implements LoginModule {
                gssContext = checkToken(spnegoToken);
                if (gssContext == null)
                        return false;
-               else
+               else {
+//                     if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)) {
+//                             try {
+//                                     GSSName name = gssContext.getSrcName();
+//                                     String username = name.toString();
+//                                     // TODO deal with connecting service
+//                                     // TODO generate IPA DN?
+//                                     username = username.substring(0, username.lastIndexOf('@'));
+//                                     sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
+//                             } catch (GSSException e) {
+//                                     throw new IllegalStateException("Cannot retrieve SPNEGO name", e);
+//                             }
+//                     }
                        return true;
+               }
                // try {
                // String clientName = gssContext.getSrcName().toString();
                // String role = clientName.substring(clientName.indexOf('@') + 1);
@@ -63,14 +75,13 @@ public class SpnegoLoginModule implements LoginModule {
                        return false;
 
                try {
-                       Class<?> gssUtilsClass = Class.forName("com.sun.security.jgss.GSSUtil");
-                       Method createSubjectMethod = gssUtilsClass.getMethod("createSubject", GSSName.class, GSSCredential.class);
+//                     Class<?> gssUtilsClass = Class.forName("com.sun.security.jgss.GSSUtil");
+//                     Method createSubjectMethod = gssUtilsClass.getMethod("createSubject", GSSName.class, GSSCredential.class);
                        Subject gssSubject;
                        if (gssContext.getCredDelegState())
-                               gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(),
-                                               gssContext.getDelegCred());
+                               gssSubject = (Subject) GSSUtil.createSubject(gssContext.getSrcName(), gssContext.getDelegCred());
                        else
-                               gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(), null);
+                               gssSubject = (Subject) GSSUtil.createSubject(gssContext.getSrcName(), null);
                        subject.getPrincipals().addAll(gssSubject.getPrincipals());
                        subject.getPrivateCredentials().addAll(gssSubject.getPrivateCredentials());
                        return true;