X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSpnegoLoginModule.java;h=568e2f6e0f6d085794e84932e7ff5b241d3cef60;hb=7064547ae5d85225546f1b8f15d6b5c82f30fe22;hp=ef2872e38c52fa452318d50dd4fc8f010c525bcd;hpb=cf53e939cabed54ee2a3074afcf22417fbdf364d;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java index ef2872e38..568e2f6e0 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java @@ -17,6 +17,7 @@ import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSManager; import org.ietf.jgss.GSSName; +/** SPNEGO login */ public class SpnegoLoginModule implements LoginModule { private final static Log log = LogFactory.getLog(SpnegoLoginModule.class); @@ -41,22 +42,20 @@ public class SpnegoLoginModule implements LoginModule { gssContext = checkToken(spnegoToken); if (gssContext == null) return false; - try { - String clientName = gssContext.getSrcName().toString(); - String role = clientName.substring(clientName.indexOf('@') + 1); - - log.debug("SpnegoUserRealm: established a security context"); - log.debug("Client Principal is: " + gssContext.getSrcName()); - log.debug("Server Principal is: " + gssContext.getTargName()); - log.debug("Client Default Role: " + role); - } catch (GSSException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - - // TODO log in - - return false; + else + return true; + // try { + // String clientName = gssContext.getSrcName().toString(); + // String role = clientName.substring(clientName.indexOf('@') + 1); + // + // log.debug("SpnegoUserRealm: established a security context"); + // log.debug("Client Principal is: " + gssContext.getSrcName()); + // log.debug("Server Principal is: " + gssContext.getTargName()); + // log.debug("Client Default Role: " + role); + // } catch (GSSException e) { + // // TODO Auto-generated catch block + // e.printStackTrace(); + // } } @Override @@ -67,29 +66,47 @@ public class SpnegoLoginModule implements LoginModule { try { Class gssUtilsClass = Class.forName("com.sun.security.jgss.GSSUtil"); Method createSubjectMethod = gssUtilsClass.getMethod("createSubject", GSSName.class, GSSCredential.class); - Subject gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(), - gssContext.getDelegCred()); + Subject gssSubject; + if (gssContext.getCredDelegState()) + gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(), + gssContext.getDelegCred()); + else + gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(), null); subject.getPrincipals().addAll(gssSubject.getPrincipals()); subject.getPrivateCredentials().addAll(gssSubject.getPrivateCredentials()); return true; } catch (Exception e) { - // TODO Auto-generated catch block - e.printStackTrace(); - return false; + throw new LoginException("Cannot commit SPNEGO " + e); } } @Override public boolean abort() throws LoginException { - // TODO Auto-generated method stub - return false; + if (gssContext != null) { + try { + gssContext.dispose(); + } catch (GSSException e) { + if (log.isTraceEnabled()) + log.warn("Could not abort", e); + } + gssContext = null; + } + return true; } @Override public boolean logout() throws LoginException { - // TODO Auto-generated method stub - return false; + if (gssContext != null) { + try { + gssContext.dispose(); + } catch (GSSException e) { + if (log.isTraceEnabled()) + log.warn("Could not abort", e); + } + gssContext = null; + } + return true; } private GSSContext checkToken(byte[] authToken) { @@ -115,4 +132,8 @@ public class SpnegoLoginModule implements LoginModule { return null; } + + public static boolean hasAcceptorCredentials() { + return Activator.getAcceptorCredentials() != null; + } }