X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSpnegoLoginModule.java;h=dad0dad4be64a0600fd3d3298e6a3e5c8761efa4;hb=3d3c654c9d973c62ca22f1c9010bb2e7e1847d09;hp=2dbad96d28d592bcb007d7e186ea6223c054f62c;hpb=f4da6777015da3fc392138f0c01cea2f2add9ed3;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
index 2dbad96d2..dad0dad4b 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
@@ -1,6 +1,5 @@
 package org.argeo.cms.auth;
 
-import java.lang.reflect.Method;
 import java.util.Map;
 
 import javax.security.auth.Subject;
@@ -11,10 +10,10 @@ import javax.security.auth.spi.LoginModule;
 import org.argeo.api.cms.CmsLog;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
 import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
+
+import com.sun.security.jgss.GSSUtil;
 
 /** SPNEGO login */
 public class SpnegoLoginModule implements LoginModule {
@@ -41,8 +40,21 @@ public class SpnegoLoginModule implements LoginModule {
 		gssContext = checkToken(spnegoToken);
 		if (gssContext == null)
 			return false;
-		else
+		else {
+//			if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)) {
+//				try {
+//					GSSName name = gssContext.getSrcName();
+//					String username = name.toString();
+//					// TODO deal with connecting service
+//					// TODO generate IPA DN?
+//					username = username.substring(0, username.lastIndexOf('@'));
+//					sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
+//				} catch (GSSException e) {
+//					throw new IllegalStateException("Cannot retrieve SPNEGO name", e);
+//				}
+//			}
 			return true;
+		}
 		// try {
 		// String clientName = gssContext.getSrcName().toString();
 		// String role = clientName.substring(clientName.indexOf('@') + 1);
@@ -63,14 +75,13 @@ public class SpnegoLoginModule implements LoginModule {
 			return false;
 
 		try {
-			Class<?> gssUtilsClass = Class.forName("com.sun.security.jgss.GSSUtil");
-			Method createSubjectMethod = gssUtilsClass.getMethod("createSubject", GSSName.class, GSSCredential.class);
+//			Class<?> gssUtilsClass = Class.forName("com.sun.security.jgss.GSSUtil");
+//			Method createSubjectMethod = gssUtilsClass.getMethod("createSubject", GSSName.class, GSSCredential.class);
 			Subject gssSubject;
 			if (gssContext.getCredDelegState())
-				gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(),
-						gssContext.getDelegCred());
+				gssSubject = (Subject) GSSUtil.createSubject(gssContext.getSrcName(), gssContext.getDelegCred());
 			else
-				gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(), null);
+				gssSubject = (Subject) GSSUtil.createSubject(gssContext.getSrcName(), null);
 			subject.getPrincipals().addAll(gssSubject.getPrincipals());
 			subject.getPrivateCredentials().addAll(gssSubject.getPrivateCredentials());
 			return true;