X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fhttp%2Fclient%2FSpnegoAuthScheme.java;h=a8aa29bbbfb6487217e6365d3518d6108f4f6a29;hb=3d3c654c9d973c62ca22f1c9010bb2e7e1847d09;hp=64dbaab74029bf8af594020c4d80e1c31900a9c3;hpb=6decc943ce5bca1b57ef407b7e9c6bb6ad6f3c97;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/http/client/SpnegoAuthScheme.java b/org.argeo.cms/src/org/argeo/cms/internal/http/client/SpnegoAuthScheme.java index 64dbaab74..a8aa29bbb 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/http/client/SpnegoAuthScheme.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/http/client/SpnegoAuthScheme.java @@ -3,7 +3,6 @@ package org.argeo.cms.internal.http.client; import java.net.URL; import java.security.PrivilegedExceptionAction; import java.util.ArrayList; -import java.util.Base64; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; @@ -11,7 +10,6 @@ import javax.security.auth.login.LoginContext; import org.apache.commons.httpclient.Credentials; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpMethod; -import org.apache.commons.httpclient.URIException; import org.apache.commons.httpclient.auth.AuthPolicy; import org.apache.commons.httpclient.auth.AuthScheme; import org.apache.commons.httpclient.auth.AuthenticationException; @@ -20,26 +18,23 @@ import org.apache.commons.httpclient.auth.MalformedChallengeException; import org.apache.commons.httpclient.methods.GetMethod; import org.apache.commons.httpclient.params.DefaultHttpParams; import org.apache.commons.httpclient.params.HttpParams; -import org.argeo.cms.internal.http.NodeHttp; -import org.ietf.jgss.GSSContext; -import org.ietf.jgss.GSSException; -import org.ietf.jgss.GSSManager; -import org.ietf.jgss.GSSName; -import org.ietf.jgss.Oid; +import org.argeo.cms.auth.RemoteAuthUtils; /** Implementation of the SPNEGO auth scheme. */ public class SpnegoAuthScheme implements AuthScheme { // private final static Log log = LogFactory.getLog(SpnegoAuthScheme.class); public static final String NAME = "Negotiate"; - private final static Oid KERBEROS_OID; - static { - try { - KERBEROS_OID = new Oid("1.3.6.1.5.5.2"); - } catch (GSSException e) { - throw new IllegalStateException("Cannot create Kerberos OID", e); - } - } +// private final static Oid KERBEROS_OID; +// static { +// try { +// KERBEROS_OID = new Oid("1.3.6.1.5.5.2"); +// } catch (GSSException e) { +// throw new IllegalStateException("Cannot create Kerberos OID", e); +// } +// } + + private final static String DEFAULT_KERBEROS_SERVICE = "HTTP"; private boolean complete = false; private String realm; @@ -92,48 +87,51 @@ public class SpnegoAuthScheme implements AuthScheme { @Override public String authenticate(Credentials credentials, HttpMethod method) throws AuthenticationException { - GSSContext context = null; - String tokenStr = null; +// GSSContext context = null; String hostname; try { hostname = method.getURI().getHost(); - } catch (URIException e1) { - throw new IllegalStateException("Cannot authenticate", e1); - } - String serverPrinc = NodeHttp.DEFAULT_SERVICE + "@" + hostname; - - try { - // Get service's principal name - GSSManager manager = GSSManager.getInstance(); - GSSName serverName = manager.createName(serverPrinc, GSSName.NT_HOSTBASED_SERVICE, KERBEROS_OID); - - // Get the context for authentication - context = manager.createContext(serverName, KERBEROS_OID, null, GSSContext.DEFAULT_LIFETIME); - // context.requestMutualAuth(true); // Request mutual authentication - // context.requestConf(true); // Request confidentiality - context.requestCredDeleg(true); - - byte[] token = new byte[0]; - - // token is ignored on the first call - token = context.initSecContext(token, 0, token.length); - - // Send a token to the server if one was generated by - // initSecContext - if (token != null) { - tokenStr = Base64.getEncoder().encodeToString(token); - // complete=true; - } + String tokenStr = RemoteAuthUtils.getGssToken(null, DEFAULT_KERBEROS_SERVICE, hostname); return "Negotiate " + tokenStr; - } catch (GSSException e) { + } catch (Exception e1) { complete = true; - throw new AuthenticationException("Cannot authenticate to " + serverPrinc, e); + throw new AuthenticationException("Cannot authenticate " + method, e1); } +// String serverPrinc = DEFAULT_KERBEROS_SERVICE + "@" + hostname; +// +// try { +// // Get service's principal name +// GSSManager manager = GSSManager.getInstance(); +// GSSName serverName = manager.createName(serverPrinc, GSSName.NT_HOSTBASED_SERVICE, KERBEROS_OID); +// +// // Get the context for authentication +// context = manager.createContext(serverName, KERBEROS_OID, null, GSSContext.DEFAULT_LIFETIME); +// // context.requestMutualAuth(true); // Request mutual authentication +// // context.requestConf(true); // Request confidentiality +// context.requestCredDeleg(true); +// +// byte[] token = new byte[0]; +// +// // token is ignored on the first call +// token = context.initSecContext(token, 0, token.length); +// +// // Send a token to the server if one was generated by +// // initSecContext +// if (token != null) { +// tokenStr = Base64.getEncoder().encodeToString(token); +// // complete=true; +// } +// } catch (GSSException e) { +// complete = true; +// throw new AuthenticationException("Cannot authenticate to " + serverPrinc, e); +// } } public static void main(String[] args) { - if (args.length == 0) { - System.err.println("usage: java " + SpnegoAuthScheme.class.getName() + " "); + String principal = System.getProperty("javax.security.auth.login.name"); + if (args.length == 0 || principal == null) { + System.err.println("usage: java -Djavax.security.auth.login.name= " + + SpnegoAuthScheme.class.getName() + " "); System.exit(1); return; }