From e48bd76a00f8253bb19d0881b4af49af713ed001 Mon Sep 17 00:00:00 2001 From: Mathieu Date: Sat, 3 Dec 2022 10:28:26 +0100 Subject: [PATCH] Workaround Krb5LoginModule printing to System.out when tryFirstPass is enabled --- .../src/org/argeo/cms/auth/SpnegoLoginModule.java | 9 ++++++++- .../src/org/argeo/cms/internal/runtime/jaas-ipa.cfg | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java index a01daf6e0..e5f367d23 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java @@ -36,8 +36,15 @@ public class SpnegoLoginModule implements LoginModule { @Override public boolean login() throws LoginException { byte[] spnegoToken = (byte[]) sharedState.get(CmsAuthUtils.SHARED_STATE_SPNEGO_TOKEN); - if (spnegoToken == null) + if (spnegoToken == null) { + if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)) { + // workaround: set shared state name to empty + // in order to avoid Krb5LoginModule printing to System.out + // TODO ask upstream to only log in debug mode + sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, ""); + } return false; + } gssContext = checkToken(spnegoToken); if (gssContext == null) return false; diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg index be902ea6f..51db582c6 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg +++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg @@ -2,6 +2,7 @@ USER { org.argeo.cms.auth.RemoteSessionLoginModule sufficient; org.argeo.cms.auth.SpnegoLoginModule optional; com.sun.security.auth.module.Krb5LoginModule optional + tryFirstPass=true storeKey=true; org.argeo.cms.auth.UserAdminLoginModule required; }; -- 2.30.2