private void authenticateToKDC(
GSSAPICallbackHandler callbackHandler, UserDomainInfo userDomainInfo)
throws EngineDirectoryServiceException {
try {
loginContext = new LoginContext(LOGIN_MODULE_POLICY_NAME, callbackHandler);
loginContext.login();
userDomainInfo.setLoginContext(loginContext);
if (log.isDebugEnabled()) {
log.debug("Successful login for user " + userName);
}
} catch (LoginException ex) {
// JAAS throws login exception due to various reasons.
// We check if the login exception matches a case where the user
// provided wrong authentication details, or
// if there was another error - in case the user provided wrong
// authentication details, we will abort the kdc search
loginContext = null;
KerberosReturnCodeParser parser = new KerberosReturnCodeParser();
AuthenticationResult result = parser.parse(ex.getMessage());
if (result == AuthenticationResult.OTHER || result == null) {
// An error our error parser does not recognize
log.error("Error from Kerberos: " + ex.getMessage());
} else {
StringBuilder error = new StringBuilder();
error.append(result.getDetailedMessage());
log.error(error.toString());
}
throw new EngineDirectoryServiceException(result);
}
}
public void authenticate() throws EngineDirectoryServiceException {
UsersDomainsCacheManager usersDomainsCacheManager =
UsersDomainsCacheManagerService.getInstance();
UserDomainInfo userDomainInfo =
usersDomainsCacheManager.associateUserWithDomain(this.userName, this.realm.toLowerCase());
loginContext = null;
synchronized (userDomainInfo) {
// In case authentication is performed in an implicit way (as a
// result of internal command) try and get
// login context from cache
if (!explicitAuth) {
loginContext = userDomainInfo.getLoginContext();
}
if (!validLoginContext()) {
explicitAuth(userDomainInfo);
}
}
}
