public byte[] requestServiceTicket(Subject clientSubject, String servicePrincipalName) {
   // For some reason SPNs in the format HTTP/servicehost.domain end up as
   // HTTP/servicehost.domain/hostname. SPNs defined as [email protected] work fine.
   servicePrincipalName = servicePrincipalName.replace('/', '@');
   try {
     Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
     GSSManager manager = GSSManager.getInstance();
     GSSName serverName =
         manager.createName(servicePrincipalName, GSSName.NT_HOSTBASED_SERVICE, krb5Oid);
     final GSSContext context =
         manager.createContext(serverName, krb5Oid, null, GSSContext.DEFAULT_LIFETIME);
     byte[] serviceTicket =
         Subject.doAs(
             clientSubject,
             new PrivilegedAction<byte[]>() {
               public byte[] run() {
                 byte[] token = new byte[0];
                 // This is a one pass context initialisation.
                 try {
                   context.requestMutualAuth(false);
                   context.requestCredDeleg(false);
                   return context.initSecContext(token, 0, token.length);
                 } catch (GSSException e) {
                   e.printStackTrace();
                   return null;
                 }
               }
             });
     return serviceTicket;
   } catch (GSSException e) {
     e.printStackTrace();
     return null;
   }
 }
Exemplo n.º 2
0
 /**
  * Closes the session. If any {@link GSSContext} is present in the session then it is closed.
  *
  * @param message the error message
  */
 @Override
 protected void closeSession(String message) {
   GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
   if (ctx != null) {
     try {
       ctx.dispose();
     } catch (GSSException e) {
       e.printStackTrace();
       super.closeSession(message, e);
       return;
     }
   }
   super.closeSession(message);
 }