Пример #1
0
    @Override
    public String run() throws HttpAuthenticationException {
      // Get own Kerberos credentials for accepting connection
      GSSManager manager = GSSManager.getInstance();
      GSSContext gssContext = null;
      String serverPrincipal = getPrincipalWithoutRealm(serviceUGI.getUserName());
      try {
        // This Oid for Kerberos GSS-API mechanism.
        Oid kerberosMechOid = new Oid("1.2.840.113554.1.2.2");
        // Oid for SPNego GSS-API mechanism.
        Oid spnegoMechOid = new Oid("1.3.6.1.5.5.2");
        // Oid for kerberos principal name
        Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1");

        // GSS name for server
        GSSName serverName = manager.createName(serverPrincipal, krb5PrincipalOid);

        // GSS credentials for server
        GSSCredential serverCreds =
            manager.createCredential(
                serverName,
                GSSCredential.DEFAULT_LIFETIME,
                new Oid[] {kerberosMechOid, spnegoMechOid},
                GSSCredential.ACCEPT_ONLY);

        // Create a GSS context
        gssContext = manager.createContext(serverCreds);
        // Get service ticket from the authorization header
        String serviceTicketBase64 = getAuthHeader(request, authType);
        byte[] inToken = Base64.decodeBase64(serviceTicketBase64.getBytes());
        gssContext.acceptSecContext(inToken, 0, inToken.length);
        // Authenticate or deny based on its context completion
        if (!gssContext.isEstablished()) {
          throw new HttpAuthenticationException(
              "Kerberos authentication failed: "
                  + "unable to establish context with the service ticket "
                  + "provided by the client.");
        } else {
          return getPrincipalWithoutRealmAndHost(gssContext.getSrcName().toString());
        }
      } catch (GSSException e) {
        throw new HttpAuthenticationException("Kerberos authentication failed: ", e);
      } finally {
        if (gssContext != null) {
          try {
            gssContext.dispose();
          } catch (GSSException e) {
            // No-op
          }
        }
      }
    }
Пример #2
0
 @Override
 public GSSResult run() {
   GSSContext context = null;
   try {
     GSSManager manager = GSSManager.getInstance();
     context = manager.createContext((GSSCredential) null);
     this.serviceTicket =
         context.acceptSecContext(this.serviceTicket, 0, this.serviceTicket.length);
     return new GSSResult(context, serviceTicket);
   } catch (GSSException e) {
     LogManager.logError(
         LogConstants.CTX_SECURITY, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014));
   }
   return null;
 }
Пример #3
0
  public boolean validateContext(ORB orb, Codec codec, byte[] contextToken) {
    byte[] token = null;

    try {
      Oid krb5Oid = new Oid(KRB5MechOID.value.substring(4));
      GSSManager gssManager = GSSManager.getInstance();
      if (targetCreds == null) {
        targetCreds =
            gssManager.createCredential(
                null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
      }
      validatedContext = gssManager.createContext(targetCreds);
      token = validatedContext.acceptSecContext(contextToken, 0, contextToken.length);
    } catch (GSSException e) {
      logger.error("Error accepting Kerberos context: " + e);
    }
    if (token == null) {
      logger.warn("Could not accept token");
      return false;
    }

    return true;
  }
    public Void run() throws GSSException {
      NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY);
      if (negContext == null) {
        negContext = new NegotiationContext();
        exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
        // Also cache it on the connection for future calls.
        exchange.getConnection().putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
      }

      GSSContext gssContext = negContext.getGssContext();
      if (gssContext == null) {
        GSSManager manager = GSSManager.getInstance();
        gssContext = manager.createContext((GSSCredential) null);

        negContext.setGssContext(gssContext);
      }

      byte[] respToken =
          gssContext.acceptSecContext(
              challenge.array(), challenge.arrayOffset(), challenge.limit());
      negContext.setResponseToken(respToken);

      if (negContext.isEstablished()) {
        result.setResult(
            new AuthenticationResult(
                negContext.getPrincipal(), AuthenticationOutcome.AUTHENTICATED));
      } else {
        // This isn't a failure but as the context is not established another round trip with the
        // client is needed.
        result.setResult(
            new AuthenticationResult(
                negContext.getPrincipal(), AuthenticationOutcome.NOT_AUTHENTICATED));
      }

      return null;
    }
Пример #5
0
 @Override
 public byte[] run() throws GSSException {
   return gssContext.acceptSecContext(decoded, 0, decoded.length);
 }