You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/06/07 11:41:00 UTC
svn commit: r1490554 -
/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
Author: coheigea
Date: Fri Jun 7 09:41:00 2013
New Revision: 1490554
URL: http://svn.apache.org/r1490554
Log:
Use same approach in DOM code to get JAAS service name + context name from CallbackHandler for Kerberos
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java?rev=1490554&r1=1490553&r2=1490554&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java Fri Jun 7 09:41:00 2013
@@ -19,17 +19,21 @@
package org.apache.wss4j.dom.message.token;
+import java.io.IOException;
import java.security.Principal;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.wss4j.common.kerberos.KerberosClientAction;
+import org.apache.wss4j.common.kerberos.KerberosContextAndServiceNameCallback;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
@@ -96,6 +100,37 @@ public class KerberosSecurity extends Bi
}
return false;
}
+
+ /**
+ * Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
+ * BinarySecurityToken.
+ * @param callbackHandler a CallbackHandler instance to retrieve a password (optional),
+ * JAAS Login Module name (required) + service name (required)
+ * @throws WSSecurityException
+ */
+ public void retrieveServiceTicket(
+ CallbackHandler callbackHandler
+ ) throws WSSecurityException {
+ KerberosContextAndServiceNameCallback contextAndServiceNameCallback = new KerberosContextAndServiceNameCallback();
+ try {
+ callbackHandler.handle(new Callback[]{contextAndServiceNameCallback});
+ } catch (IOException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+
+ String jaasLoginModuleName = contextAndServiceNameCallback.getContextName();
+ if (jaasLoginModuleName == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "kerberosCallbackContextNameNotSupplied");
+ }
+ String serviceName = contextAndServiceNameCallback.getServiceName();
+ if (serviceName == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "kerberosCallbackServiceNameNotSupplied");
+ }
+
+ retrieveServiceTicket(jaasLoginModuleName, callbackHandler, serviceName);
+ }
/**
* Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this