You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2011/07/27 17:08:56 UTC
svn commit: r1151492 -
/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
Author: coheigea
Date: Wed Jul 27 15:08:56 2011
New Revision: 1151492
URL: http://svn.apache.org/viewvc?rev=1151492&view=rev
Log:
[WSS-251] - Only validate a Kerberos BST
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java?rev=1151492&r1=1151491&r2=1151492&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/KerberosTokenValidator.java Wed Jul 27 15:08:56 2011
@@ -30,6 +30,7 @@ import javax.security.auth.login.LoginEx
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.message.token.KerberosSecurity;
import org.apache.ws.security.message.token.KerberosServiceAction;
/**
@@ -105,6 +106,11 @@ public class KerberosTokenValidator impl
throw new WSSecurityException(WSSecurityException.FAILURE, "noCredential");
}
+ BinarySecurity binarySecurity = credential.getBinarySecurityToken();
+ if (!(binarySecurity instanceof KerberosSecurity)) {
+ return credential;
+ }
+
// Get a TGT from the KDC using JAAS
LoginContext loginContext = null;
try {
@@ -128,7 +134,6 @@ public class KerberosTokenValidator impl
log.debug("Successfully authenticated to the TGT");
}
- BinarySecurity binarySecurity = credential.getBinarySecurityToken();
byte[] token = binarySecurity.getToken();
// Get the service name to use - fall back on the principal