You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by "Talkov, Roger" <Ro...@automic.com> on 2015/08/25 05:55:55 UTC

Kerberos and CXF 3.1.2

I had Kerberos working using the dynamic client with the 3.0.4 release.
I upgraded to 3.1.2 and got a compile error on the following line of code in my KerberosAuthSupplier:
public class KerberosAuthSupplier extends AbstractSpnegoAuthSupplier implements HttpAuthSupplier

in the getAuthorizationMethod I had the following line:

message.setContextualProperty("auth.spnego.useKerberosOid", "true");

with 3.1.2 this gets a compile error as the setContextualProperty method in no longer in the Messsage interface and is not public in MessageImpl.
But AbstractSpnegoAuthSupplier references this property when setting up the OID, so how can I set this?
I tried using reflection but when I invoke the operation I get an error, it works fine with 3.0.4

Snippet of AbstractSpnegoAuthSupplier.java:

public abstract class AbstractSpnegoAuthSupplier {

    /**
     * Can be set on the client properties. If set to true then the kerberos oid is used
     * instead of the default spnego OID
     */
    private static final String PROPERTY_USE_KERBEROS_OID = "auth.spnego.useKerberosOid";
    private static final String PROPERTY_REQUIRE_CRED_DELEGATION = "auth.spnego.requireCredDelegation";

    private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
    private static final String SPNEGO_OID = "1.3.6.1.5.5.2";


    public String getAuthorization(AuthorizationPolicy authPolicy,
                                   URI currentURI,
                                   Message message) {
        if (!HttpAuthHeader.AUTH_TYPE_NEGOTIATE.equals(authPolicy.getAuthorizationType())) {
            return null;
        }
        try {
            String spn = getCompleteServicePrincipalName(currentURI);

            boolean useKerberosOid = MessageUtils.isTrue(
                message.getContextualProperty(PROPERTY_USE_KERBEROS_OID));
            Oid oid = new Oid(useKerberosOid ? KERBEROS_OID : SPNEGO_OID);

            byte[] token = getToken(authPolicy, spn, oid, message);
            return HttpAuthHeader.AUTH_TYPE_NEGOTIATE + " " + Base64Utility.encode(token);
        } catch (LoginException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (GSSException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }


Roger Talkov
Senior Software Engineer
Roger.Talkov@automic.com
+14256332568
+14256332568

Come join us at Automic World 2015<http://www.automicworld.com/en>
The Scottsdale Resort at McCormick Ranch

[http://1c9e30b70c73eb198123-9b11260827274175546df9d773dd515f.r87.cf2.rackcdn.com/AW_Email_Signature.png]<http://1c9e30b70c73eb198123-9b11260827274175546df9d773dd515f.r87.cf2.rackcdn.com/AW_Email_Signature.png>

Twitter: #AutomicWorld<http://ctt.ec/fG_Rr>
Event Email: aw2015@automic.com<ma...@automic.com>
This email (including any attachments) may contain information which is privileged, confidential, or protected. If you are not the intended recipient, note that any disclosure, copying, distribution, or use of the contents of this message and attached files is prohibited. If you have received this email in error, please notify the sender and delete this email and any attached files.

Re: Kerberos and CXF 3.1.2

Posted by Sergey Beryozkin <sb...@gmail.com>.

Hi

There were some issues found with this method (was not working properly 
on some contexts, something like that). Message is a map so using a 
'put' method instead should fix it

Cheers, Sergey
On 25/08/15 04:55, Talkov, Roger wrote:
> I had Kerberos working using the dynamic client with the 3.0.4 release.
>
> I upgraded to 3.1.2 and got a compile error on the following line of
> code in my KerberosAuthSupplier:
>
> public class KerberosAuthSupplier extends AbstractSpnegoAuthSupplier
> implements HttpAuthSupplier
>
> in the getAuthorizationMethod I had the following line:
>
> message.setContextualProperty("auth.spnego.useKerberosOid", "true");
>
> with 3.1.2 this gets a compile error as the setContextualProperty method
> in no longer in the Messsage interface and is not public in MessageImpl.
>
> But AbstractSpnegoAuthSupplier references this property when setting up
> the OID, so how can I set this?
>
> I tried using reflection but when I invoke the operation I get an error,
> it works fine with 3.0.4
>
> Snippet of AbstractSpnegoAuthSupplier.java:
>
> public abstract class AbstractSpnegoAuthSupplier {
>
>      /**
>
>       * Can be set on the client properties. If set to true then the
> kerberos oid is used
>
>       * instead of the default spnego OID
>
>       */
>
>      private static final String PROPERTY_USE_KERBEROS_OID =
> "auth.spnego.useKerberosOid";
>
>      private static final String PROPERTY_REQUIRE_CRED_DELEGATION =
> "auth.spnego.requireCredDelegation";
>
>      private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
>
>      private static final String SPNEGO_OID = "1.3.6.1.5.5.2";
>
>      public String getAuthorization(AuthorizationPolicy authPolicy,
>
>                                     URI currentURI,
>
>                                     Message message) {
>
>          if
> (!HttpAuthHeader.AUTH_TYPE_NEGOTIATE.equals(authPolicy.getAuthorizationType()))
> {
>
>              return null;
>
>          }
>
>          try {
>
>              String spn = getCompleteServicePrincipalName(currentURI);
>
>              boolean useKerberosOid = MessageUtils.isTrue(
>
>                  message.getContextualProperty(PROPERTY_USE_KERBEROS_OID));
>
>              Oid oid = new Oid(useKerberosOid ? KERBEROS_OID : SPNEGO_OID);
>
>              byte[] token = getToken(authPolicy, spn, oid, message);
>
>              return HttpAuthHeader.AUTH_TYPE_NEGOTIATE + " " +
> Base64Utility.encode(token);
>
>          } catch (LoginException e) {
>
>              throw new RuntimeException(e.getMessage(), e);
>
>          } catch (GSSException e) {
>
>              throw new RuntimeException(e.getMessage(), e);
>
>          }
>
>      }
>
> Roger**Talkov
> Senior Software Engineer
> Roger.Talkov@automic.com
> +14256332568
> +14256332568
>
> *Come join us at***Automic World 2015 <http://www.automicworld.com/en>
> The Scottsdale Resort at McCormick Ranch
>
> http://1c9e30b70c73eb198123-9b11260827274175546df9d773dd515f.r87.cf2.rackcdn.com/AW_Email_Signature.png
> <http://1c9e30b70c73eb198123-9b11260827274175546df9d773dd515f.r87.cf2.rackcdn.com/AW_Email_Signature.png>
>
> Twitter: #AutomicWorld <http://ctt.ec/fG_Rr>
> Event Email: aw2015@automic.com <ma...@automic.com>
>
> This email (including any attachments) may contain information which is
> privileged, confidential, or protected. If you are not the intended
> recipient, note that any disclosure, copying, distribution, or use of
> the contents of this message and attached files is prohibited. If you
> have received this email in error, please notify the sender and delete
> this email and any attached files.


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/