You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/09/04 15:14:19 UTC
svn commit: r1622471 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/
ws-security-common/src/main/java/org/apache/wss4j/common/spnego/
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/ ws...
Author: coheigea
Date: Thu Sep 4 13:14:19 2014
New Revision: 1622471
URL: http://svn.apache.org/r1622471
Log:
Consolidating Kerberos + SPNEGO code
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosClientExceptionAction.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceAction.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceContext.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceExceptionAction.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/spnego/SpnegoTokenContext.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosClientExceptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosClientExceptionAction.java?rev=1622471&r1=1622470&r2=1622471&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosClientExceptionAction.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosClientExceptionAction.java Thu Sep 4 13:14:19 2014
@@ -50,48 +50,63 @@ public class KerberosClientExceptionActi
private static final String IBM_JGSS_INQUIRE_TYPE_CLASS = "com.ibm.security.jgss.InquireType";
private static final String IBM_JGSS_EXT_GSSCTX_CLASS = "com.ibm.security.jgss.ExtendedGSSContext";
+ private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+ private static final String JGSS_SPNEGO_TICKET_OID = "1.3.6.1.5.5.2";
+
private Principal clientPrincipal;
private String serviceName;
private boolean isUsernameServiceNameForm;
private boolean requestCredDeleg;
private GSSCredential delegatedCredential;
+ private boolean spnego;
+ private boolean mutualAuth;
public KerberosClientExceptionAction(Principal clientPrincipal, String serviceName,
boolean isUsernameServiceNameForm, boolean requestCredDeleg) {
- this(clientPrincipal, serviceName, isUsernameServiceNameForm, requestCredDeleg, null);
+ this(clientPrincipal, serviceName, isUsernameServiceNameForm,
+ requestCredDeleg, null, false, false);
}
public KerberosClientExceptionAction(Principal clientPrincipal, String serviceName,
boolean isUsernameServiceNameForm, boolean requestCredDeleg,
- GSSCredential delegatedCredential) {
+ GSSCredential delegatedCredential,
+ boolean spnego, boolean mutualAuth) {
this.clientPrincipal = clientPrincipal;
this.serviceName = serviceName;
this.isUsernameServiceNameForm = isUsernameServiceNameForm;
this.requestCredDeleg = requestCredDeleg;
this.delegatedCredential = delegatedCredential;
+ this.spnego = spnego;
+ this.mutualAuth = mutualAuth;
}
public KerberosContext run() throws GSSException, WSSecurityException {
GSSManager gssManager = GSSManager.getInstance();
- Oid kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
-
+ GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm
+ ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
+ Oid oid = null;
GSSCredential credentials = delegatedCredential;
- if (credentials == null) {
- GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
- credentials =
- gssManager.createCredential(
- gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
- );
+ if (spnego) {
+ oid = new Oid(JGSS_SPNEGO_TICKET_OID);
+ } else {
+ oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+
+ if (credentials == null) {
+ GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
+ credentials =
+ gssManager.createCredential(
+ gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY
+ );
+ }
}
- GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
GSSContext secContext =
gssManager.createContext(
- gssService, kerberos5Oid, credentials, GSSContext.DEFAULT_LIFETIME
+ gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME
);
- secContext.requestMutualAuth(false);
+ secContext.requestMutualAuth(mutualAuth);
secContext.requestCredDeleg(requestCredDeleg);
byte[] token = new byte[0];
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceAction.java?rev=1622471&r1=1622470&r2=1622471&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceAction.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceAction.java Thu Sep 4 13:14:19 2014
@@ -46,7 +46,8 @@ public class KerberosServiceAction imple
public Principal run() {
try {
KerberosServiceExceptionAction action =
- new KerberosServiceExceptionAction(this.ticket, this.serviceName, this.isUsernameServiceNameForm);
+ new KerberosServiceExceptionAction(this.ticket, this.serviceName,
+ this.isUsernameServiceNameForm, false);
KerberosServiceContext krbServiceCtx = action.run();
return krbServiceCtx.getPrincipal();
} catch (Exception e) {
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceContext.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceContext.java?rev=1622471&r1=1622470&r2=1622471&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceContext.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceContext.java Thu Sep 4 13:14:19 2014
@@ -21,6 +21,7 @@ package org.apache.wss4j.common.kerberos
import java.security.Key;
import java.security.Principal;
+import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
@@ -29,6 +30,8 @@ public class KerberosServiceContext {
private Principal principal;
private Key sessionKey;
private GSSCredential delegationCredential;
+ private GSSContext gssContext;
+ private byte[] kerberosToken;
/**
* @return the principal
@@ -65,5 +68,21 @@ public class KerberosServiceContext {
public void setDelegationCredential(GSSCredential delegationCredential) {
this.delegationCredential = delegationCredential;
}
+
+ public GSSContext getGssContext() {
+ return gssContext;
+ }
+
+ public void setGssContext(GSSContext gssContext) {
+ this.gssContext = gssContext;
+ }
+
+ public byte[] getKerberosToken() {
+ return kerberosToken;
+ }
+
+ public void setKerberosToken(byte[] kerberosToken) {
+ this.kerberosToken = kerberosToken;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceExceptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceExceptionAction.java?rev=1622471&r1=1622470&r2=1622471&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceExceptionAction.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/kerberos/KerberosServiceExceptionAction.java Thu Sep 4 13:14:19 2014
@@ -52,17 +52,21 @@ public class KerberosServiceExceptionAct
private static final String EXTENDED_JGSS_CONTEXT_INQUIRE_TYPE_KRB5_GET_SESSION_KEY = "KRB5_GET_SESSION_KEY";
private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+ private static final String JGSS_SPNEGO_TICKET_OID = "1.3.6.1.5.5.2";
private static final String KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID = "kerberosTicketValidationError";
private byte[] ticket;
private String serviceName;
private boolean isUsernameServiceNameForm;
+ private boolean spnego;
- public KerberosServiceExceptionAction(byte[] ticket, String serviceName, boolean isUsernameServiceNameForm) {
+ public KerberosServiceExceptionAction(byte[] ticket, String serviceName, boolean isUsernameServiceNameForm,
+ boolean spnego) {
this.ticket = ticket;
this.serviceName = serviceName;
this.isUsernameServiceNameForm = isUsernameServiceNameForm;
+ this.spnego = spnego;
}
@@ -73,19 +77,25 @@ public class KerberosServiceExceptionAct
GSSManager gssManager = GSSManager.getInstance();
- Oid kerberos5Oid = new Oid(JGSS_KERBEROS_TICKET_OID);
- GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
- GSSCredential credentials =
- gssManager.createCredential(
- gssService, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.ACCEPT_ONLY
- );
+ GSSContext secContext = null;
+ GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm
+ ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
+ if (spnego) {
+ Oid oid = new Oid(JGSS_SPNEGO_TICKET_OID);
+ secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);
+ } else {
+ Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+ GSSCredential credentials =
+ gssManager.createCredential(
+ gssService, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.ACCEPT_ONLY
+ );
+ secContext = gssManager.createContext(credentials);
+ }
KerberosServiceContext krbServiceCtx = null;
- GSSContext secContext = null;
try{
- secContext = gssManager.createContext(credentials);
- secContext.acceptSecContext(ticket, 0, ticket.length);
+ byte[] returnedToken = secContext.acceptSecContext(ticket, 0, ticket.length);
krbServiceCtx = new KerberosServiceContext();
@@ -95,6 +105,8 @@ public class KerberosServiceExceptionAct
GSSName clientName = secContext.getSrcName();
krbServiceCtx.setPrincipal(new KerberosPrincipal(clientName.toString()));
+ krbServiceCtx.setGssContext(secContext);
+ krbServiceCtx.setKerberosToken(returnedToken);
if (!isJava5Or6 && (isOracleJavaVendor || isIBMJavaVendor)) {
try {
@@ -134,7 +146,7 @@ public class KerberosServiceExceptionAct
}
}
} finally {
- if (null != secContext) {
+ if (null != secContext && !spnego) {
secContext.dispose();
}
}
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/spnego/SpnegoTokenContext.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/spnego/SpnegoTokenContext.java?rev=1622471&r1=1622470&r2=1622471&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/spnego/SpnegoTokenContext.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/spnego/SpnegoTokenContext.java Thu Sep 4 13:14:19 2014
@@ -20,6 +20,7 @@
package org.apache.wss4j.common.spnego;
import java.security.Principal;
+import java.security.PrivilegedActionException;
import java.util.Set;
import javax.security.auth.Subject;
@@ -28,7 +29,13 @@ import javax.security.auth.login.LoginCo
import javax.security.auth.login.LoginException;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.ext.WSSecurityException.ErrorCode;
+import org.apache.wss4j.common.kerberos.KerberosClientExceptionAction;
+import org.apache.wss4j.common.kerberos.KerberosContext;
+import org.apache.wss4j.common.kerberos.KerberosServiceContext;
+import org.apache.wss4j.common.kerberos.KerberosServiceExceptionAction;
import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;
@@ -43,8 +50,10 @@ public class SpnegoTokenContext {
private GSSContext secContext;
private byte[] token;
private boolean mutualAuth;
- private SpnegoClientAction clientAction = new DefaultSpnegoClientAction();
- private SpnegoServiceAction serviceAction = new DefaultSpnegoServiceAction();
+ private SpnegoClientAction clientAction;
+ private SpnegoServiceAction serviceAction;
+ private GSSCredential delegationCredential;
+ private Principal spnegoPrincipal;
/**
* Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
@@ -78,6 +87,29 @@ public class SpnegoTokenContext {
String serviceName,
boolean isUsernameServiceNameForm
) throws WSSecurityException {
+ retrieveServiceTicket(jaasLoginModuleName, callbackHandler, serviceName,
+ isUsernameServiceNameForm, false, null);
+ }
+
+ /**
+ * Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
+ * BinarySecurityToken.
+ * @param jaasLoginModuleName the JAAS Login Module name to use
+ * @param callbackHandler a CallbackHandler instance to retrieve a password (optional)
+ * @param serviceName the desired Kerberized service
+ * @param serviceNameForm
+ * @param requestCredDeleg Whether to request credential delegation or not
+ * @param delegationCredential The delegation credential to use
+ * @throws WSSecurityException
+ */
+ public void retrieveServiceTicket(
+ String jaasLoginModuleName,
+ CallbackHandler callbackHandler,
+ String serviceName,
+ boolean isUsernameServiceNameForm,
+ boolean requestCredDeleg,
+ GSSCredential delegationCredential
+ ) throws WSSecurityException {
// Get a TGT from the KDC using JAAS
LoginContext loginContext = null;
@@ -112,17 +144,50 @@ public class SpnegoTokenContext {
}
// Get the service ticket
- clientAction.setServiceName(serviceName);
- clientAction.setMutualAuth(mutualAuth);
- clientAction.setUserNameServiceForm(isUsernameServiceNameForm);
- token = Subject.doAs(clientSubject, clientAction);
- if (token == null) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, "kerberosServiceTicketError"
- );
+ if (clientAction != null) {
+ clientAction.setServiceName(serviceName);
+ clientAction.setMutualAuth(mutualAuth);
+ clientAction.setUserNameServiceForm(isUsernameServiceNameForm);
+ token = Subject.doAs(clientSubject, clientAction);
+ if (token == null) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, "kerberosServiceTicketError"
+ );
+ }
+
+ secContext = clientAction.getContext();
+ } else {
+ KerberosClientExceptionAction action =
+ new KerberosClientExceptionAction(null, serviceName,
+ isUsernameServiceNameForm,
+ requestCredDeleg,
+ delegationCredential,
+ true,
+ mutualAuth);
+ KerberosContext krbCtx = null;
+ try {
+ krbCtx = (KerberosContext) Subject.doAs(clientSubject, action);
+
+ token = krbCtx.getKerberosToken();
+ if (token == null) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, "kerberosServiceTicketError"
+ );
+ }
+
+ secContext = krbCtx.getGssContext();
+ } catch (PrivilegedActionException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof WSSecurityException) {
+ throw (WSSecurityException) cause;
+ } else {
+ throw new WSSecurityException(
+ ErrorCode.FAILURE, "kerberosServiceTicketError", new Object[] {}, cause
+ );
+ }
+ }
}
- secContext = clientAction.getContext();
if (LOG.isDebugEnabled()) {
LOG.debug("Successfully retrieved a service ticket");
}
@@ -198,16 +263,45 @@ public class SpnegoTokenContext {
}
// Validate the ticket
- serviceAction.setTicket(ticket);
- serviceAction.setServiceName(service);
- serviceAction.setUsernameServiceNameForm(isUsernameServiceNameForm);
- token = Subject.doAs(subject, serviceAction);
+ if (serviceAction != null) {
+ serviceAction.setTicket(ticket);
+ serviceAction.setServiceName(service);
+ serviceAction.setUsernameServiceNameForm(isUsernameServiceNameForm);
+ token = Subject.doAs(subject, serviceAction);
+ secContext = serviceAction.getContext();
+ } else {
+ KerberosServiceExceptionAction action =
+ new KerberosServiceExceptionAction(ticket, service,
+ isUsernameServiceNameForm, true);
+ KerberosServiceContext krbCtx = null;
+ try {
+ krbCtx = (KerberosServiceContext) Subject.doAs(subject, action);
+
+ token = krbCtx.getKerberosToken();
+ if (token == null) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, "kerberosServiceTicketError"
+ );
+ }
+
+ secContext = krbCtx.getGssContext();
+ delegationCredential = krbCtx.getDelegationCredential();
+ spnegoPrincipal = krbCtx.getPrincipal();
+ } catch (PrivilegedActionException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof WSSecurityException) {
+ throw (WSSecurityException) cause;
+ } else {
+ throw new WSSecurityException(
+ ErrorCode.FAILURE, "kerberosServiceTicketError", new Object[] {}, cause
+ );
+ }
+ }
+ }
- secContext = serviceAction.getContext();
if (LOG.isDebugEnabled()) {
LOG.debug("Successfully validated a service ticket");
}
-
}
/**
@@ -285,6 +379,8 @@ public class SpnegoTokenContext {
public void clear() {
token = null;
mutualAuth = false;
+ delegationCredential = null;
+ spnegoPrincipal = null;
try {
secContext.dispose();
} catch (GSSException e) {
@@ -293,5 +389,13 @@ public class SpnegoTokenContext {
}
}
}
-
+
+ public GSSCredential getDelegationCredential() {
+ return delegationCredential;
+ }
+
+ public Principal getSpnegoPrincipal() {
+ return spnegoPrincipal;
+ }
+
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java?rev=1622471&r1=1622470&r2=1622471&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java Thu Sep 4 13:14:19 2014
@@ -221,7 +221,7 @@ public class KerberosSecurity extends Bi
KerberosClientExceptionAction action =
new KerberosClientExceptionAction(clientPrincipals.iterator().next(), serviceName,
isUsernameServiceNameForm, requestCredDeleg,
- delegatedCredential);
+ delegatedCredential, false, false);
KerberosContext krbCtx = null;
try {
krbCtx = (KerberosContext) Subject.doAs(clientSubject, action);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java?rev=1622471&r1=1622470&r2=1622471&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java Thu Sep 4 13:14:19 2014
@@ -52,6 +52,7 @@ public class KerberosTokenValidator impl
private String contextName;
private KerberosTokenDecoder kerberosTokenDecoder;
private boolean isUsernameServiceNameForm;
+ private boolean spnego;
/**
* Get the JAAS Login context name to use.
@@ -192,7 +193,9 @@ public class KerberosTokenValidator impl
}
// Validate the ticket
- KerberosServiceExceptionAction action = new KerberosServiceExceptionAction(token, service, isUsernameServiceNameForm());
+ KerberosServiceExceptionAction action =
+ new KerberosServiceExceptionAction(token, service,
+ isUsernameServiceNameForm(), spnego);
KerberosServiceContext krbServiceCtx = null;
try {
krbServiceCtx = Subject.doAs(subject, action);
@@ -279,4 +282,12 @@ public class KerberosTokenValidator impl
public void setUsernameServiceNameForm(boolean isUsernameServiceNameForm) {
this.isUsernameServiceNameForm = isUsernameServiceNameForm;
}
+
+ public boolean isSpnego() {
+ return spnego;
+ }
+
+ public void setSpnego(boolean spnego) {
+ this.spnego = spnego;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java?rev=1622471&r1=1622470&r2=1622471&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java Thu Sep 4 13:14:19 2014
@@ -102,9 +102,11 @@ public class KerberosServiceSecurityToke
service = principals.iterator().next().getName();
}
- KerberosServiceExceptionAction action = new KerberosServiceExceptionAction(binaryContent,
- service,
- contextAndServiceNameCallback.isUsernameServiceNameForm());
+ KerberosServiceExceptionAction action =
+ new KerberosServiceExceptionAction(binaryContent,
+ service,
+ contextAndServiceNameCallback.isUsernameServiceNameForm(),
+ false);
KerberosServiceContext krbServiceCtx= null;
try {
krbServiceCtx = Subject.doAs(subject, action);