Repository: cxf Updated Branches: refs/heads/3.0.x-fixes ce0c48bbb -> 66eac9bc0
Backporting Kerberos patch Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/66eac9bc Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/66eac9bc Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/66eac9bc Branch: refs/heads/3.0.x-fixes Commit: 66eac9bc09a59a9781022886f02477f2d2ed0d09 Parents: ce0c48b Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Sep 7 11:09:28 2015 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Sep 7 11:09:28 2015 +0100 ---------------------------------------------------------------------- .../http/auth/AbstractSpnegoAuthSupplier.java | 37 +++++++++++++++++--- 1 file changed, 33 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/66eac9bc/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java ---------------------------------------------------------------------- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java index 713b55c..a59a6bf 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.transport.http.auth; +import java.net.InetAddress; import java.net.URI; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; @@ -62,6 +63,7 @@ public abstract class AbstractSpnegoAuthSupplier { private boolean credDelegation; private Configuration loginConfig; private Oid serviceNameType; + private boolean useCanonicalHostname; public String getAuthorization(AuthorizationPolicy authPolicy, URI currentURI, @@ -154,8 +156,17 @@ public abstract class AbstractSpnegoAuthSupplier { } protected String getCompleteServicePrincipalName(URI currentURI) { - String name = servicePrincipalName == null - ? "HTTP/" + currentURI.getHost() : servicePrincipalName; + String name; + + if (servicePrincipalName == null) { + String host = currentURI.getHost(); + if (useCanonicalHostname) { + host = getCanonicalHostname(host); + } + name = "HTTP/" + host; + } else { + name = servicePrincipalName; + } if (realm != null) { name += "@" + realm; } @@ -163,10 +174,20 @@ public abstract class AbstractSpnegoAuthSupplier { LOG.fine("Service Principal Name is " + name); } return name; - - } + private String getCanonicalHostname(String hostname) { + String canonicalHostname = hostname; + try { + InetAddress in = InetAddress.getByName(hostname); + canonicalHostname = in.getCanonicalHostName(); + LOG.fine("resolved hostname=" + hostname + " to canonicalHostname=" + canonicalHostname); + } catch (Exception e) { + LOG.log(Level.WARNING, "unable to resolve canonical hostname", e); + } + return canonicalHostname; + } + public void setServicePrincipalName(String servicePrincipalName) { this.servicePrincipalName = servicePrincipalName; } @@ -175,6 +196,14 @@ public abstract class AbstractSpnegoAuthSupplier { this.realm = realm; } + public boolean isUseCanonicalHostname() { + return useCanonicalHostname; + } + + public void setUseCanonicalHostname(boolean useCanonicalHostname) { + this.useCanonicalHostname = useCanonicalHostname; + } + private final class CreateServiceTicketAction implements PrivilegedExceptionAction<byte[]> { private final GSSContext context; private final byte[] token;