Author: coheigea
Date: Wed Jan 4 11:59:42 2012
New Revision: 1227128
URL: http://svn.apache.org/viewvc?rev=1227128&view=rev
Log:
[WSS-332] - Make the Spnego Client and Service Actions pluggable on
SpnegoTokenContext
Added:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoClientAction.java
- copied, changed from r1226749,
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoServiceAction.java
- copied, changed from r1226749,
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoServiceAction.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoServiceAction.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java
Copied:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoClientAction.java
(from r1226749,
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java)
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoClientAction.java?p2=webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoClientAction.java&p1=webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java&r1=1226749&r2=1227128&rev=1227128&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoClientAction.java
Wed Jan 4 11:59:42 2012
@@ -19,8 +19,6 @@
package org.apache.ws.security.spnego;
-import java.security.PrivilegedAction;
-
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
@@ -31,18 +29,14 @@ import org.ietf.jgss.Oid;
* This class represents a PrivilegedAction implementation to obtain a
(SPNEGO) service ticket from a
* Kerberos Key Distribution Center.
*/
-public class SpnegoClientAction implements PrivilegedAction<byte[]> {
+public class DefaultSpnegoClientAction implements SpnegoClientAction {
private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(SpnegoClientAction.class);
+
org.apache.commons.logging.LogFactory.getLog(DefaultSpnegoClientAction.class);
private String serviceName;
private GSSContext secContext;
private boolean mutualAuth;
- public SpnegoClientAction(String serviceName) {
- this.serviceName = serviceName;
- }
-
/**
* Whether to enable mutual authentication or not.
*/
@@ -50,18 +44,26 @@ public class SpnegoClientAction implemen
mutualAuth = mutualAuthentication;
}
+ /**
+ * The Service Name
+ */
+ public void setServiceName(String serviceName) {
+ this.serviceName = serviceName;
+ }
+
+ /**
+ * Obtain a service ticket
+ */
public byte[] run() {
try {
- if (secContext == null) {
- GSSManager gssManager = GSSManager.getInstance();
- Oid oid = new Oid("1.3.6.1.5.5.2");
-
- GSSName gssService = gssManager.createName(serviceName,
GSSName.NT_HOSTBASED_SERVICE);
- secContext = gssManager.createContext(gssService, oid, null,
GSSContext.DEFAULT_LIFETIME);
-
- secContext.requestMutualAuth(mutualAuth);
- secContext.requestCredDeleg(Boolean.FALSE);
- }
+ GSSManager gssManager = GSSManager.getInstance();
+ Oid oid = new Oid("1.3.6.1.5.5.2");
+
+ GSSName gssService = gssManager.createName(serviceName,
GSSName.NT_HOSTBASED_SERVICE);
+ secContext = gssManager.createContext(gssService, oid, null,
GSSContext.DEFAULT_LIFETIME);
+
+ secContext.requestMutualAuth(mutualAuth);
+ secContext.requestCredDeleg(Boolean.FALSE);
byte[] token = new byte[0];
return secContext.initSecContext(token, 0, token.length);
@@ -74,6 +76,9 @@ public class SpnegoClientAction implemen
return null;
}
+ /**
+ * Get the GSSContext that was created after a service ticket was obtained
+ */
public GSSContext getContext() {
return secContext;
}
Copied:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoServiceAction.java
(from r1226749,
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoServiceAction.java)
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoServiceAction.java?p2=webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoServiceAction.java&p1=webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoServiceAction.java&r1=1226749&r2=1227128&rev=1227128&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoServiceAction.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/DefaultSpnegoServiceAction.java
Wed Jan 4 11:59:42 2012
@@ -19,8 +19,6 @@
package org.apache.ws.security.spnego;
-import java.security.PrivilegedAction;
-
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
@@ -28,31 +26,42 @@ import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
/**
- * This class represents a PrivilegedAction implementation to validate a
received (SPNEGO) ticket to a KDC.
+ * This class represents a PrivilegedAction implementation to validate a
received (SPNEGO) ticket
+ * to a KDC.
*/
-public class SpnegoServiceAction implements PrivilegedAction<byte[]> {
+public class DefaultSpnegoServiceAction implements SpnegoServiceAction {
private static org.apache.commons.logging.Log log =
-
org.apache.commons.logging.LogFactory.getLog(SpnegoServiceAction.class);
+
org.apache.commons.logging.LogFactory.getLog(DefaultSpnegoServiceAction.class);
private byte[] ticket;
private String serviceName;
private GSSContext secContext;
- public SpnegoServiceAction(byte[] ticket, String serviceName) {
+ /**
+ * Set the ticket to validate
+ */
+ public void setTicket(byte[] ticket) {
this.ticket = ticket;
+ }
+
+ /**
+ * The Service Name
+ */
+ public void setServiceName(String serviceName) {
this.serviceName = serviceName;
}
+ /**
+ * Validate a service ticket
+ */
public byte[] run() {
try {
- if (secContext == null) {
- GSSManager gssManager = GSSManager.getInstance();
- Oid oid = new Oid("1.3.6.1.5.5.2");
-
- GSSName gssService = gssManager.createName(serviceName,
GSSName.NT_HOSTBASED_SERVICE);
- secContext = gssManager.createContext(gssService, oid, null,
GSSContext.DEFAULT_LIFETIME);
- }
-
+ GSSManager gssManager = GSSManager.getInstance();
+ Oid oid = new Oid("1.3.6.1.5.5.2");
+
+ GSSName gssService = gssManager.createName(serviceName,
GSSName.NT_HOSTBASED_SERVICE);
+ secContext = gssManager.createContext(gssService, oid, null,
GSSContext.DEFAULT_LIFETIME);
+
return secContext.acceptSecContext(ticket, 0, ticket.length);
} catch (GSSException e) {
if (log.isDebugEnabled()) {
@@ -63,6 +72,9 @@ public class SpnegoServiceAction impleme
return null;
}
+ /**
+ * Get the GSSContext that was created after a service ticket was obtained
+ */
public GSSContext getContext() {
return secContext;
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java?rev=1227128&r1=1227127&r2=1227128&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoClientAction.java
Wed Jan 4 11:59:42 2012
@@ -22,60 +22,31 @@ package org.apache.ws.security.spnego;
import java.security.PrivilegedAction;
import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
/**
- * This class represents a PrivilegedAction implementation to obtain a
(SPNEGO) service ticket from a
- * Kerberos Key Distribution Center.
+ * This interface represents a PrivilegedAction implementation to obtain a
(SPNEGO) service ticket
+ * from a Kerberos Key Distribution Center.
*/
-public class SpnegoClientAction implements PrivilegedAction<byte[]> {
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(SpnegoClientAction.class);
-
- private String serviceName;
- private GSSContext secContext;
- private boolean mutualAuth;
-
- public SpnegoClientAction(String serviceName) {
- this.serviceName = serviceName;
- }
+public interface SpnegoClientAction extends PrivilegedAction<byte[]> {
/**
* Whether to enable mutual authentication or not.
*/
- public void setMutualAuth(boolean mutualAuthentication) {
- mutualAuth = mutualAuthentication;
- }
+ public void setMutualAuth(boolean mutualAuthentication);
- public byte[] run() {
- try {
- if (secContext == null) {
- GSSManager gssManager = GSSManager.getInstance();
- Oid oid = new Oid("1.3.6.1.5.5.2");
-
- GSSName gssService = gssManager.createName(serviceName,
GSSName.NT_HOSTBASED_SERVICE);
- secContext = gssManager.createContext(gssService, oid, null,
GSSContext.DEFAULT_LIFETIME);
-
- secContext.requestMutualAuth(mutualAuth);
- secContext.requestCredDeleg(Boolean.FALSE);
- }
-
- byte[] token = new byte[0];
- return secContext.initSecContext(token, 0, token.length);
- } catch (GSSException e) {
- if (log.isDebugEnabled()) {
- log.debug("Error in obtaining a Kerberos token", e);
- }
- }
+ /**
+ * The Service Name
+ */
+ public void setServiceName(String serviceName);
- return null;
- }
+ /**
+ * Obtain a service ticket
+ */
+ public byte[] run();
- public GSSContext getContext() {
- return secContext;
- }
+ /**
+ * Get the GSSContext that was created after a service ticket was obtained
+ */
+ public GSSContext getContext();
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoServiceAction.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoServiceAction.java?rev=1227128&r1=1227127&r2=1227128&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoServiceAction.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoServiceAction.java
Wed Jan 4 11:59:42 2012
@@ -22,49 +22,31 @@ package org.apache.ws.security.spnego;
import java.security.PrivilegedAction;
import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
/**
- * This class represents a PrivilegedAction implementation to validate a
received (SPNEGO) ticket to a KDC.
+ * This interface represents a PrivilegedAction implementation to validate a
received (SPNEGO)
+ * ticket to a KDC.
*/
-public class SpnegoServiceAction implements PrivilegedAction<byte[]> {
- private static org.apache.commons.logging.Log log =
-
org.apache.commons.logging.LogFactory.getLog(SpnegoServiceAction.class);
+public interface SpnegoServiceAction extends PrivilegedAction<byte[]> {
- private byte[] ticket;
- private String serviceName;
- private GSSContext secContext;
+ /**
+ * Set the ticket to validate
+ */
+ public void setTicket(byte[] ticket);
- public SpnegoServiceAction(byte[] ticket, String serviceName) {
- this.ticket = ticket;
- this.serviceName = serviceName;
- }
+ /**
+ * The Service Name
+ */
+ public void setServiceName(String serviceName);
- public byte[] run() {
- try {
- if (secContext == null) {
- GSSManager gssManager = GSSManager.getInstance();
- Oid oid = new Oid("1.3.6.1.5.5.2");
-
- GSSName gssService = gssManager.createName(serviceName,
GSSName.NT_HOSTBASED_SERVICE);
- secContext = gssManager.createContext(gssService, oid, null,
GSSContext.DEFAULT_LIFETIME);
- }
-
- return secContext.acceptSecContext(ticket, 0, ticket.length);
- } catch (GSSException e) {
- if (log.isDebugEnabled()) {
- log.debug("Error in obtaining a Kerberos token", e);
- }
- }
-
- return null;
- }
+ /**
+ * Validate a service ticket
+ */
+ public byte[] run();
- public GSSContext getContext() {
- return secContext;
- }
+ /**
+ * Get the GSSContext that was created after a service ticket was obtained
+ */
+ public GSSContext getContext();
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java?rev=1227128&r1=1227127&r2=1227128&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoTokenContext.java
Wed Jan 4 11:59:42 2012
@@ -43,6 +43,8 @@ public class SpnegoTokenContext {
private GSSContext secContext;
private byte[] token;
private boolean mutualAuth;
+ private SpnegoClientAction clientAction = new DefaultSpnegoClientAction();
+ private SpnegoServiceAction serviceAction = new
DefaultSpnegoServiceAction();
/**
* Retrieve a service ticket from a KDC using the Kerberos JAAS module,
and set it in this
@@ -91,16 +93,16 @@ public class SpnegoTokenContext {
}
// Get the service ticket
- SpnegoClientAction action = new SpnegoClientAction(serviceName);
- action.setMutualAuth(mutualAuth);
- token = (byte[])Subject.doAs(clientSubject, action);
+ clientAction.setServiceName(serviceName);
+ clientAction.setMutualAuth(mutualAuth);
+ token = (byte[])Subject.doAs(clientSubject, clientAction);
if (token == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "kerberosServiceTicketError"
);
}
- secContext = action.getContext();
+ secContext = clientAction.getContext();
if (LOG.isDebugEnabled()) {
LOG.debug("Successfully retrieved a service ticket");
}
@@ -160,10 +162,11 @@ public class SpnegoTokenContext {
}
// Validate the ticket
- SpnegoServiceAction action = new SpnegoServiceAction(ticket, service);
- token = (byte[])Subject.doAs(subject, action);
+ serviceAction.setTicket(ticket);
+ serviceAction.setServiceName(service);
+ token = (byte[])Subject.doAs(subject, serviceAction);
- secContext = action.getContext();
+ secContext = serviceAction.getContext();
if (LOG.isDebugEnabled()) {
LOG.debug("Successfully validated a service ticket");
}
@@ -228,6 +231,20 @@ public class SpnegoTokenContext {
}
}
+ /**
+ * Set a custom SpnegoClientAction implementation to use
+ */
+ public void setSpnegoClientAction(SpnegoClientAction spnegoClientAction) {
+ this.clientAction = spnegoClientAction;
+ }
+
+ /**
+ * Set a custom SpnegoServiceAction implementation to use
+ */
+ public void setSpnegoServiceAction(SpnegoServiceAction
spnegoServiceAction) {
+ this.serviceAction = spnegoServiceAction;
+ }
+
public void clear() {
token = null;
mutualAuth = false;
