[
https://issues.apache.org/jira/browse/QPIDJMS-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16096225#comment-16096225
]
ASF GitHub Bot commented on QPIDJMS-303:
----------------------------------------
Github user gemmellr commented on a diff in the pull request:
https://github.com/apache/qpid-jms/pull/10#discussion_r128747005
--- Diff:
qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/GssapiMechanism.java ---
@@ -0,0 +1,163 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.qpid.jms.sasl;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Implements the GSSAPI sasl authentication Mechanism.
+ */
+public class GssapiMechanism extends AbstractMechanism {
+
+ public static final String NAME = "GSSAPI";
+ private Subject subject;
+ private SaslClient saslClient;
+ private String protocol = "amqp";
+ private String server = null;
+ private String configScope = null;
+
+ // a gss/sasl service name, x@y, morphs to a krbPrincipal a/y@REALM
+
+ @Override
+ public int getPriority() {
+ return PRIORITY.LOW.getValue();
+ }
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ @Override
+ public byte[] getInitialResponse() throws SaslException {
+ try {
+ LoginContext loginContext = null;
+ if (configScope != null) {
+ loginContext = new LoginContext(configScope);
+ } else {
+ // inline keytab config using user as principal
+ loginContext = new LoginContext("", null, null,
+ kerb5InlineConfig(getUsername(), true));
+ }
+ loginContext.login();
+ subject = loginContext.getSubject();
+
+ return Subject.doAs(subject, new
PrivilegedExceptionAction<byte[]>() {
+
+ @Override
+ public byte[] run() throws Exception {
+ saslClient = Sasl.createSaslClient(new
String[]{getName()}, null, protocol, server, null, null);
--- End diff --
Referencing the constant rather than using getName() might be clearer.
> Add support for SASL GSSAPI Kerberos mechanism
> ----------------------------------------------
>
> Key: QPIDJMS-303
> URL: https://issues.apache.org/jira/browse/QPIDJMS-303
> Project: Qpid JMS
> Issue Type: Bug
> Components: qpid-jms-client
> Reporter: Gary Tully
>
> It would be great to be able to authenticate using kerberos credentials using
> the SASL GSSAPI mechanism.
> Authentication would be sufficient leaving TLS to do encryption of the
> channel if that is necessary.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
