[jboss-cvs] JBossAS SVN: r114814 - in projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360: jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu May 15 20:52:57 EDT 2014
Author: dehort
Date: 2014-05-15 20:52:57 -0400 (Thu, 15 May 2014)
New Revision: 114814
Modified:
projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java
projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/NegotiationContext.java
projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
Log:
Backport SECURITY-826
Modified: projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java
===================================================================
--- projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java 2014-05-16 00:51:26 UTC (rev 114813)
+++ projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java 2014-05-16 00:52:57 UTC (rev 114814)
@@ -153,6 +153,7 @@
throw new IOException("Invalid 'Authorization' header.");
}
+ boolean isContinuationRequired = false;
String authTokenBase64 = authHeader.substring(negotiateScheme.length() + 1);
byte[] authToken = Base64.decode(authTokenBase64);
ByteArrayInputStream authTokenIS = new ByteArrayInputStream(authToken);
@@ -218,15 +219,24 @@
}
finally
{
+ isContinuationRequired = negotiationContext.isContinuationRequired();
+
// Clear the headers and remove the ThreadLocal association.
negotiationContext.clear();
}
if (principal == null)
{
- // Instead of returning a 401 here...attempt to fallback to form, otherwise return a 401
- log.debug("SPNEGO based authentication failed...initiating negotiation");
- initiateNegotiation(request, response, config);
+ if( isContinuationRequired ) {
+ log.debug("Continuation required...sendError(SC_UNAUTHORIZED)");
+ response.sendError(Response.SC_UNAUTHORIZED);
+ }
+ else {
+ // Instead of returning a 401 here...attempt to fallback to form, otherwise return a 401
+ log.debug("SPNEGO based authentication failed...initiating negotiation");
+ initiateNegotiation(request, response, config);
+ }
+
}
else
{
Modified: projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/NegotiationContext.java
===================================================================
--- projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/NegotiationContext.java 2014-05-16 00:51:26 UTC (rev 114813)
+++ projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/NegotiationContext.java 2014-05-16 00:52:57 UTC (rev 114814)
@@ -52,6 +52,8 @@
private Object schemeContext = null;
+ private boolean continuationRequired = false;
+
public static NegotiationContext getCurrentNegotiationContext()
{
return negotiationContext.get();
@@ -73,6 +75,7 @@
log.trace("clear " + this.hashCode());
requestMessage = null;
responseMessage = null;
+ continuationRequired = false;
negotiationContext.remove();
}
@@ -136,4 +139,13 @@
this.schemeContext = schemeContext;
}
+ public boolean isContinuationRequired()
+ {
+ return continuationRequired;
+ }
+
+ public void setContinuationRequired(boolean continuationRequired)
+ {
+ this.continuationRequired = continuationRequired;
+ }
}
Modified: projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2014-05-16 00:51:26 UTC (rev 114813)
+++ projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final-bz-1098360/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2014-05-16 00:52:57 UTC (rev 114814)
@@ -178,6 +178,12 @@
}
else
{
+ NegotiationContext negotiationContext = NegotiationContext.getCurrentNegotiationContext();
+ if (negotiationContext != null) {
+ log.debug("NegotiationContext.setContinuationRequired(true)");
+ negotiationContext.setContinuationRequired(true);
+ }
+
throw new LoginException("Continuation Required.");
}
More information about the jboss-cvs-commits
mailing list