[jboss-cvs] JBossAS SVN: r105223 - projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue May 25 12:50:47 EDT 2010
Author: darran.lofthouse at jboss.com
Date: 2010-05-25 12:50:47 -0400 (Tue, 25 May 2010)
New Revision: 105223
Modified:
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
Log:
[SECURITY-476] Allow return of user name without realm part for legacy applications.
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2010-05-25 16:47:38 UTC (rev 105222)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2010-05-25 16:50:47 UTC (rev 105223)
@@ -60,11 +60,15 @@
private static final String SPNEGO = "SPNEGO";
+ private static final String REMOVE_REALM_FROM_PRINCIPAL = "removeRealmFromPrincipal";
+
private static final Oid kerberos;
// TODO - Pick a name for a default domain?
private String serverSecurityDomain;
+ private boolean removeRealmFromPrincipal;
+
private LoginContext serverLoginContext = null;
private Principal identity = null;
@@ -86,9 +90,16 @@
final Map options)
{
super.initialize(subject, callbackHandler, sharedState, options);
+ String temp;
// Which security domain to authenticate the server.
serverSecurityDomain = (String) options.get("serverSecurityDomain");
log.debug("serverSecurityDomain=" + serverSecurityDomain);
+ temp = (String) options.get(REMOVE_REALM_FROM_PRINCIPAL);
+ removeRealmFromPrincipal = Boolean.valueOf(temp);
+ if (removeRealmFromPrincipal == false && principalClassName == null)
+ {
+ principalClassName = KerberosPrincipal.class.getName();
+ }
}
@Override
@@ -170,6 +181,20 @@
}
@Override
+ protected Principal createIdentity(final String username) throws Exception
+ {
+ if (removeRealmFromPrincipal)
+ {
+ return super.createIdentity(username.substring(0, username.indexOf("@")));
+ }
+ else
+ {
+ return super.createIdentity(username);
+ }
+
+ }
+
+ @Override
protected Group[] getRoleSets() throws LoginException
{
@@ -307,7 +332,7 @@
}
else
{
- identity = new KerberosPrincipal(gssContext.getSrcName().toString());
+ identity = createIdentity(gssContext.getSrcName().toString());
log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
More information about the jboss-cvs-commits
mailing list