[jboss-cvs] JBossAS SVN: r114582 - projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Dec 10 08:23:02 EST 2013
Author: tfonteyn
Date: 2013-12-10 08:23:01 -0500 (Tue, 10 Dec 2013)
New Revision: 114582
Modified:
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
Log:
[SECURITY-772] SPNEGOLoginModule does not always respect removeRealmFromPrincipal - it does now
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2013-12-10 10:16:19 UTC (rev 114581)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2013-12-10 13:23:01 UTC (rev 114582)
@@ -40,6 +40,7 @@
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.jboss.security.SimpleGroup;
@@ -319,6 +320,7 @@
{
private final NegotiationContext negotiationContext;
+ private boolean DEBUG = log.isDebugEnabled();
public AcceptSecContext(final NegotiationContext negotiationContext)
{
@@ -326,8 +328,7 @@
}
public Object run()
- {
- boolean DEBUG = log.isDebugEnabled();
+ {
try
{
// The message type will have already been checked before this point so we know it is
@@ -404,20 +405,7 @@
if (gssContext.isEstablished())
{
log.warn("Authentication was performed despite already being authenticated!");
-
- // TODO - Refactor to only do this once.
- setIdentity(new KerberosPrincipal(gssContext.getSrcName().toString()));
-
- if (DEBUG)
- {
- log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
- log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
- log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
- }
-
- negotiationContext.setAuthenticationMethod(SPNEGO);
- negotiationContext.setAuthenticated(true);
-
+ processIdentity(gssContext);
return Boolean.TRUE;
}
@@ -447,18 +435,7 @@
}
else
{
- setIdentity(createIdentity(gssContext.getSrcName().toString()));
-
- if (DEBUG)
- {
- log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
- log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
- log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
- }
-
- // TODO - Get these two in synch - maybe isAuthenticated based on an authentication method been set?
- negotiationContext.setAuthenticationMethod(SPNEGO);
- negotiationContext.setAuthenticated(true);
+ processIdentity(gssContext);
return Boolean.TRUE;
}
@@ -469,5 +446,20 @@
}
}
+
+ private void processIdentity(GSSContext gssContext) throws GSSException, Exception
+ {
+ setIdentity(createIdentity(gssContext.getSrcName().toString()));
+
+ if (DEBUG)
+ {
+ log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
+ log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
+ log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
+ }
+
+ negotiationContext.setAuthenticationMethod(SPNEGO);
+ negotiationContext.setAuthenticated(true);
+ }
}
}
More information about the jboss-cvs-commits
mailing list